The Eclipse Foundation is a Common Vulnerabilities and Exposures (CVE) Numbering Authority.
Eclipse project committers can use the tools that best suit their needs to remediate their vulnerability, provided that–when disclosed–related issues are tracked via the official (open and transparent) project issue tracker. To the extent possible, tools used to remediate a vulnerability must be vendor neutral; that is, all project committers should be able to participate in the remediation process.