oss-sec: by thread
1185 messages
starting Sep 30 14 and
ending Dec 31 14
Date index |
Thread index |
Author index
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Zach Wikholm (Sep 30)
- Re: Healing the bash fork Peter Bex (Sep 30)
- <Possible follow-ups>
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Stuart D. Gathman (Oct 01)
- Re: Healing the bash fork Hanno Böck (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Greg KH (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Greg KH (Oct 01)
- Re: Healing the bash fork Loganaden Velvindron (Oct 01)
- Re: Healing the bash fork Colin Mahns (Oct 01)
- Re: Healing the bash fork Jason Cooper (Oct 01)
- Re: Healing the bash fork Tomas Hoger (Oct 01)
- Re: Healing the bash fork Florian Weimer (Oct 01)
- Re: Healing the bash fork David A. Wheeler (Oct 02)
- Re: Healing the bash fork Florian Weimer (Oct 01)
- Re: Healing the bash fork Florian Weimer (Oct 06)
- Re: Healing the bash fork David A. Wheeler (Oct 06)
- Re: Healing the bash fork Zach Wikholm (Sep 30)
- various sddm vulnerabilities Sebastian Krahmer (Oct 01)
- Re: various sddm vulnerabilities Martin Bříza (Oct 02)
- Re: various sddm vulnerabilities cve-assign (Oct 05)
- Xen Security Advisory 108 (CVE-2014-7188) - Improper MSR range used for x2APIC emulation Xen . org security team (Oct 01)
- RE: binary-patching bash jihyun.jang (Oct 01)
- how to unsubscribe (Re: binary-patching bash) Solar Designer (Oct 01)
- more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Hanno Böck (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Zach Wikholm (Oct 01)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Henry, Bobby (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- CVE Request: linux kernel net_get_random_once bug Andrew Tappert (Oct 01)
- Re: CVE Request: linux kernel net_get_random_once bug Hannes Frederic Sowa (Oct 01)
- Re: CVE Request: linux kernel net_get_random_once bug cve-assign (Oct 01)
- Any patch fixe CVE-2014-7186 and CVE-2014-7187 on Bash 3.2 Hua Q (Oct 01)
- More parser odities Kobrin, Eric (Oct 01)
- Re: More parser odities Kobrin, Eric (Oct 01)
- Re: More parser odities Solar Designer (Oct 01)
- Re: More parser odities Tavis Ormandy (Oct 01)
- Re: More parser odities Solar Designer (Oct 01)
- Re: More parser odities Michal Zalewski (Oct 01)
- Re: More parser odities Solar Designer (Oct 01)
- Re: More parser odities Solar Designer (Oct 01)
- Re: More parser odities Hanno Böck (Oct 01)
- Re: More parser odities Chet Ramey (Oct 01)
- Re: More parser odities Solar Designer (Oct 01)
- Re: More parser odities Kobrin, Eric (Oct 01)
- xfs directory hash ordering bug Hannes Frederic Sowa (Oct 01)
- Re: xfs directory hash ordering bug / Linux kernel cve-assign (Oct 01)
- Security advisory in Jenkins Kohsuke Kawaguchi (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 03)
- Re: Security advisory in Jenkins Luca Carettoni (Oct 03)
- Re: Security advisory in Jenkins Bryan Drewery (Oct 07)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 07)
- Re: Security advisory in Jenkins Solar Designer (Oct 01)
- Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 06)
- Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
- Re: Re: Security advisory in Jenkins Kurt Seifried (Oct 06)
- Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
- CVE-2014-7224 - Android accessibility and accessibilityTraversal vulnerability cve-assign (Oct 01)
- CVE request: Remote code execution via XSL extensions in SpagoBI David Jorm (Oct 01)
- Re: CVE request: Remote code execution via XSL extensions in SpagoBI Kurt Seifried (Oct 01)
- Re: CVE request: Remote code execution via XSL extensions in SpagoBI cve-assign (Oct 02)
- CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS Hanno Böck (Oct 02)
- Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS cve-assign (Oct 02)
- [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608) Tristan Cacqueray (Oct 02)
- Re: gnome-shell lockscreen bypass with printscreen key cve-assign (Oct 02)
- Re: Re: gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor (Oct 02)
- Re: Re: gnome-shell lockscreen bypass with printscreen key Alan Coopersmith (Oct 02)
- <Possible follow-ups>
- Re: gnome-shell lockscreen bypass with printscreen key cve-assign (Oct 03)
- Re: Re: gnome-shell lockscreen bypass with printscreen key Kurt Seifried (Oct 04)
- Re: Re: gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor (Oct 02)
- tm_adopt() vulnerability in TORQUE Resource Manager Chad Vizino (Oct 02)
- Re: tm_adopt() vulnerability in TORQUE Resource Manager Solar Designer (Oct 02)
- [OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641) Tristan Cacqueray (Oct 02)
- sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) Solar Designer (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 05)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 06)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) Solar Designer (Oct 03)
- Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
- Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 04)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Hanno Böck (Oct 04)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Steve Jones (Oct 04)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Lance Davis (Oct 04)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler (Oct 05)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 06)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 03)
- Re: Shellshock timeline Stephane Chazelas (Oct 03)
- Re: Shellshock timeline Stephane Chazelas (Oct 03)
- Stéphane Chazelas: How *DID* you find Shellshock? David A. Wheeler (Oct 08)
- Re: Stéphane Chazelas: How *DID* you find Shellshock? stephane.chazelas (Oct 08)
- Re: Shellshock timeline Stephane Chazelas (Oct 03)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 03)
- Re: Shellshock timeline Eric Blake (Oct 03)
- <Possible follow-ups>
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 04)
- Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
- Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 04)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Michal Zalewski (Oct 05)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Hanno Böck (Oct 05)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 06)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Rob Fuller (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Kurt Seifried (Oct 05)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 06)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 06)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha (Oct 06)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 07)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha (Oct 07)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 07)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Chet Ramey (Oct 07)
- Re: Aftershock (was: Shellshocker - Repository of "Shellshock" Proof of Concept Code) mancha (Oct 08)
- Re: Aftershock Chet Ramey (Oct 09)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 07)
- RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
- <Possible follow-ups>
- Shellshocker - Repository of "Shellshock" Proof of Concept Code Peter G Spera (Oct 06)
- Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Michal Zalewski (Oct 05)
- Re: vulnerability in rsyslog Sven Kieske (Oct 05)
- Re: vulnerability in rsyslog Rainer Gerhards (Oct 05)
- Re: vulnerability in rsyslog Sven Kieske (Oct 06)
- Re: vulnerability in rsyslog Rainer Gerhards (Oct 06)
- Re: vulnerability in rsyslog Simon McVittie (Oct 06)
- Re: vulnerability in rsyslog Rainer Gerhards (Oct 06)
- Re: vulnerability in rsyslog John Haxby (Oct 06)
- Re: vulnerability in rsyslog Sven Kieske (Oct 06)
- Re: vulnerability in rsyslog Rainer Gerhards (Oct 05)
- CVE Request(s): Getmail 4 mancha (Oct 06)
- Re: CVE Request(s): Getmail 4 cve-assign (Oct 06)
- Re: CVE Request(s): Getmail 4 mancha (Oct 06)
- Re: CVE Request(s): Getmail 4 cve-assign (Oct 07)
- Re: CVE Request(s): Getmail 4 cve-assign (Oct 06)
- OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? David White (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Dave Horsfall (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
- <Possible follow-ups>
- Re: OpenSSL RSA 1024 bits implementation broken? Steve Kemp (Oct 06)
- Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
- Re: Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove Tristan Cacqueray (Oct 06)
- automated phishing email Mason Loring Bliss (Oct 06)
- Re: automated phishing email Hanno Böck (Oct 06)
- Re: automated phishing email Dave Horsfall (Oct 06)
- Re: automated phishing email Mason Loring Bliss (Oct 06)
- Who named shellshock? David A. Wheeler (Oct 06)
- Re: Who named shellshock? Jen Savage (Oct 06)
- Re: Who named shellshock? Michal Zalewski (Oct 06)
- Re: Who named shellshock? Larry W. Cashdollar (Oct 06)
- Re: Who named shellshock? Ed Prevost (Oct 06)
- Re: Who named shellshock? Larry W. Cashdollar (Oct 06)
- Re: Who named shellshock? Henry, Bobby (Oct 06)
- Re: Who named shellshock? Solar Designer (Oct 06)
- Re: Who named shellshock? Michal Zalewski (Oct 06)
- Re: Who named shellshock? Michal Zalewski (Oct 06)
- Re: Who named shellshock? Solar Designer (Oct 06)
- Re: Who named shellshock? Ed Prevost (Oct 06)
