I saw NGS Software's advisory tonight for the vulnerabilities that they found and were fixed as part of CPU 12 April. The NGS Software advisory
is pretty basic (i.e. it doesn't give much away!). The advisory states just versions affected and that details of the bugs found will be held back for three months. This is pretty much standard from NGS now. Integrigy
do not seem to have an advisory for Stephen Kosts bugs yet on their site. I also could not find an advisory for Esteban Martínez Fayó who is also credited in Oracles advisory
. If anyone knows about links to these missing advisories please let me know.