[VIM] CVE-2007-5324 (IBM DB2JDS overflows) is a dupe of CVE-2007-2582

George A. Theall theall at tenablesecurity.com
Sat Oct 13 01:26:01 UTC 2007

On 10/12/07 20:21, Steven M. Christey wrote:

> ZDI recently confirmed to me that the IBM DB2JDS overflows they just
> reported are already covered by CVE-2007-2582.  The link between the
> two is APAR IY97750, which was vaguely written in the initial
> disclosure, but it's the proper fix for the ZDI overflows.

Ah, thanks for pointing that out.

What about the denial of service issues ZDI also reported (invalid LANG 
parameter and MemTree overflow)? Neither is mentioned in IY97750, and I 
couldn't find them in the list of APARs IBM claimed were addressed by 
8.1 FixPak 15.

theall at tenablesecurity.com

More information about the VIM mailing list