oss-sec: by thread
688 messages
starting Jun 30 13 and
ending Sep 30 13
Date index |
Thread index |
Author index
- CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!) Kurt Seifried (Jun 30)
- CVE Request: Ansible not caching SSH host keys Michael Samuel (Jun 30)
- Re: CVE Request: Ansible not caching SSH host keys Kurt Seifried (Jul 02)
- Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Sebastian Krahmer (Jul 01)
- Request for linux-distros list membership Sona Sarmadi (Jul 01)
- Re: Request for linux-distros list membership Solar Designer (Jul 01)
- Re: Request for linux-distros list membership Kurt Seifried (Jul 01)
- RE: Request for linux-distros list membership Sona Sarmadi (Jul 02)
- Re: Request for linux-distros list membership Solar Designer (Jul 01)
- CVE Request: information leak in AF_KEY notify messages Marcus Meissner (Jul 01)
- Re: CVE Request: information leak in AF_KEY notify messages Kurt Seifried (Jul 02)
- CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Petr Matousek (Jul 01)
- Re: CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Kurt Seifried (Jul 01)
- CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 01)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 03)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt (Jul 09)
- Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
- Question about signed email Kurt Seifried (Jul 01)
- Re: Question about signed email Florian Weimer (Jul 02)
- CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Marcus Meissner (Jul 02)
- Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Kurt Seifried (Jul 02)
- Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Petr Matousek (Jul 02)
- CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried (Jul 03)
- Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
- CVE request: Quagga OSPF-API stack overrun David Lamparter (Jul 03)
- Re: CVE request: Quagga OSPF-API stack overrun Kurt Seifried (Jul 03)
- Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (Jul 03)
- CVE requests for Ajaxplorer Mehrenberger, Xavier (Jul 04)
- Re: CVE requests for Ajaxplorer Kurt Seifried (Aug 21)
- CVE Request -- gallery3 (3.0.9): Fixing two security flaws Jan Lieskovsky (Jul 04)
- Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Bharat Mediratta (Jul 04)
- Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Kurt Seifried (Jul 04)
- Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Shad Laws (Jul 05)
- Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Jul 04)
- <Possible follow-ups>
- Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian (Jul 04)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Sep 14)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Sep 16)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Sep 17)
- Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
- OpenVZ security repport - Multiple memory leaks (CVE-2013-2239) Jonathan Salwan (Jul 04)
- CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 04)
- Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 10)
- Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 10)
- Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 19)
- Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 25)
- Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 25)
- Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 25)
- Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 10)
- LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin LSE Leading Security Experts GmbH (Security Advisories) (Jul 05)
- Possible CVE request: virtualbox virtio-net host DoS Raphael Geissert (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Oracle Security Alerts (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried (Jul 05)
- CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
- NULL pointer dereferences; multiple issues mancha (Jul 05)
- Question about CVE for X!! DoS Kurt Seifried (Jul 05)
- Re: Question about CVE for X!! DoS Julien Cristau (Jul 05)
- Re: Question about CVE for X!! DoS Alan Coopersmith (Jul 05)
- Re: Question about CVE for X!! DoS Kurt Seifried (Jul 05)
- Re: [security () suse de] Re: [oss-security] Question about CVE for X!! DoS Marcus Meissner (Jul 09)
- Re: Question about CVE for X!! DoS Kurt Seifried (Jul 05)
- CVE request for Drupal contrib module Forest Monsen (Jul 05)
- Re: CVE request for Drupal contrib module Kurt Seifried (Jul 06)
- [oCERT-2013-001] File Roller path sanitization errors Daniele Bianco (Jul 08)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jul 08)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Jul 10)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Aug 02)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Aug 02)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Aug 03)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Aug 30)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Sep 03)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 03)
- Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
- Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson (Sep 04)
- Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jochen Bern (Sep 04)
- Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson (Sep 04)
- Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
- Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Daniel Kahn Gillmor (Sep 04)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 04)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view cve-assign (Sep 04)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 04)
- Re: Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Sep 04)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Aug 02)
- Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Jul 10)
- new FFMpeg stuff Kurt Seifried (Jul 08)
- Re: new FFMpeg stuff Moritz Muehlenhoff (Jul 08)
- Re: new FFMpeg stuff Michael Niedermayer (Jul 09)
- Re: new FFMpeg stuff Kurt Seifried (Jul 25)
- Re: new FFMpeg stuff Jean-Baptiste Kempf (Jul 25)
- Re: new FFMpeg stuff Kurt Seifried (Jul 25)
- Re: new FFMpeg stuff Rémi Denis-Courmont (Jul 25)
- Re: new FFMpeg stuff Jean-Baptiste Kempf (Jul 25)
- Re: new FFMpeg stuff Michael Niedermayer (Jul 09)
- Re: new FFMpeg stuff Moritz Muehlenhoff (Jul 08)
- cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 08)
- Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi (Jul 09)
- Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 09)
- Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi (Jul 10)
- Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 09)
- <Possible follow-ups>
- Re: Re: Re: cryptocat/decryptocat - needs a cve? security curmudgeon (Jul 10)
- Re: Re: Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 10)
- Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi (Jul 09)
- Linux kernel libceph NULL function pointer dereference (CVE-2013-1059) Tyler Hicks (Jul 09)
- [NOT A CVE REQUEST] CVE-2013-2230 -- libvirt: multiple registered events crash Petr Matousek (Jul 10)
- CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Jan Lieskovsky (Jul 10)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Bernhard Miklautz (Jul 12)
- Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)
- CVE request for Mozilla Firefox (Windows) Stefan Kanthak (Jul 10)
- Re: CVE request for Mozilla Firefox (Windows) Kurt Seifried (Jul 10)
- CVE request for Mozilla Thunderbird (Windows) Stefan Kanthak (Jul 10)
- Re: CVE request for Mozilla Thunderbird (Windows) Kurt Seifried (Jul 10)
- npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor (Jul 10)
- Re: npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor (Jul 10)
- Re: npm uses predictable temporary filenames when unpacking tarballs Kurt Seifried (Jul 11)
- Re: npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor (Jul 10)
- CVE request: Zenphoto waraxe-2012-SA#096 Henri Salo (Jul 10)
- CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 10)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
- Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
- CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Raphael Geissert (Jul 11)
- Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Kurt Seifried (Jul 11)
- CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Jan Lieskovsky (Jul 11)
- CVE Request - php 5.3.27 fixing heap corruption in the XML parser Jan Lieskovsky (Jul 11)
- Re: CVE Request - php 5.3.27 fixing heap corruption in the XML parser Kurt Seifried (Jul 11)
- CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer (Jul 15)
- <Possible follow-ups>
- Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried (Jul 12)
- Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
- Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert (Jul 15)
- Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Kurt Seifried (Jul 16)
- CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Petr Matousek (Jul 15)
- Re: CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Kurt Seifried (Jul 15)
- CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco (Jul 15)
- Re: CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco (Jul 15)
- CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Petr Matousek (Jul 15)
- Re: CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Kurt Seifried (Jul 15)
- CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Petr Matousek (Jul 15)
- Re: CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Kurt Seifried (Jul 15)
- CVE Request -- spice: unsafe clients ring access abort Petr Matousek (Jul 15)
- Re: CVE Request -- spice: unsafe clients ring access abort Kurt Seifried (Jul 15)
- CVE Request -- kde-workspace 4.10.5 fixing two security flaws Jan Lieskovsky (Jul 16)
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mancha (Jul 16)
- CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 16)
- <Possible follow-ups>
- Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 18)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 18)
- Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 18)
- CVE request for Drupal contrib modules Forest Monsen (Jul 16)
- Re: CVE request for Drupal contrib modules Kurt Seifried (Jul 16)
- <Possible follow-ups>
- CVE request for Drupal contrib modules Forest Monsen (Sep 03)
- Re: CVE request for Drupal contrib modules Kurt Seifried (Sep 11)
- CVE Request - MongoDB <=2.4.4 uninitialized object Florian (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 18)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 26)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson (Jul 30)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 22)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)
- CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 09)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert (Aug 12)
- Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
- Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
- ISC DHCP client and unsolicited DHCP options Florian Weimer (Jul 17)
- Re: ISC DHCP client and unsolicited DHCP options Kurt Seifried (Jul 17)
- Re: ISC DHCP client and unsolicited DHCP options Helmut Grohne (Jul 28)
- Re: ISC DHCP client and unsolicited DHCP options Tomas Hoger (Aug 13)
- Re: ISC DHCP client and unsolicited DHCP options Helmut Grohne (Jul 28)
- Re: ISC DHCP client and unsolicited DHCP options Kurt Seifried (Jul 17)
- Please REJECT CVE-2013-4141 Kurt Seifried (Jul 17)
- <Possible follow-ups>
- Please REJECT CVE-2013-4141 Kurt Seifried (Jul 17)
- CVE-2013-4137: StatusNet v1.1.0: SQL injection Joshua Wise (Jul 18)
- CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2 Marcus Meissner (Jul 18)
- SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities Hamid Zamani (Jul 18)
- CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Petr Matousek (Jul 19)
- Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Kurt Seifried (Jul 19)
- CVE request -- libvirt: crash of libvirtd without guest agent configuration Petr Matousek (Jul 19)
- Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration Kurt Seifried (Jul 19)
- CVE Request: smokeping incomplete fix for CVE-2012-0790 Seth Arnold (Jul 19)
- Re: CVE Request: smokeping incomplete fix for CVE-2012-0790 Kurt Seifried (Jul 19)
- CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso (Jul 20)
- Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried (Jul 25)
- cve request: cms made simple XSS before 1.11.7 Hanno Böck (Jul 21)
- Re: cve request: cms made simple XSS before 1.11.7 Kurt Seifried (Jul 25)
- CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez (Jul 21)
- Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
- Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
- CVE request: webcalendar before 1.2.7 Hanno Böck (Jul 22)
- Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 22)
- <Possible follow-ups>
- Re: CVE request: webcalendar before 1.2.7 security curmudgeon (Jul 22)
- Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 25)
- CVE-2013-2231 -- qemu: qemu-ga win32 service unquoted search path Petr Matousek (Jul 22)
- CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Salvatore Bonaccorso (Jul 22)
- CVE request for Drupal contributed modules Forest Monsen (Jul 22)
- <Possible follow-ups>
- CVE request for Drupal contributed modules Forest Monsen (Jul 25)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Jul 27)
- CVE request for Drupal contributed modules Forest Monsen (Aug 09)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- Re: CVE request for Drupal contributed modules Henri Salo (Aug 10)
- Re: CVE request for Drupal contributed modules Forest Monsen (Aug 11)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 12)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
- CVE request for Drupal contributed modules Forest Monsen (Aug 21)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 21)
- CVE request for Drupal contributed modules Forest Monsen (Sep 26)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Sep 26)
- Re: CVE request for a Drupal contributed module Forest Monsen (Jul 22)
- Re: CVE request for a Drupal contributed module Kurt Seifried (Jul 27)
- Cisco announces agreement to acquire Sourcefire Henri Salo (Jul 23)
- CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 23)
- Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 24)
- Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried (Jul 25)
- Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 25)
- Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried (Jul 27)
- Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 25)
- CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping (Jul 23)
- Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried (Jul 25)
- Re: CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping (Jul 25)
- Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried (Jul 27)
- Re: CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping (Jul 25)
- Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried (Jul 25)
- CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. P J P (Jul 23)
- CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
- Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team (Jul 24)
- Re: Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Konrad Rzeszutek Wilk (Jul 24)
- <Possible follow-ups>
- Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team (Jul 24)
- CVE request: timing leak in bitcoind Paul (Jul 24)
- Re: CVE request: timing leak in bitcoind Kurt Seifried (Jul 25)
- Two OpenAFS security advisories Russ Allbery (Jul 24)
- CVE request: GnuPG side-channel attack on RSA secret keys Thijs Kinkhorst (Jul 25)
- Re: CVE request: GnuPG side-channel attack on RSA secret keys Kurt Seifried (Jul 26)
- CVE Request: Insecure Software Download in pip Donald Stufft (Jul 25)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
- Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
- Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)
- CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Salvatore Bonaccorso (Jul 26)
- Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Kurt Seifried (Jul 27)
- Requesting CVE-ID(s) for Python's pip isis agora lovecruft (Jul 26)
- Re: Requesting CVE-ID(s) for Python's pip Donald Stufft (Jul 26)
- Re: Requesting CVE-ID(s) for Python's pip Kurt Seifried (Jul 29)
- Re: Requesting CVE-ID(s) for Python's pip Donald Stufft (Jul 29)
- Re: Requesting CVE-ID(s) for Python's pip isis agora lovecruft (Aug 01)
- Re: Requesting CVE-ID(s) for Python's pip Jeremy Stanley (Aug 01)
- Re: Requesting CVE-ID(s) for Python's pip Daniel Kahn Gillmor (Aug 01)
- Re: Requesting CVE-ID(s) for Python's pip Kurt Seifried (Jul 29)
- Re: Requesting CVE-ID(s) for Python's pip Donald Stufft (Jul 26)
- CVE-2013-1436: xmonad-contrib remote command injection Raúl Benencia (Jul 26)
- FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver FreeBSD Security Advisories (Jul 26)
- FreeBSD Security Advisory FreeBSD-SA-13:07.bind FreeBSD Security Advisories (Jul 26)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Tomas Hoger (Jul 29)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Kurt Seifried (Jul 29)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Solar Designer (Jul 29)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Tomas Hoger (Jul 29)
- CVE Request - Coin Widget serves code over plain http. Evan Teitelman (Jul 27)
- Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried (Jul 27)
- RE: CVE Request - Coin Widget serves code over plain http. Christey, Steven M. (Jul 28)
- Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried (Jul 29)
- RE: CVE Request - Coin Widget serves code over plain http. Christey, Steven M. (Jul 28)
- Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried (Jul 27)
- CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution" Alexandre Dulaunoy (Jul 29)
- CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 29)
- Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
- Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
- Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 30)
- Re: [Phpmyadmin-security] [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Dieter Adriaenssens (Jul 30)
- Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 30)
- [OSSA 2013-018] Missing SSL certificate check in Python glance client (CVE-2013-4111) Thierry Carrez (Jul 30)
- CVE Request: CPAN perl module Data::UUID symlink attacks Tim Retout (Jul 30)
- Re: CVE Request: CPAN perl module Data::UUID symlink attacks Salvatore Bonaccorso (Jul 30)
- Re: CVE Request: CPAN perl module Data::UUID symlink attacks Kurt Seifried (Jul 31)
- CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Jan Lieskovsky (Jul 31)
- Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Kurt Seifried (Jul 31)
- CVE request for Drupal contributed module Forest Monsen (Jul 31)
- Re: CVE request for Drupal contributed module Kurt Seifried (Jul 31)
- Re: [vs-plain] Request for CVE Identifiers Kurt Seifried (Aug 01)
- Rgpg Ruby Gem Remote Command Injection (CVE Request) Larry W. Cashdollar (Aug 02)
- Re: Rgpg Ruby Gem Remote Command Injection (CVE Request) Kurt Seifried (Aug 02)
- CVE request: XSS in Google Web Toolkit (GWT) David Jorm (Aug 04)
- Re: CVE request: XSS in Google Web Toolkit (GWT) Kurt Seifried (Aug 04)
- CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 04)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)
- valid but unusual sequence of CVEs in SYM13-009 cve-assign (Aug 05)
- Update for CVE-2013-4852: PuTTY SSH handshake heap overflow (FileZilla reportedly embeds a copy) Kurt Seifried (Aug 05)
- owncloud 5.0.8 and 4.5.13 (oC-SA-2013-029 and oC-SA-2013-030) - CVE assignments? Salvatore Bonaccorso (Aug 05)
- CLONE_NEWUSER local DoS Petr Matousek (Aug 06)
- Re: CLONE_NEWUSER local DoS Kurt Seifried (Aug 06)
- Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)
