[VIM] Oracle CPU Jan 2009 Advisories. (fwd)
jericho at attrition.org
Fri Jan 16 00:40:11 UTC 2009
Per the researcher, two of his three advisories do not correspond to the
---------- Forwarded message ----------
From: Alexandr Polyakov
To: security curmudgeon <jericho at attrition.org>
Date: Thu, 15 Jan 2009 18:50:45 +0300
Subject: Re: Oracle CPU Jan 2009 Advisories.
> Hi Alexandr,
> : Advisories for Oracle CPU January 2009 vulnerabilities Attached.
> Do you know which CVE these correspond with?
this advisories is under the Security-In-Depth program and they will be
fixed in future releases but not so critical to make a patch in this CPU.
Oracle says: "I would like to clarify that the bug has been fixed in the
future release of WLS. We do not plan to include this fix in a CPU as the
issue reported was a problem in a sample application and we do not believe
that presents a vulnerability for production applications."
So Oracle said that we can disclosure this advisories now.
Information Security Analyst
More information about the VIM