Re: What does it mean for a vulnerability to be retired?



On Dec 21, 2007, at 1:11 PM, Terra Frost wrote:

<http://www.securityfocus.com/bid/26885> is an example of a
vulnerability whose status has been changed to RETIRED. My question
is.. what, exactly, does that mean?

The meaning varies. In this case, it means that SecurityFocus believes the issue was bogus, which is what they say under the Discussion section:

http://www.securityfocus.com/bid/26885/discuss

[As an aside, retiring this was probably a mistake -- there is definitely an issue with WordPress as subsequent discussions on the Bugtraq mailing list have shown.]

In other cases, SecurityFocus might mark an BID as retired because they have split out the issues into separate BIDs, as they did recently with BID 26929, for various issues in Adobe's Flash Player plugin.

George
--
theall@xxxxxxxxxxxx