[VIM] Question regarding ZDI-12-017's CVE

security curmudgeon jericho at attrition.org
Mon Jun 11 13:55:49 CDT 2012

On Mon, 11 Jun 2012, ZDI Disclosures wrote:

: Oracle does not always provide us with the associated CVE #. We have not 
: received one for this case.

According to the main guy who coordinates their advisories, if the 
researcher asks for the CVE association, Oracle will give it. However, if 
a third party asks for it, they will not divulge the CVE association. 

Ridiculous policy, and I have challenged them on it many times, but it 
prevents us from finding out. Any chance you could ask them?


More information about the VIM mailing list