- Re: Who named shellshock? Florian Weimer (Oct 07)
- Re: Who named shellshock? Solar Designer (Oct 07)
- Re: Who named shellshock? Florian Weimer (Oct 07)
- Re: Who named shellshock? Larry W. Cashdollar (Oct 06)
- CVE-2014-1572 - [SECURITY] The 'realname' parameter is not correctly filtered on user account... smkr (Oct 06)
- Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Tim (Oct 07)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 07)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
- Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
- Re: Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tracy Reed (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tracy Reed (Oct 09)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 09)
- Message not available
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 10)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 11)
- Message not available
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 12)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 12)
- Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 14)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 09)
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
- liability (was: Re: Thoughts on Shellshock and beyond) Solar Designer (Oct 09)
- Re: liability dmc (Oct 09)
- Re: liability (was: Re: Thoughts on Shellshock and beyond) Źmicier Januszkiewicz (Oct 10)
- Re: Thoughts on Shellshock and beyond Tim (Oct 09)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
- Message not available
- Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond ArkanoiD (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond John Haxby (Oct 09)
- Re: Thoughts on Shellshock and beyond Kobrin, Eric (Oct 09)
- Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
- Re: Thoughts on Shellshock and beyond Tim (Oct 08)
- Re: Thoughts on Shellshock and beyond Robert Watson (Oct 14)
- Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 15)
- Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 15)
- Re: Separating code and data David A. Wheeler (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
- Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
- Re: CVE request for vulnerability in OpenStack Swift cve-assign (Oct 08)
- Re: CVE request for VDSM denial of service Sven Kieske (Oct 08)
- Re: CVE request for VDSM denial of service Kurt Seifried (Oct 08)
- Re: CVE request for VDSM denial of service / oVirt cve-assign (Oct 08)
- Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
- Re: openssh on linux rce in sftp-only mode Josh Bressers (Oct 08)
- Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
- Re: openssh on linux rce in sftp-only mode Josh Bressers (Oct 08)
- Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
- Re: openssh on linux rce in sftp-only mode Yves-Alexis Perez (Oct 09)
- Re: openssh on linux rce in sftp-only mode Vitor Ventura (Oct 09)
- Re: openssh on linux rce in sftp-only mode Josh Bressers (Oct 08)
- Re: CVE-2014-7970: Linux VFS denial of service Andy Lutomirski (Oct 17)
- Re: CVE-2014-7970: Linux VFS denial of service cve-assign (Oct 17)
- Re: CVE-2014-7975: 0-day umount denial of service rf (Oct 09)
- Re: CVE-2014-7975: 0-day umount denial of service Andy Lutomirski (Oct 09)
- Re: Authentication Bypass in ROR Ecommerce cve-assign (Oct 11)
- Re: Of Shellshock and logfiles Kurt Seifried (Oct 09)
- Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 cve-assign (Oct 09)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil (Oct 10)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
- Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
- Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kurt Seifried (Oct 10)
- Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG flapflap (Oct 10)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kristian Fiskerstrand (Oct 10)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG Werner Koch (Oct 10)
- Re: 0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil (Oct 10)
- Re: What does this PHP exploit do? Jann Horn (Oct 10)
- Re: What does this PHP exploit do? Pierre Schweitzer (Oct 10)
- Re: What does this PHP exploit do? Pierre Schweitzer (Oct 10)
- Re: What does this PHP exploit do? Pierre Schweitzer (Oct 11)
- Re: What does this PHP exploit do? Pierre Schweitzer (Oct 10)
- Re: What does this PHP exploit do? Jon Hart (Oct 10)
- Re: What does this PHP exploit do? Dave Horsfall (Oct 15)
- Re: perl-Razor-Agent logs to /razor-agent.log by default cve-assign (Oct 12)
- Re: Re: perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried (Oct 12)
- Re: [CVE Requests] rsync and librsync collisions cve-assign (Oct 12)