- [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov (Aug 06)
- [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Oleg Nesterov (Aug 06)
- Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski (Aug 06)
- Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Eric W. Biederman (Aug 06)
- Re: [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Petr Matousek (Aug 07)
- Re: CLONE_NEWUSER local DoS Andy Lutomirski (Aug 06)
- Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)
- [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov (Aug 06)
- [OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256) Jeremy Stanley (Aug 06)
- [OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) Jeremy Stanley (Aug 06)
- CVE request: three additional flaws fixed in putty 0.63 Vincent Danen (Aug 06)
- Re: CVE request: three additional flaws fixed in putty 0.63 Kurt Seifried (Aug 06)
- OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)
- Re: OpenX Ad Server Backdoor CVE? Nathan March (Aug 07)
- Re: OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)
- Re: OpenX Ad Server Backdoor CVE? Nathan March (Aug 07)
- SSL BREACH Kurt Seifried (Aug 06)
- Re: SSL BREACH cve-assign (Aug 06)
- Re: SSL BREACH Stefan Fritsch (Aug 16)
- Re: SSL BREACH cve-assign (Sep 23)
- Re: SSL BREACH cve-assign (Aug 06)
- [OSSA 2013-021] Cinder LVM volume driver does not support secure deletion (CVE-2013-4183) Jeremy Stanley (Aug 07)
- [OSSA 2013-022] Swift Denial of Service using superfluous object tombstones (CVE-2013-4155) Thierry Carrez (Aug 07)
- CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Vincent Danen (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Salvatore Bonaccorso (Aug 07)
- Message not available
- Message not available
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Giuseppe Iuculano (Aug 13)
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)
- Re: Reserved CVE for pip Kurt Seifried (Aug 07)
- Re: Reserved CVE for pip Donald Stufft (Aug 07)
- Re: tomcat CVE confusion David Jorm (Aug 07)
- Re: tomcat CVE confusion Kurt Seifried (Aug 07)
- Re: tomcat CVE confusion Marcus Meissner (Aug 08)
- Re: tomcat CVE confusion cve-assign (Aug 08)
- Re: CVE request: remote code execution due to XML deserialization in Restlet Kurt Seifried (Aug 08)
- Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried (Aug 08)
- Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Greg KH (Aug 08)
- Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried (Aug 08)
- Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Dan Williams (Aug 08)
- Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Seth Arnold (Aug 08)
- Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Jan Lieskovsky (Aug 08)
- Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Seth Arnold (Aug 08)
- Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Kurt Seifried (Aug 08)
- Re: CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Vincent Danen (Aug 08)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried (Aug 12)
- Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert (Aug 12)
- Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
- RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Kurt Seifried (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)
- Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Evan Teitelman (Aug 09)
- <Possible follow-ups>
- Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová (Aug 11)
- Re: Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Kurt Seifried (Aug 12)
- Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Florian Weimer (Aug 11)
- Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Kurt Seifried (Aug 12)
- Re: X.509 name constraints and potential interpretation conflict Ludwig Nussel (Aug 20)
- Re: CVE Request -- vdsm: incomplete fix for CVE-2013-0167 issue Kurt Seifried (Aug 12)
- Re: pending Bitcoin/Android CVE assignments Florent Daigniere (Aug 12)
- Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Kurt Seifried (Aug 12)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
- Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 19)
- Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst (Aug 14)
- Re: CVE Request -- php - handling of certs with null bytes Kurt Seifried (Aug 14)
- Re: Possible CVE request: dovecot crash when disconnecting during pop3 LIST Timo Sirainen (Aug 14)
- Re: CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root Kurt Seifried (Aug 14)
- Re: rubygems insecure download (and other problems) Donald Stufft (Aug 14)
- Re: rubygems insecure download (and other problems) Marcus Meissner (Aug 15)
- Re: rubygems insecure download (and other problems) Henri Salo (Aug 15)
- Re: rubygems insecure download (and other problems) Kurt Seifried (Aug 15)
- RE: rubygems insecure download (and other problems) Christey, Steven M. (Aug 15)
- Re: rubygems insecure download (and other problems) Marcus Meissner (Aug 15)
