Alex has issued a paper today titled "Oracle CPU July 2005 - Silently fixed bugs" that discusses this issue in relation to CPU July 2006.
What is the issue here? - are Oracle silently fixing security bugs reported to them or are these internally found security bugs? - maybe, the issue is that the bugs found are not reported as security bugs in the first place and they then go though the system remaining as non-security bugs? - but why then are there so many found by Alex this time in this CPU?