oss-sec: by thread
648 messages
starting Apr 01 13 and
ending Jun 30 13
Date index |
Thread index |
Author index
- Re: Re: Security vulnerability tools Corey Bryant (Apr 01)
- <Possible follow-ups>
- Re: Re: Security vulnerability tools Corey Bryant (Apr 01)
- Re: Re: Security vulnerability tools Larry W. Cashdollar (Apr 01)
- CVE-2013-1912 : haproxy may crash on TCP content inspection rules Willy Tarreau (Apr 02)
- CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Apr 03)
- Re: CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 05)
- Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
- CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky (Apr 03)
- Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Kurt Seifried (Apr 03)
- Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 08)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky (Apr 09)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 09)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj (Apr 09)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 09)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj (Apr 09)
- Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky (Apr 09)
- Re: CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Kurt Seifried (Apr 03)
- browser document.cookie DoS vulnerability Stefan Bühler (Apr 03)
- Re: browser document.cookie DoS vulnerability Kurt Seifried (Apr 08)
- Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried (Apr 03)
- ownCloud Security Advisories (2013-011, 2013-012) Lukas Reschke (Apr 03)
- CVE request for Drupal contributed modules Forest Monsen (Apr 03)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 04)
- <Possible follow-ups>
- Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 12)
- CVE request for Drupal contributed modules Forest Monsen (Apr 17)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 18)
- CVE request for Drupal contributed modules Forest Monsen (May 29)
- Re: CVE request for Drupal contributed modules Kurt Seifried (May 29)
- CVE request: rpc-gssd is vulnerable to DNS spoofing Vincent Danen (Apr 03)
- Re: CVE request: rpc-gssd is vulnerable to DNS spoofing Kurt Seifried (Apr 04)
- Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations Xen . org security team (Apr 04)
- PostgreSQL security update Solar Designer (Apr 04)
- Re: PostgreSQL security update Solar Designer (Apr 04)
- Confused with Drupal CVEs Henri Salo (Apr 04)
- RE: Confused with Drupal CVEs Christey, Steven M. (Apr 04)
- Multiple CVE requests for MantisBT Damien Regad (Apr 04)
- Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 05)
- Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
- Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
- Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 05)
- CVE Request: tg3 VPD firmware -> driver injection Marcus Meissner (Apr 05)
- Re: CVE Request: tg3 VPD firmware -> driver injection Kurt Seifried (Apr 05)
- CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Marcus Meissner (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Kurt Seifried (Apr 05)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 09)
- Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
- Zimbra XSS in aspell.php, CVE request Michael Scherer (Apr 05)
- Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried (Apr 05)
- Re: Zimbra XSS in aspell.php, CVE request Michael Scherer (Apr 05)
- Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried (Apr 09)
- Re: Zimbra XSS in aspell.php, CVE request Jeff Flanigan (Apr 09)
- Re: Zimbra XSS in aspell.php, CVE request Michael Scherer (Apr 05)
- Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried (Apr 05)
- New vulnerabilty in imagemagick Bastien ROUCARIES (Apr 07)
- Re: New vulnerabilty in imagemagick Kurt Seifried (Apr 08)
- cve request: util-linux Michael Gilbert (Apr 07)
- Re: cve request: util-linux Adam D. Barratt (Apr 08)
- Any info on dovecot CVE-2010-0535? Michael Gilbert (Apr 07)
- Re: Any info on dovecot CVE-2010-0535? Geoff Keating (Apr 08)
- Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Larry W. Cashdollar (Apr 08)
- Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Kurt Seifried (Apr 08)
- CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Salvatore Bonaccorso (Apr 09)
- Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Kurt Seifried (Apr 09)
- Postfix incorrect permissions on configurations. Request. Russ Thompson (Apr 09)
- Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev (Apr 09)
- Re: Postfix incorrect permissions on configurations. Request. Russ Thompson (Apr 09)
- Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev (Apr 09)
- Re: Postfix incorrect permissions on configurations. Request. Russ Thompson (Apr 09)
- <Possible follow-ups>
- Re: Postfix incorrect permissions on configurations. Request. Mike (Apr 09)
- Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev (Apr 09)
- Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Kurt Seifried (Apr 12)
- CVE-2013-1900 looks like an OpenSSL bug Florian Weimer (Apr 12)
- Re: CVE-2013-1900 looks like an OpenSSL bug Solar Designer (Apr 12)
- Re: CVE-2013-1900 looks like an OpenSSL bug Florian Weimer (Apr 12)
- Re: CVE-2013-1900 looks like an OpenSSL bug Solar Designer (Apr 12)
