security curmudgeon jericho at attrition.org
Thu Sep 2 21:12:00 CDT 2010

: : I was looking through a list of security issues in DB2 that IBM recently 
: : patched (http://www-01.ibm.com/support/docview.wss?uid=swg21432298) and 
: : cross-referencing APARS against CVEs and OSVDBs. I didn't see any 
: : mention of the issues IBM labels "SECURITY APAR: MODIFIED SQL DATA table 
: : function is not dropped when definer loses required privileges to 
: : maintain the objects." (APARs IZ46773, IZ46774, IC63548). All the other 
: : issues appear to be covered. Was this missed?
: OSVDB 58477
: Despite being "recently patched" in one version of DB2, it goes back to 
: 2009-09-28 for the first time we saw a reference to it. The first two 
: APARs are associated with it, the last was not. I will add it now.

Correction. The first two were associated via reference, the third was 
added as a keyword (missed in a reference search). Standardizing so it is 
a reference as well.


More information about the VIM mailing list