[VIM] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch

Steven M. Christey coley at linus.mitre.org
Sat Nov 20 15:24:48 CST 2010

I think we caught this confusion before we created CVE-2010-4010, and we 
clarified by email with Apple that these weren't dupes.  We inferred that 
the Apple advisory archives had been modified to use the new CVE.

- Steve

On Fri, 19 Nov 2010, George A. Theall wrote:

> Core Security's advisory recent Mac OS X advisory 
> (http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch) 
> seems to be creating confusion. For example, there's this entry in their 
> timeline:
> "2010-11-11: Apple informs Core that due to a clerical error they used the 
> identifier CVE-2010-1797 for their advisory, instead of CVE-2010-4010. "
> Fortunately, this doesn't seem to have introduced any problems with the two 
> CVE entries themselves. Had you noticed this, Steve?
> SecurityFocus, though, has two BIDs that seem to be for CVE-2010-4010 -- BID 
> 44729 created last week and BID 44984 created today. Rob?
> George
> -- 
> theall at tenablesecurity.com

More information about the VIM mailing list