- Re-evaluating expat/libxml2 CVE assignments Steven M. Christey (Apr 12)
- CVE for XSS in EasyPHPCalender script Anant Shrivastava (Apr 12)
- Re: CVE for XSS in EasyPHPCalender script Kurt Seifried (Apr 16)
- Remote command injection md2pdf ruby gem Larry W. Cashdollar (Apr 12)
- Re: Remote command injection md2pdf ruby gem Kurt Seifried (Apr 13)
- Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 13)
- Re: Summary of security bugs (now fixed) in user namespaces Florian Weimer (Apr 16)
- <Possible follow-ups>
- re: Summary of security bugs (now fixed) in user namespaces Brian Martin (Apr 15)
- Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 15)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 16)
- Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
- Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 15)
- CVE-2013-1949 Social Media Widget remote file inclusion Kurt Seifried (Apr 13)
- CVE Request: VLC Buffer Overflow in ASF Demuxer Salvatore Bonaccorso (Apr 14)
- Re: CVE Request: VLC Buffer Overflow in ASF Demuxer Kurt Seifried (Apr 16)
- Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 14)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Petr Matousek (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- CVE request - Linux kernel: tracing NULL pointer dereference P J P (Apr 15)
- Re: CVE request - Linux kernel: tracing NULL pointer dereference cve-assign (Apr 28)
- CVE request: Linux kernel: cifs: NULL pointer dereference P J P (Apr 15)
- Re: CVE request: Linux kernel: cifs: NULL pointer dereference cve-assign (Apr 28)
- Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification Xen . org security team (Apr 15)
- autotrace: stack-based buffer overflow in bmp parser Murray McAllister (Apr 16)
- Re: autotrace: stack-based buffer overflow in bmp parser Kurt Seifried (Apr 16)
- CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability Petr Matousek (Apr 16)
- A note on CVE assignment timelines Kurt Seifried (Apr 16)
- CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Thijs Kinkhorst (Apr 16)
- Re: CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Kurt Seifried (Apr 16)
- Fwd: Multiple Vulnerabilities in Simple HRM system v2.3 and below Doraemon Sk8ers (Apr 16)
- Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers (Apr 16)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo (Apr 17)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers (May 10)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Kurt Seifried (May 10)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo (May 18)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers (May 10)
- Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo (Apr 17)
- debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Thomas Biege (Apr 17)
- Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried (Apr 17)
- Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Daniel Kahn Gillmor (Apr 17)
- Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried (Apr 17)
- CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Agostino Sarubbo (Apr 17)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
- Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10 Kurt Seifried (Apr 17)
- plone, rrdtool, zenoss bugs Thomas Pollet (Apr 18)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)
- Re: plone, rrdtool, zenoss bugs Matthew Wilkes (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 30)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 19)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Henri Salo (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
- Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)
- CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file Jan Lieskovsky (Apr 18)
- Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests Xen . org security team (Apr 18)
- Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team (Apr 18)
- <Possible follow-ups>
- Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team (Apr 18)
- Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled Huzaifa Sidhpurwala (Apr 18)
- Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance Xen . org security team (Apr 18)
- CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Kurt Seifried (Apr 18)
- Re: CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Thierry Carrez (Apr 23)
- distros list news Solar Designer (Apr 19)
- Request for linux-distros list membership Allan McRae (Apr 20)
- Re: Request for linux-distros list membership Solar Designer (Apr 20)
- Re: Request for linux-distros list membership Allan McRae (Apr 20)
- Re: Request for linux-distros list membership Solar Designer (Apr 21)
- Re: Request for linux-distros list membership Allan McRae (Apr 20)
- Re: Request for linux-distros list membership Solar Designer (Apr 20)
- Re: CVE-2013-1942 jPlayer 2.2.19 XSS Lukas Reschke (Apr 20)
- <Possible follow-ups>
- Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (Apr 29)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso (May 03)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (May 04)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Steven M. Christey (Jun 27)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso (May 03)
- upstream source code authenticity checking Solar Designer (Apr 20)
