[VIM] Why are SE38042 and SE38043 APARs related to security?

Steven M. Christey coley at linus.mitre.org
Thu Jun 11 20:27:35 UTC 2009

Could anybody explain to me why Secunia, Vupen, SecurityFocus, and ISS all
created vulnerability database entries for APARs SE38042/SE38043 when
neither of these APARs mentions anything about security at all?  I don't
see any ties to any "parent" document that says these are security

Am I missing something obvious?  We only have two APAR's of the form
"SEnnnnn" in all of CVE.

We're going to create a CVE for it since everybody else is talking about
it, but it makes me really queasy.  We all have enough problems without
labeling references as security issues when they don't even use the word,
where the only content is "XML Update."

Thanks for any clarification,

More information about the VIM mailing list