[VIM] HP / OfO vulnerability question
Morris, John R. (SSRT)
john.morris at hp.com
Mon Jul 27 12:56:07 UTC 2009
Hello Brian,
Oracle for Openview (OfO) is Oracle. The only special characteristic of OfO is that HP provided it in a package with Openview. We issued a Security Bulletin for OfO because there may have been customers who did not have support contracts with Oracle and could only get updates from HP. The purpose of the Security Bulletin was to inform customers how to get the Oracle Critical Patch Updates.
We no longer update the Security Bulletin. HPSBMA02133 SSRT061201 rev.9 says:
==============
RESOLUTION
Note: This will be the last revision of this Security Bulletin. Customers should monitor the Oracle site for future Critical Patch Updates. The schedule for future Oracle Critical Patch Updates is available here: http://www.oracle.com/technology/deploy/security/alerts.htm
===============
HP did not request Mitre to assign a CVE. However, we did reference the CVE that Mitre assigned independently.
Yours truly,
John
john.morris at hp.com
HP Software Security Response Team (SSRT)
-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Monday, July 27, 2009 4:33 AM
To: security-alert
Cc: Vulnerability Information Managers
Subject: HP / OfO vulnerability question
Hello HP,
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143
This references CVE-2008-1666, which is not reference in the cpujul2008 Oracle update. Would you please clarify if this CVE identifier covers a vulnerability specific to OfO, or if this bulletin only covers vulnerabilities in the cpujul2008 advisory?
Thank you,
Brian
OSVDB.org
More information about the VIM
mailing list