[VIM] Question regarding ZDI-12-017's CVE
zdi-disclosures at tippingpoint.com
Mon Jun 11 14:06:46 CDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Thank you for the insight. I did not know this.
I had just pinged Oracle for CVE's related to tomorrow's patches they are
releasing. I will go ahead and ask for this one as well. Any others that
ZDI was a part of that you'd like Oracle CVE's for?
The ZDI Team
- -----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Monday, June 11, 2012 1:56 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: [VIM] Question regarding ZDI-12-017's CVE
On Mon, 11 Jun 2012, ZDI Disclosures wrote:
: Oracle does not always provide us with the associated CVE #. We have not
: received one for this case.
According to the main guy who coordinates their advisories, if the
researcher asks for the CVE association, Oracle will give it. However, if
a third party asks for it, they will not divulge the CVE association.
Ridiculous policy, and I have challenged them on it many times, but it
prevents us from finding out. Any chance you could ask them?
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
-----END PGP SIGNATURE-----
More information about the VIM