[Info-vax] DCL vulnerability write up on The Register
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Feb 8 08:39:49 EST 2018
On 2018-02-08, Ian Miller <gxys at uk2.net> wrote:
>
> As previously mentioned, VSI have done the right thing after receiving the
> report of the issue.
No. VSI _Engineering_ have behaved impeccably and very professionally
throughout all this.
VSI _management_ give the very strong impression of having had to be
dragged along and to be forced into doing all the stuff around this
that other vendors do as standard.
I've been talking to Mitre about why the CVE was still marked as reserved.
It turns out that they were waiting for VSI to put a public announcement
somewhere that could be included in the CVE.
Usually that's on the vendor's website somewhere but Mitre have now used
the comp.os.vms posting as well as a couple of other references as VSI
have not put a public announcement on their website.
The CVE is now available here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17482
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list