- Re: HTTPS (was: rubygems insecure download (and other problems)) gremlin (Aug 14)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft (Aug 14)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev (Aug 16)
- Message not available
- Re: HTTPS Kurt Seifried (Aug 21)
- Re: HTTPS Pavel Labushev (Aug 22)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft (Aug 14)
- Re: HTTPS Kurt Seifried (Aug 15)
- Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev (Aug 16)
- Re: HTTPS Alexander Cherepanov (Aug 26)
- Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Petr Matousek (Aug 16)
- Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Kurt Seifried (Aug 16)
- Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Vince Weaver (Aug 20)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Kurt Seifried (Aug 19)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Aug 19)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Florian Weimer (Sep 09)
- Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Sep 09)
- Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Eric H. Christensen (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kevin Fenzi (Aug 19)
- Re: [pgsql-security] Re: [oss-security] PostgreSQL insecure install via yum (multiple problems) Magnus Hagander (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Daniel Kahn Gillmor (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Moritz Naumann (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) Hannes Frederic Sowa (Aug 20)
- Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) John Haxby (Aug 21)
- Re: CVE Request: FFmpeg 2.0.1 multiple problems Kurt Seifried (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 22)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Hannes Frederic Sowa (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
- <Possible follow-ups>
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
- Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav (Aug 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Huzaifa Sidhpurwala (Aug 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav (Aug 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Huzaifa Sidhpurwala (Aug 22)
- Re: [PATCH] implement privmode support in dash Simon McVittie (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
- Re: [PATCH] implement privmode support in dash Ludwig Nussel (Aug 23)
- Re: [PATCH] implement privmode support in dash Harald van Dijk (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
- Re: [PATCH] implement privmode support in dash Jilles Tjoelker (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
- Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)
- Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)
- Re: [PATCH] implement privmode support in dash Roy (Aug 23)
- Re: [PATCH] implement privmode support in dash Kurt Seifried (Aug 22)
- Re: [PATCH] implement privmode support in dash Seth Arnold (Aug 22)
- Re: [PATCH] implement privmode support in dash Michael Samuel (Aug 22)
- Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
- Re: [PATCH] implement privmode support in dash Florian Weimer (Aug 23)
- Re: [PATCH] implement privmode support in dash Seth Arnold (Aug 22)
- Re: [PATCH] implement privmode support in dash Tim Brown (Aug 23)
- Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried (Aug 22)
- Re: Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov (Aug 22)
- Re: Possibly insecure permissions on sshd_config in Debian-based distros Daniel Kahn Gillmor (Aug 22)
- Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried (Aug 22)
- Re: Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov (Aug 22)
- Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 23)
- Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 27)
- Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 28)
- Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 28)
- Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 cve-assign (Aug 24)
- Re: CVE-2013-5575 LibTIFF through 3.9.5 integer overflow Huzaifa Sidhpurwala (Aug 25)
- Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b cve-assign (Aug 25)
- Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso (Aug 28)
- Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences cve-assign (Aug 26)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 Henri Salo (Aug 28)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar (Aug 28)
- Re: Command Injection in Ruby Gem Sounder 1.0.1 cve-assign (Aug 28)
- Re: CVE oops in GLSA 201308-05 (wireshark) cve-assign (Aug 28)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Alex Legler (Aug 29)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 29)
- Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
- Re: CVE oops in GLSA 201308-05 (wireshark) Sergey Popov (Aug 29)
- Re: CVE request, libdigidoc arbitrary file overwrite flaw cve-assign (Aug 28)
- Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access cve-assign (Aug 29)
- Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload cve-assign (Aug 29)
- Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
- Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
- YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
- Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
- Re: CVE request for imagemagick bug Kurt Seifried (Sep 03)
- Re: OSS at all? (was: [oss-security] YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload) Larry W. Cashdollar (Aug 30)
- Re: CVE request: serendipity before 1.7.3 XSS cve-assign (Sep 01)
- Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem cve-assign (Sep 01)
- Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Larry Cashdollar (Sep 01)
- Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin cve-assign (Sep 01)
- Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8 Kurt Seifried (Sep 04)
- Re: CVE-2013-2185 / Tomcat David Jorm (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Petr Matousek (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: pyOpenSSL hostname check bypassing vulnerability Kurt Seifried (Sep 06)
- Re: CVE request: TYPO3-CORE-SA-2013-003 Kurt Seifried (Sep 09)
- <Possible follow-ups>
- [CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
- [CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
- Re: [CVE Request] Event Easy Calendar Kurt Seifried (Sep 09)
- Message not available
- Message not available
- [CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
- Re: [CVE Request] Event Easy Calendar Kurt Seifried (Sep 09)
- Re: CVE request: Torque privilege escalation Kurt Seifried (Sep 09)
- Re: CVE request: Torque privilege escalation Agostino Sarubbo (Sep 09)
- Re: CVE request: Torque privilege escalation Kurt Seifried (Sep 09)
- Re: CVE request: Torque privilege escalation Agostino Sarubbo (Sep 09)
- Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Kurt Seifried (Sep 09)
- Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Henri Salo (Sep 10)
- <Possible follow-ups>
- Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Larry W. Cashdollar (Sep 10)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov (Sep 14)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried (Sep 16)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 17)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried (Sep 18)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov (Sep 18)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 18)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 20)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Tomas Hoger (Sep 20)
- Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried (Sep 16)
- Re: CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kurt Seifried (Sep 11)
- Re: CVE Request: Three integer overflows in glibc memory allocator Kurt Seifried (Sep 11)
- Re: CVE Request: lightdm incorrect .Xauthority permissions Kurt Seifried (Sep 11)
- Re: CVE Requests for WordPress 3.6.1 Kurt Seifried (Sep 11)
- Re: cve requests for python-oauth2 Kurt Seifried (Sep 12)
- Re: GnuPG treats no-usage-permitted keys as all-usages-permitted Kurt Seifried (Sep 13)
- Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Kurt Seifried (Sep 13)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
- Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
- Re: CVE-Request FFmpeg vulnerability Kurt Seifried (Sep 16)
- Re: CVE request: davfs2 - Unsecure use of system() Salvatore Bonaccorso (Sep 17)
- Re: CVE request: davfs2 - Unsecure use of system() Tavis Ormandy (Sep 18)
- Re: CVE request: davfs2 - Unsecure use of system() Kurt Seifried (Sep 18)
- Re: Research on better-than-brute-force attacks on PDF cryptography Dhiru Kholia (Sep 22)
- Re: Fwd: [vs-plain] polkit races Marc Deslauriers (Sep 18)
- Re: Fwd: [vs-plain] polkit races Vincent Danen (Sep 18)
- Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) Jeremy Stanley (Sep 19)
- Re: CVE-2013-5696: split needed Kurt Seifried (Sep 20)
- Re: CVE-2013-5696: split needed cve-assign (Sep 23)
- Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Sep 25)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 25)
- Re: Reproducible Builds for Fedora Nicolas Vigier (Sep 25)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
- Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 25)
- Re: Reproducible Builds for Fedora Ludwig Nussel (Sep 25)
- Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: CVE request: X2Go server Kurt Seifried (Sep 25)
- Re: graphite CVE-2013-5903 confusion cve-assign (Sep 27)
- Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Kurt Seifried (Sep 26)
- Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Rafael Luque (Sep 27)
- Re: CVE request: qemu host crash from within guest Kurt Seifried (Sep 26)
- Re: Buffer overrun vulnerability in CHICKEN Scheme Kurt Seifried (Sep 26)
- Re: Trend micro contact details Florian Weimer (Sep 29)
- Re: linux kernel memory corruption with ipv6 udp offloading Kurt Seifried (Sep 28)