- Re: CVE request: various security flaws in dokuwiki cve-assign (Oct 16)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 13)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 20)
- Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 21)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Alex Gaynor (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
- list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
- Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
- Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
- Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
- Re: SSL POODLE Florian Weimer (Oct 15)
- Re: SSL POODLE Hanno Böck (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS) (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 15)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: ishish (Oct 16)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 16)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Daniel Kahn Gillmor (Oct 17)
- neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) mancha (Oct 17)
- Re: neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) Nikos Mavrogiannopoulos (Oct 18)
- Re: Re: neuter the poodle mancha (Oct 18)
- Re: Re: neuter the poodle Nikos Mavrogiannopoulos (Oct 18)
- Re: Truly scary SSL 3.0 vuln to be revealed soon: Mark Felder (Oct 17)
- RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
- Re: Multiple disputed issues in util-vserver Carlos Alberto Lopez Perez (Oct 20)
- AW: Multiple disputed issues in util-vserver Fiedler Roman (Oct 21)
- <Possible follow-ups>
- Re: Multiple disputed issues in util-vserver Fiedler Roman (Dec 15)
- Re: CVE assignment for POODLE Jan Rusnacko (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)
- Re: Abusing TZ for fun (and little profit) Dag-Erling Smørgrav (Oct 16)
- Re: Abusing TZ for fun (and little profit) Dan McDonald (Oct 15)
- Re: Abusing TZ for fun (and little profit) Jakub Wilk (Dec 14)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Lukas Reschke (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Michal Zalewski (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 16)
- Re: attacking hsts through ntp Adam Langley (Oct 16)
- Re: attacking hsts through ntp Michael Samuel (Oct 16)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: attacking hsts through ntp Hanno Böck (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
- Re: attacking hsts through ntp Stephen Röttger (Oct 17)
- Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
- Re: attacking hsts through ntp Stephen Röttger (Oct 20)
- RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
- Re: attacking hsts through ntp Tim (Oct 17)
- Re: attacking hsts through ntp Phil Pennock (Oct 17)
- Re: attacking hsts through ntp Tim (Oct 17)
- Re: attacking hsts through ntp Hanno Böck (Oct 18)
- Re: attacking hsts through ntp Kurt Seifried (Oct 16)
- Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 20)
- Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 20)
- Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 21)
- Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 20)
- Re: CVE request: TYPO3-EXT-SA-2014-013 cve-assign (Oct 17)
- Re: Connected UDP sockets and kernel queuing (CVE-2014-6512) Vitor Ventura (Oct 17)
- Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 cve-assign (Oct 18)
- Re: Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Marcus Krause (Oct 18)
- Re: CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 20)
- Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
- Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
- Re: CVE request: Cyanogenmod MITM Mike O'Connor (Oct 19)
- Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 29)
- Re: CVE Request: systemd-shim DoS issue cve-assign (Oct 22)
- Re: CVE Request: smarty: secure mode bypass cve-assign (Oct 22)
- <Possible follow-ups>
- Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 cve-assign (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 23)
- Re: strings / libbfd crasher Dave Rutherford (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher cve-assign (Oct 26)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: strings / libbfd crasher cve-assign (Oct 30)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
- Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
- Re: Re: strings / libbfd crasher Jann Horn (Nov 02)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 11)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 15)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 03)
- Re: Re: strings / libbfd crasher mancha (Nov 03)
