You're suggesting that this vulnerability was introduced by Oracle?