[VIM] Clarification on xfs CVE's
Steven M. Christey
coley at mitre.org
Fri Oct 5 20:49:30 UTC 2007
As of right now, this is my understanding of the CVE's associated with
the xfs issues. This was a complicated issue pre-disclosure that
didn't get resolved until after some initial announcements. I hope
it's resolved, anyway :)
CVE-2007-4989 and CVE-2007-4990 were originally reserved by iDefense
from me. CVE-2007-4568 was separately assigned by the Red Hat CNA
to both build_range and swap_char2b because they were both regarded
as integer overflows, so I deferred to Red Hat and suggested to
vendor-sec that CVE-2007-4989 and CVE-2007-4990 should be regarded
as dupes. However, subsequent discussion suggested that swap_char2b
is not an integer overflow, but by the time this conclusion was
released, CVE-2007-4568 had already been included in several
disclosures. So, CVE-2007-4990 was used to handle swap_char2b.
This is why some disclosures only have CVE-2007-4568, and others list
all three CVEs.
At this moment, I have:
CVE-2007-4568 - build_range integer overflow
CVE-2007-4989 - REJECT as dupe of 4568
CVE-2007-4990 - swap_char2b "heap corruption"
More information about the VIM