security curmudgeon jericho at attrition.org
Thu Sep 2 21:11:01 CDT 2010

On Thu, 2 Sep 2010, George A. Theall wrote:

: I was looking through a list of security issues in DB2 that IBM recently 
: patched (http://www-01.ibm.com/support/docview.wss?uid=swg21432298) and 
: cross-referencing APARS against CVEs and OSVDBs. I didn't see any 
: mention of the issues IBM labels "SECURITY APAR: MODIFIED SQL DATA table 
: function is not dropped when definer loses required privileges to 
: maintain the objects." (APARs IZ46773, IZ46774, IC63548). All the other 
: issues appear to be covered. Was this missed?

OSVDB 58477

Despite being "recently patched" in one version of DB2, it goes back to 
2009-09-28 for the first time we saw a reference to it. The first two 
APARs are associated with it, the last was not. I will add it now.


More information about the VIM mailing list