- Re: upstream source code authenticity checking Alan Coopersmith (Apr 21)
- Re: upstream source code authenticity checking Marcus Meissner (Apr 21)
- Re: upstream source code authenticity checking Jeremy Stanley (Apr 21)
- Re: upstream source code authenticity checking Allan McRae (Apr 21)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 21)
- Re: upstream source code authenticity checking Allan McRae (Apr 21)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 21)
- Re: upstream source code authenticity checking Stuart Henderson (Apr 22)
- Re: upstream source code authenticity checking Allan McRae (Apr 21)
- Re: upstream source code authenticity checking Eric H. Christensen (Apr 24)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 24)
- Re: upstream source code authenticity checking Allan McRae (Apr 24)
- Re: upstream source code authenticity checking Kurt Seifried (Apr 25)
- Re: upstream source code authenticity checking Daniel Kahn Gillmor (Apr 25)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
- Re: upstream source code authenticity checking Kurt Seifried (Apr 25)
- Re: upstream source code authenticity checking Dag-Erling Smørgrav (Apr 26)
- Re: upstream source code authenticity checking Kurt Seifried (Apr 26)
- Re: upstream source code authenticity checking Dag-Erling Smørgrav (Apr 26)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 26)
- Re: upstream source code authenticity checking Kurt Seifried (Apr 26)
- Re: upstream source code authenticity checking Eric H. Christensen (Apr 29)
- Re: upstream source code authenticity checking Daniel Kahn Gillmor (Apr 30)
- Re: upstream source code authenticity checking Robbie MacKay (May 01)
- Re: upstream source code authenticity checking Alistair Crooks (May 02)
- OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Daniel Kahn Gillmor (May 02)
- Re: OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Simon McVittie (May 02)
- Re: upstream source code authenticity checking Kurt Seifried (May 02)
- Re: upstream source code authenticity checking Russ Allbery (May 02)
- Re: upstream source code authenticity checking Alan Coopersmith (May 02)
- Re: upstream source code authenticity checking Russ Allbery (May 02)
- Re: upstream source code authenticity checking Josh Bressers (Apr 25)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
- Re: upstream source code authenticity checking Marcus Meissner (Apr 26)
- Re: upstream source code authenticity checking nicolas vigier (Apr 25)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
- Re: upstream source code authenticity checking Florian Weimer (Apr 26)
- Re: upstream source code authenticity checking nicolas vigier (Apr 25)
- Re: upstream source code authenticity checking yersinia (Apr 26)
- Re: upstream source code authenticity checking Daniel Kahn Gillmor (May 04)
- Re: upstream source code authenticity checking Alistair Crooks (Apr 24)
- Re: upstream source code authenticity checking Alan Coopersmith (Apr 21)
- ownCloud Security Advisories (2013-017, 2013-018) Lukas Reschke (Apr 21)
- OS command injection vulnerability in Chicken Scheme Peter Bex (Apr 21)
- Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
- Re: OS command injection vulnerability in Chicken Scheme Peter Bex (Apr 29)
- Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
- RE: OS command injection vulnerability in Chicken Scheme Christey, Steven M. (Apr 29)
- Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
- Re: OS command injection vulnerability in Chicken Scheme Peter Bex (Apr 29)
- Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
- Vulnerabilities in jPlayer MustLive (Apr 21)
- CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Agostino Sarubbo (Apr 22)
- Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Kurt Seifried (Apr 22)
- [CVE assignment notification] CVE-2013-1950 libtirpc: Invalid pointer free leads to rpcbind daemon crash (A different vulnerability than CVE-2003-0028) Jan Lieskovsky (Apr 22)
- Vulnerabilities in multiple plugins for WordPress with jPlayer MustLive (Apr 22)
- CVE Request for XSS vulnerability in Ushahidi Web Robbie Mackay (Apr 23)
- Re: CVE Request for XSS vulnerability in Ushahidi Web Kurt Seifried (Apr 29)
- CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Kurt Seifried (Apr 23)
- Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Thierry Carrez (Apr 24)
- Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert (Apr 27)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
- CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Simon McVittie (Apr 24)
- Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried (Apr 29)
- Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried (Apr 29)
- Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried (Apr 29)
- Advisory dates Dag-Erling Smørgrav (Apr 24)
- Re: Advisory dates Kurt Seifried (Apr 24)
- Re: Advisory dates Dag-Erling Smørgrav (Apr 25)
- Re: Advisory dates Kurt Seifried (Apr 24)
- CVE-2013-3221 can also relate to Microsoft SQL Server and IBM DB2 cve-assign (Apr 24)
- WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Hanno Böck (Apr 24)
- Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
- W3 Total Cache 0.9.2.8 Remote Code Exec Kurt Seifried (Apr 24)
