CPU 12 July 2005
There are no vulnerabilities affecting installed clients that are not accompanied by a database server install. This CPU July 2005 does not need to be installed on client only installations if a previous CPU has been applied or alert #68.
There is a pre-installation note and risk matrix for each group of products. It is interesting to note that Oracle says it has tested each vulnerability in isolation and has not tested for blended attacks using more than one of the reported vulnerabilities.
Quite a few people are credited with discovering bugs. These include Alex Kornbrust, Esteban Mart�nez Fay�, Gerhard Eschelbeck, Stephen Kost , David Litchfield, http://www.ncircle.com/ - (broken link) Michael Murray, Aaron C. Newman and Mike Sues. There are a few new names that we have not normally seen in the recent times of Oracle Security bugs.
It is also quite interesting that this time there are no PeopleSoft fixes included in this patch update.
There are then five sections detailing the bugs found. There is not a great deal of detail as usual. Only sparse mention of components and packages that are vulnerable. Sometimes this is enough to get an idea of the type of bug involved.