[VIM] Question regarding ZDI-12-017's CVE
jericho at attrition.org
Mon Jun 11 13:55:49 CDT 2012
On Mon, 11 Jun 2012, ZDI Disclosures wrote:
: Oracle does not always provide us with the associated CVE #. We have not
: received one for this case.
According to the main guy who coordinates their advisories, if the
researcher asks for the CVE association, Oracle will give it. However, if
a third party asks for it, they will not divulge the CVE association.
Ridiculous policy, and I have challenged them on it many times, but it
prevents us from finding out. Any chance you could ask them?
More information about the VIM