- Vulnerabilities in multiple themes for WordPress with jPlayer MustLive (Apr 24)
- WP-Super-Cache 1.3.1 Remote Code Exec - properly fixed? Kurt Seifried (Apr 24)
- CVE Request -- autojump: autojump profile will load random stuff from a directory called custom_install Jan Lieskovsky (Apr 25)
- Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Kurt Seifried (Apr 25)
- Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Alistair Crooks (Apr 25)
- Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Andrew Alexeev (Apr 26)
- Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Alistair Crooks (Apr 25)
- CVE-2013-2013 - OpenStack keystone password disclosure on command line Kurt Seifried (Apr 25)
- CVE request: Linux kernel: ext4: hang during mount(8) P J P (Apr 26)
- Re: CVE request: Linux kernel: ext4: hang during mount(8) Kurt Seifried (Apr 26)
- Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Petr Matousek (Apr 28)
- Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Kurt Seifried (Apr 29)
- Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Michael S. Tsirkin (Apr 29)
- Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Kurt Seifried (Apr 29)
- Multiple vulnerabilities in BOINC Alyssa Milburn (Apr 28)
- Re: Multiple vulnerabilities in BOINC Kurt Seifried (Apr 29)
- Multiple Linux setuid output redirection vulnerabilities Andy Lutomirski (Apr 28)
- distros vs. linux-distros lists Solar Designer (Apr 28)
- CVE request -- Linux kernel: veth: double-free in case of congestion Petr Matousek (Apr 29)
- Re: CVE request -- Linux kernel: veth: double-free in case of congestion Kurt Seifried (Apr 29)
- memcached remote seg fault Kurt Seifried (Apr 29)
- Re: memcached remote seg fault Kurt Seifried (Apr 29)
- [NOTIFICATION] strongSwan-5.0.4 correcting ECDSA flaw (CVE-2013-2944) Jan Lieskovsky (Apr 30)
- Flightgear remote format string Andrés Gómez Ramírez (Apr 30)
- Re: Flightgear remote format string Kurt Seifried (Apr 30)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 01)
- Re: Flightgear remote format string Kurt Seifried (May 01)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
- RE: Flightgear remote format string Christey, Steven M. (May 02)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
- Re: Flightgear remote format string Andrés Gómez Ramírez (May 01)
- Re: Flightgear remote format string Kurt Seifried (Apr 30)
- CVE-2013-2029: Nagios RPM nagios.upgrade_to_v3.sh Kurt Seifried (Apr 30)
- Re-emergence of CVE-2008-4796 in Nagios current Kurt Seifried (Apr 30)
- Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm (Apr 30)
- Re: Re-emergence of CVE-2008-4796 in Nagios current Michael Gilbert (May 03)
- Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm (Apr 30)
- Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Hanno Böck (May 01)
- CVE Request: httplib2 ssl cert incorrect error handling Marc Deslauriers (May 01)
- Re: CVE Request: httplib2 ssl cert incorrect error handling Kurt Seifried (May 01)
- CVE Request for Drupal contributed module Forest Monsen (May 01)
- Re: CVE Request for Drupal contributed module Kurt Seifried (May 01)
- <Possible follow-ups>
- CVE request for Drupal contributed module Forest Monsen (Jun 06)
- Re: CVE request for Drupal contributed module Kurt Seifried (Jun 06)
- CVE request for Drupal contributed module Forest Monsen (Jun 19)
- Re: CVE request for Drupal contributed module Kurt Seifried (Jun 20)
- Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)
- Fwd: Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)
- CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 03)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 07)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 07)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 02)
- Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried (May 02)
- Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible Xen . org security team (May 02)
- Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges Xen . org security team (May 02)
- CVE request: Linux kernel: chipidea: allow disabling streaming in host mode P J P (May 03)
- Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Kurt Seifried (May 04)
- Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Marcus Meissner (May 06)
- Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Kurt Seifried (May 04)
- CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey (May 04)
- Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried (May 04)
- CVE request: WordPress advanced-xml-reader XXE Henri Salo (May 05)
- Re: CVE request: WordPress advanced-xml-reader XXE Henri Salo (Jun 05)
- CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Vincent Danen (May 06)
- Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions Xen . org security team (May 06)
- CVE-2013-2060 OpenShift Origin: Potential remote command execution vulnerability in download cart url Kurt Seifried (May 06)
- nginx security advisory (CVE-2013-2028) Andrew Alexeev (May 07)
- Re: nginx security advisory (CVE-2013-2028) Florian Weimer (May 07)
- Re: nginx security advisory (CVE-2013-2028) Solar Designer (May 22)
- When does resource consumption become a security vulnerability? Kurt Seifried (May 08)
- CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 08)
- [OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030) Thierry Carrez (May 09)
- [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Thierry Carrez (May 09)
- RE: [Openstack] [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Miller, Mark M (EB SW Cloud - R&D - Corvallis) (May 09)
- CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct P J P (May 10)
- Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct Petr Matousek (May 10)
- CVE request: password exposure in kdelibs when showing "internal server error" messages Vincent Danen (May 10)
- Re: CVE request: password exposure in kdelibs when showing "internal server error" messages Kurt Seifried (May 10)
- CVE Request: kdelibs Seth Arnold (May 10)
- Re: CVE Request: kdelibs Kurt Seifried (May 10)
- CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as (May 11)
- Re: CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as (May 11)
- Re: Re: CVE Request: Dolibarr - Multiple Vulnerabilities Kurt Seifried (May 14)
- Re: CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as (May 11)
- CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)
- <Possible follow-ups>
- CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)
- Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Thomas Waldmann (May 12)
- CVE Request: Storable::thaw called on cookie data in multiple CPAN modules John Lightsey (May 12)
- Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules Kurt Seifried (May 14)
- CVE request: Gallery multiple XSS vulnerabilities Henri Salo (May 13)
- Re: CVE request: Gallery multiple XSS vulnerabilities Kurt Seifried (May 14)
- nginx security advisory (CVE-2013-2070) Andrew Alexeev (May 13)
- CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen (May 13)
- <Possible follow-ups>
- Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability George Theall (May 14)
- Re: Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen (May 14)
- CVE Request: linux kernel perf out-of-bounds access Marc Deslauriers (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Raphael Geissert (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Petr Matousek (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Eugene Teo (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Michael Gilbert (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Greg KH (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access sd (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Kurt Seifried (May 15)
- ownCloud Security Advisories oC-SA-0{19-27} Lukas Reschke (May 14)
- Remote command Injection in Creme Fraiche 0.6 Ruby Gem Larry W. Cashdollar (May 14)
- Re: Remote command Injection in Creme Fraiche 0.6 Ruby Gem Kurt Seifried (May 14)
- CVE Request: Man in the middle on Gentoo Portage binary package installer Jason A. Donenfeld (May 15)
- Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Kurt Seifried (May 15)
- Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Pavel Labushev (May 20)
- CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Jan Lieskovsky (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 20)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 22)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 23)
- Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
- Re: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Kurt Seifried (May 15)
- CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)
- CVE request for a Drupal contributed module Forest Monsen (May 15)
- Re: CVE request for a Drupal contributed module Kurt Seifried (May 15)
- CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried (May 15)
- Re: CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried (May 16)
- Re: CVE-2013-2097: zPanel themes remote command execution as root Daniel Kahn Gillmor (May 16)
- Re: CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried (May 16)
- [OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096) Michael Still (May 16)
- CVE request: WordPress plugin mail-on-update CSRF Henri Salo (May 16)
- Re: CVE request: WordPress plugin mail-on-update CSRF Kurt Seifried (May 18)
- CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Petr Matousek (May 16)
- CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo (May 16)
- Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
- Re: CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo (May 18)
- Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
- Re: CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo (May 18)
- Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
- Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (May 16)
- CVE Request: WebAuth: Authentication credential disclosure Salvatore Bonaccorso (May 16)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 16)
- Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
- Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 18)
- Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend Xen . org security team (May 17)
- Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Larry W. Cashdollar (May 17)
- Re: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Kurt Seifried (May 18)
- CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
- Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 19)
- Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 18)
- More zPanel security flaws? Trying to sort them out Kurt Seifried (May 18)
- CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Jan Lieskovsky (May 20)
- Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes cve-assign (May 20)
- Re: Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Kurt Seifried (May 20)
- Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes cve-assign (May 20)
- tty-hijacking & CVE-2005-4890 - redux mancha (May 20)
- CVE assignments for Wireshark 1.8.7 and 1.6.15 cve-assign (May 20)
- Moodle security notifications public Michael de Raadt (May 20)
- CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Agostino Sarubbo (May 21)
- Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Huzaifa Sidhpurwala (May 22)
- Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Jan Lieskovsky (May 22)
- Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Timo Sirainen (May 22)
- Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Kurt Seifried (May 24)
- Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Timo Sirainen (May 22)
- CVE request: MediaWiki chunked uploads vulnerability Thijs Kinkhorst (May 22)
- Re: CVE request: MediaWiki chunked uploads vulnerability Kurt Seifried (May 24)
- Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Jan Lieskovsky (May 22)
- CVE-2013-2069 livecd-tools: improper handling of passwords Brian C. Lane (May 23)
- Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries Alan Coopersmith (May 23)
- [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (May 23)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
- Re: [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Robert Collins (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
- Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
- CVE Request: pwgen Seth Arnold (May 24)
- Re: CVE Request: pwgen Kurt Seifried (May 24)
- Re: CVE Request: pwgen Michael Samuel (May 27)
- Re: CVE Request: pwgen Solar Designer (May 27)
- Re: CVE Request: pwgen Michael Samuel (Jun 05)
- Re: CVE Request: pwgen Michael Samuel (May 27)
- Re: CVE Request: pwgen Kurt Seifried (May 24)
- CVE Request: SPIP privilege escalation Salvatore Bonaccorso (May 25)
- Re: CVE Request: SPIP privilege escalation Kurt Seifried (May 27)
- CVE Request: cgit directory traversal Jason A. Donenfeld (May 25)
- Re: CVE Request: cgit directory traversal Jan Lieskovsky (May 27)
- Re: CVE Request: cgit directory traversal Kurt Seifried (May 27)
- Re: CVE Request: cgit directory traversal Jason A. Donenfeld (May 27)
- Re: CVE Request: cgit directory traversal Jason A. Donenfeld (May 27)
- Re: CVE Request: cgit directory traversal Kurt Seifried (May 27)
- Re: CVE Request: cgit directory traversal Jan Lieskovsky (May 27)
- socat security advisory 4 - CVE-2013-3571 Gerhard Rieger (May 26)
- CVE request: libraw: multiple issues Raphael Geissert (May 28)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
- Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
- [Notification] CVE-2013-2765 mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used Jan Lieskovsky (May 28)
- KDE Paste Applet Michael Samuel (May 28)
- Re: KDE Paste Applet Kurt Seifried (May 29)
- Re: KDE Paste Applet Michael Samuel (May 30)
- Re: KDE Paste Applet Jeff Mitchell (May 31)
- Re: KDE Paste Applet Michael Samuel (Jun 12)
- Re: KDE Paste Applet Michael Samuel (Jun 25)
- Re: KDE Paste Applet Kurt Seifried (Jun 25)
- Re: KDE Paste Applet Garth Mollett (Jun 26)
- Re: KDE Paste Applet Michael Samuel (May 30)
- Re: KDE Paste Applet Kurt Seifried (May 29)
- [OSSA 2013-014] Missing expiration check in Keystone PKI tokens validation (CVE-2013-2104) Thierry Carrez (May 28)
- CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Jan Lieskovsky (May 29)
- GnuTLS 2.x Lucky13 fix regression CVE-2013-2116 Tomas Hoger (May 29)
- CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) P J P (May 29)
- Re: CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) Kurt Seifried (May 29)
- Drupal contrib CVE Forest Monsen (May 29)
- Re: Drupal contrib CVE Kurt Seifried (May 29)
- CVE request: znc: null pointer dereference in webadmin Raphael Geissert (May 30)
- Re: CVE request: znc: null pointer dereference in webadmin Kurt Seifried (May 30)
- CVE-2013-1431: telepathy-gabble: TLS bypass via use of legacy Jabber Simon McVittie (May 30)
- CVE request: monkeyd Denial of Service Agostino Sarubbo (May 31)
- Re: CVE request: monkeyd Denial of Service cve-assign (May 31)
- CVE Request: libimobiledevice insecure /tmp use Marc Deslauriers (May 31)
- Re: CVE Request: libimobiledevice insecure /tmp use Kurt Seifried (Jun 04)
- CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
- Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
- CVE-2013-2850: Linux kernel iSCSI target heap overflow Kees Cook (Jun 01)
- CVE Request: kernel info leak in tkill/tgkill Marcus Meissner (Jun 02)
- Re: CVE Request: kernel info leak in tkill/tgkill Kurt Seifried (Jun 04)
- Xen Security Advisory 52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs Xen . org security team (Jun 03)
- Xen Security Advisory 53 (CVE-2013-2077) - Hypervisor crash due to missing exception recovery on XRSTOR Xen . org security team (Jun 03)
- Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV Xen . org security team (Jun 03)
- CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks Jan Lieskovsky (Jun 04)
- CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)
- CVE Request: More perf security fixes Marcus Meissner (Jun 04)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
- Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 06)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
- Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
- Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
- Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
- Re: CVE Request: More perf security fixes Kurt Seifried (Jun 05)
- Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)
- CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Henri Salo (Jun 04)
- Re: CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Kurt Seifried (Jun 04)
- CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P (Jun 05)
- Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P (Jun 05)
- Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() Kurt Seifried (Jun 05)
- CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user P J P (Jun 05)
- Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user Kurt Seifried (Jun 05)
- Joomla URL change Henri Salo (Jun 05)
- CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen (Jun 05)
- Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Russ Allbery (Jun 05)
- Re: CVE-2013-2145: perl Module::Signature code execution vulnerability 唐鳳 (Jun 05)
- Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Daniel Kahn Gillmor (Jun 05)
- Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen (Jun 11)
- Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Russ Allbery (Jun 05)
- xen/blkback: Check device permissions before allowing OP_DISCARD Konrad Rzeszutek Wilk (Jun 05)
- Re: xen/blkback: Check device permissions before allowing OP_DISCARD Kurt Seifried (Jun 05)
- CVE Request: Linux Kernel - Leak information in cdrom driver. Jonathan Salwan (Jun 06)
- Re: CVE Request: Linux Kernel - Leak information in cdrom driver. Kurt Seifried (Jun 10)
- [PATCH] perf: fix hypervisor branch sampling permission check Stephane Eranian (Jun 06)
- Re: [PATCH] perf: fix hypervisor branch sampling permission check Petr Matousek (Jun 06)
- chroots & uid sharing Jason A. Donenfeld (Jun 06)
- Re: chroots & uid sharing Jason A. Donenfeld (Jun 06)
- Re: chroots & uid sharing Seth Arnold (Jun 06)
- Re: chroots & uid sharing Kurt Seifried (Jun 06)
- Re: chroots & uid sharing Tom Maher (Jun 07)
- Re: chroots & uid sharing Kurt Seifried (Jun 06)
- CVE request: WordPress plugin uk-cookie CSRF Henri Salo (Jun 06)
- Re: CVE request: WordPress plugin uk-cookie CSRF Kurt Seifried (Jun 13)
- Linux kernel format string flaws Kees Cook (Jun 06)
- Re: Linux kernel format string flaws Greg KH (Jun 06)
- ownCloud Security Advisory oC-SA-2013-028 Lukas Reschke (Jun 07)
- Broken authentication on Monkey HTTPD Auth plugin Felipe Pena (Jun 07)
- Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 07)
- <Possible follow-ups>
- Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 14)
- Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Kurt Seifried (Jun 20)
- CVE request: Monkey HTTPD - DoS due bug on Range header handling Felipe Pena (Jun 07)
- Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling Kurt Seifried (Jun 10)
- CVE request: Debian's package "mysql-server" leaks credential information vladz (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information Daniel Kahn Gillmor (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried (Jun 08)
- RE: CVE request: Debian's package "mysql-server" leaks credential information Christey, Steven M. (Jun 09)
- Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 10)
- Re: CVE request: Debian's package "mysql-server" leaks credential information Florian Weimer (Jun 10)
- Re: CVE request: Debian's package "mysql-server" leaks credential information Henri Salo (Jun 10)
- Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried (Jun 08)
- Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
- Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert (Jun 10)
- Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) vladz (Jun 10)
- Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Larry W. Cashdollar (Jun 10)
- Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) vladz (Jun 10)
- CVE request: resin: Cross site scripting Agostino Sarubbo (Jun 11)
- Re: CVE request: resin: Cross site scripting Kurt Seifried (Jun 13)
- CVE request: WordPress 3.5.1 denial of service vulnerability Henri Salo (Jun 11)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Andrew Nacin (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Alexander Cherepanov (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Kurt Seifried (Jun 12)
- Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
- CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Alan Coopersmith (Jun 11)
- Re: CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Kurt Seifried (Jun 13)
- Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Yves-Alexis Perez (Jun 12)
- Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Kurt Seifried (Jun 13)
- CVE request for Drupal contrib module Forest Monsen (Jun 12)
- Re: CVE request for Drupal contrib module Kurt Seifried (Jun 13)
- CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound Simon McVittie (Jun 13)
- [OSSA 2013-015] Authentication bypass when using LDAP backend (CVE-2013-2157) Thierry Carrez (Jun 13)
- [OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161) Jeremy Stanley (Jun 13)
- CVE request: MovableType before 5.2.6 John Lightsey (Jun 13)
- Re: CVE request: MovableType before 5.2.6 Kurt Seifried (Jun 14)
- CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena (Jun 14)
- Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried (Jun 14)
- CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Felipe Pena (Jun 14)
- Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Kurt Seifried (Jun 14)
- CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)
- RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M. (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Kurt Seifried (Jun 14)
- Re: CVE request: FD leakage for cgi program on Monkey HTTPD Yves-Alexis Perez (Jun 14)
- RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M. (Jun 14)
- Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core TYPO3 Security Team (Jun 16)
- CVE Request: Linux - ext4 support Jonathan Salwan (Jun 17)
- Re: CVE Request: Linux - ext4 support Greg KH (Jun 17)
- Re: CVE Request: Linux - ext4 support Jonathan Salwan (Jun 17)
- Re: CVE Request: Linux - ext4 support Greg KH (Jun 17)
- Re: CVE Request: Linux - ext4 support Kurt Seifried (Jun 17)
- Re: CVE Request: Linux - ext4 support Jonathan Salwan (Jun 17)
- Re: CVE Request: Linux - ext4 support Greg KH (Jun 17)
- CVE-2013-2175 : haproxy may crash when using header occurrences relative to the tail Willy Tarreau (Jun 17)
- Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
- Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)
- Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)
- Re: Thoughts on a vuln/CVE? Tim (Jun 18)
- Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
- Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
- CVE request: gnome-shell crash, screen unlock on resume Florian Weimer (Jun 18)
- Re: CVE request: gnome-shell crash, screen unlock on resume Kurt Seifried (Jun 18)
- [OSSA 2013-017] Issues in Keystone middleware memcache signing/encryption feature (CVE-2013-2166, CVE-2013-2167) Thierry Carrez (Jun 19)
- [CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate Jan Lieskovsky (Jun 19)
- Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 20)
- CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Petr Matousek (Jun 20)
- Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Kurt Seifried (Jun 20)
- CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Jan Lieskovsky (Jun 21)
- Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team (Jun 21)
- CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky (Jun 24)
- Re: [LightDM] light-locker 0.1.0 released Yves-Alexis Perez (Jun 25)
- Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team (Jun 26)
- Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes Xen . org security team (Jun 26)
- CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Jun 26)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Raphael Geissert (Jun 26)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jun 26)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jun 26)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Raphael Geissert (Jun 26)
- 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 26)
- Re: 1.2k bug reports for Debian, some may be security Russ Allbery (Jun 26)
- Re: 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 26)
- Re: 1.2k bug reports for Debian, some may be security Steven M. Christey (Jun 27)
- Re: 1.2k bug reports for Debian, some may be security Alexandre Rebert (Jun 27)
- Re: 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 30)
- Re: 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 26)
- Re: 1.2k bug reports for Debian, some may be security Russ Allbery (Jun 26)
- CVE request for GLPI Mehrenberger, Xavier (Jun 27)
- Re: CVE request for GLPI Kurt Seifried (Jun 30)
- CVE Request -- python-suds: Insecure temporary directory use when initializing file-based URL cache Jan Lieskovsky (Jun 27)
- CVE request: GLPI, multiple issues Raphael Geissert (Jun 27)
- Re: CVE request: GLPI, multiple issues Kurt Seifried (Jun 30)
- CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Jan Lieskovsky (Jun 28)
- CVE request: Multiple issues in GNU ZRTPCPP Dan Rosenberg (Jun 29)
- Re: CVE request: Multiple issues in GNU ZRTPCPP Kurt Seifried (Jun 30)
- CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri (Jun 30)
- Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri (Jun 30)
- Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried (Jun 30)
- Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried (Jun 30)
- Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri (Jun 30)
- Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried (Jun 30)
- Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried (Jun 30)
- Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Steven Ciaburri (Jun 30)
- Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried (Jun 30)