- Re: strings / libbfd crasher cve-assign (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher mancha (Nov 05)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: strings / libbfd crasher cve-assign (Nov 12)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 26)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 26)
- Re: Re: strings / libbfd crasher Michal Zalewski (Oct 27)
- Re: Re: strings / libbfd crasher Jakub Wilk (Oct 27)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 28)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: CVE Request: Linux 3.17 guest-triggerable KVM OOPS cve-assign (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 25)
- Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
- Re: Vulnerability fixed in Quassel? cve-assign (Oct 26)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: cve request: libbfd? Alexander Cherepanov (Nov 21)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: ftp(1) can be made execute arbitrary commands by malicious webserver Stuart Henderson (Oct 28)
- Re: ftp(1) can be made execute arbitrary commands by malicious webserver cve-assign (Oct 28)
- Re: Request cve for imagemagick security problem (DOS) Hanno Böck (Oct 29)
- Re: Request cve for imagemagick security problem cve-assign (Oct 30)
- Re: CVE request for GitLab groups API cve-assign (Oct 30)
- Re: Some weird Apache redirection exploit? Tim (Oct 30)
- Re: Some weird Apache redirection exploit? Dave Horsfall (Nov 01)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554] Damien Regad (Nov 01)
- Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
- RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
- Re: unzip -t crasher Dave Horsfall (Nov 02)
- Re: unzip -t crasher Murray McAllister (Nov 02)
- Re: unzip -t crasher mancha (Nov 02)
- Re: unzip -t crasher mancha (Nov 03)
- Re: unzip -t crasher mancha (Nov 03)
- Re: unzip -t crasher mancha (Nov 03)
- Re: unzip -l crasher Martin Carpenter (Nov 03)
- Re: unzip -l crasher Felix Eckhofer (Nov 03)
- Re: unzip -l crasher Hanno Böck (Nov 03)
- Re: unzip -l crasher Dave Horsfall (Nov 03)
- Re: unzip -l crasher Martin Carpenter (Nov 03)
- Re: unzip -l crasher Dave Horsfall (Nov 03)
- Re: more unzip issues Alexander Cherepanov (Nov 03)
- Re: RE: strings /libbfd crash Hanno Böck (Nov 03)
- Re: RE: strings /libbfd crash mancha (Nov 03)
- Re: CVE Request: polarssl cve-assign (Nov 06)
- Re: Privilege Escalation via KDE Clock KCM polkit helper cve-assign (Nov 06)
- Re: CVE Request: binutils -- directory traversal cve-assign (Nov 12)
- Re: CVE Request for requests-kerberos Kurt Seifried (Nov 04)
- Re: CVE Request for requests-kerberos Ian Cordasco (Nov 04)
- Re: CVE Request for requests-kerberos cve-assign (Nov 06)
- Re: is MD5 finally dead? Michael Samuel (Nov 04)
- Re: is MD5 finally dead? Alex Gaynor (Nov 04)
- Re: is MD5 finally dead? Michael Samuel (Nov 04)
- Re: is MD5 finally dead? Alex Gaynor (Nov 04)
- Re: is MD5 finally dead? Solar Designer (Nov 04)
- Re: is MD5 finally dead? coderman (Nov 04)
- Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7) cve-assign (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 06)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 07)
- Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
- Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers (Nov 15)
- Re: CVE Request: Qt Creator fails to verify SSH host key Michael Samuel (Nov 06)
- Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
- Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
- Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
- Re: CVE Request: Qt Creator fails to verify SSH host key cve-assign (Nov 10)
- Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 10)
- Re: CVE Request: Linux kernel mac80211 plain text leak cve-assign (Nov 09)
- Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
- Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
- Re: Stack smashing in libjpeg-turbo Bastien ROUCARIES (Nov 22)
- Re: Stack smashing in libjpeg-turbo cve-assign (Nov 25)
- Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Nicholas Clifton (Nov 11)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Michal Zalewski (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 16)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki (Nov 16)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck (Nov 07)
- Re: Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
- Re: Asking for CVE for imagemagick cve-assign (Nov 11)
- Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: random number generators - rand(), random(), etc jb (Nov 07)
- Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
- Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Hanno Böck (Nov 14)
- Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Damien Regad (Nov 14)
- Re: CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan (Nov 12)
- Re: CVE Request - dns-sync node module Steve Kemp (Dec 05)
- Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 12)
- Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 12)
- Re: CVE-request: systemd-resolved DNS cache poisoning cve-assign (Nov 12)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Daniel Kahn Gillmor (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Jeremy Stanley (Nov 13)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 14)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Greg KH (Nov 14)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 17)
- Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 13)
- RE: [security-vendor] [oss-security] Additional authority files Radzykewycz, T (Radzy) (Nov 12)
- Re: Linux kernel: SCTP issues Sven Kieske (Nov 15)
- Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor cve-assign (Nov 14)
- Re: old CVE assignments for JQuery 1.10.0 cve-assign (Nov 14)
- RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards (Nov 15)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 19)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 22)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
- Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
- Re: CVE Request: information disclosure in MantisBT attachments Damien Regad (Nov 19)
- Re: CVE Request: information disclosure in MantisBT attachments cve-assign (Nov 19)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 18)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Daniel Kahn Gillmor (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 17)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 18)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Źmicier Januszkiewicz (Nov 18)
- RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Radzykewycz, T (Radzy) (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Kurt Seifried (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 18)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Gynvael Coldwind (Nov 19)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers (Nov 19)
- Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Sven Kieske (Nov 20)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 16)
- Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 20)
- Re: Location of OS security audit reports Joshua Rogers (Nov 16)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 19)
- Re: Location of OS security audit reports Nguyen Cong (Nov 17)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 19)
- Re: Re: Location of OS security audit reports Tracy Reed (Nov 19)
- Re: Re: Location of OS security audit reports Nguyen Cong (Nov 19)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
- Re: Re: Location of OS security audit reports Niklas Kielblock (Nov 20)
- Re: Re: Location of OS security audit reports Mark Kipyegon (Nov 20)
- Re: Re: Location of OS security audit reports Solar Designer (Nov 20)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 19)
- Re: Location of OS security audit reports Tracy Reed (Nov 19)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
- Re: Location of OS security audit reports Sven Kieske (Nov 20)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
- Re: Location of OS security audit reports Alexander Cherepanov (Nov 20)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
- Re: Re: Location of OS security audit reports Joshua Rogers (Nov 20)
- Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
- Re: Linux user namespaces can bypass group-based restrictions Andy Lutomirski (Nov 19)
- Re: Re: Linux user namespaces can bypass group-based restrictions Vitor Ventura (Nov 20)
- Re: Re: Linux user namespaces can bypass group-based restrictions Simon McVittie (Nov 20)
- Re: Re: Linux user namespaces can bypass group-based restrictions Vitor Ventura (Nov 20)
- Re: Linux user namespaces can bypass group-based restrictions - Linux kernel cve-assign (Nov 19)
- Re: Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft (Nov 19)
- Re: Requesting a CVE for pip - Local DoS with predictable temp directory names cve-assign (Nov 19)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)
- Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry Cashdollar (Nov 18)
- Re: CVE request: lsyncd command injection cve-assign (Nov 19)
- Re: Re: CVE request: lsyncd command injection Michael Samuel (Nov 21)
- Re: Re: CVE request: lsyncd command injection Ángel González (Nov 25)
- Re: Re: CVE request: lsyncd command injection Sven Schwedas (Nov 26)
- Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released! Kurt Seifried (Nov 18)
- Re: CVE Request: LibreOffice -- several issues timo . warns (Nov 19)
- Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: CVE Request: LibreOffice -- several issues cve-assign (Nov 25)
- Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: [Officesecurity] [oss-security] Re: CVE Request: LibreOffice -- several issues Caolán McNamara (Nov 26)
- CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues Rene Engelhard (Nov 27)
- Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
- Re: CVE request for check_diskio nagios/icinga plugin cve-assign (Nov 19)
- Re: CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer (Dec 01)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 25)
- Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
- Re: Pending CVE assignments for SA-CORE-2014-006? Gunnar Wolf (Nov 20)
- Re: Pending CVE assignments for SA-CORE-2014-006? cve-assign (Nov 20)
- Re: [security] Pending CVE assignments for SA-CORE-2014-006? Peter Wolanin (Nov 20)
- Re: [security] Pending CVE assignments for SA-CORE-2014-006? cve-assign (Nov 20)
- Re: [security] Pending CVE assignments for SA-CORE-2014-006? Peter Wolanin (Nov 20)
- Re: Fuzzing project brainstorming Kurt Seifried (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Sven Kieske (Nov 20)
- Re: Fuzzing project brainstorming Amos Jeffries (Nov 20)
- Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
- Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
- Re: Fuzzing project brainstorming Alexander Cherepanov (Nov 20)
- Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming M.T. Roebuck (Nov 20)
- Re: Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Re: Fuzzing project brainstorming Daniel Kahn Gillmor (Nov 20)
- Re: Fuzzing project brainstorming M.T. Roebuck (Nov 21)
- Re: Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
- Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
- Re: CVE request: heap buffer overflow in PCRE Murray McAllister (Nov 20)
- Re: CVE request: heap buffer overflow in PCRE cve-assign (Nov 20)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified mancha (Nov 20)
- RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John (Nov 20)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Vasyl Kaigorodov (Nov 21)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Marcus Meissner (Nov 21)
- RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John (Nov 20)
- Re: WordPress 4.0.1 Security Release Kurt Seifried (Nov 20)
- Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 20)
- Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 25)
- Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 25)
- Re: WordPress 4.0.1 Security Release cve-assign (Nov 25)
- Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 20)
- Re: CVE request: heap buffer overflow in ClamAV cve-assign (Nov 21)
- Re: Off-by-one question Simon McVittie (Nov 22)
- Re: Off-by-one question Stuart Gathman (Nov 22)
- Re: Off-by-one question Joshua Rogers (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Tim Brown (Nov 22)
- Re: Running Java across a privilege boundry Solar Designer (Nov 23)
- Re: Running Java across a privilege boundry Solar Designer (Nov 25)
- Re: Running Java across a privilege boundry Solar Designer (Dec 08)
- Re: Running Java across a privilege boundry Tim Brown (Dec 18)
- Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Hanno Böck (Nov 23)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Bernhard Hermann (Nov 23)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Dec 11)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Nov 23)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Lionel Debroux (Nov 23)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Michael Samuel (Nov 23)
- CVE request: cpio heap-based buffer overflow [was Re: [oss-security] so, can we do something about lesspipe? (+ a cpio bug to back up the argument)] Murray McAllister (Nov 24)
- Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Dec 11)
- Re: The Fuzzing Project Joshua Rogers (Nov 23)
- Re: The Fuzzing Project Sven Kieske (Nov 23)
- Re: The Fuzzing Project Joshua Rogers (Nov 28)
- Re: CVE Request: Linux kernel LDT handling bugs cve-assign (Nov 25)
- Re: CVE request: firefox: integer overflow Daniel Veditz (Nov 26)
- AW: parse_datetime() bug in coreutils Fiedler Roman (Nov 25)
- Re: parse_datetime() bug in coreutils Moritz Mühlenhoff (Dec 28)
- Re: CVE Request: Graphviz format string vuln Joshua Rogers (Nov 30)
- Re: Re: CVE Request: Graphviz format string vuln Steven M. Christey (Dec 01)
- Re: Re: CVE Request: Graphviz format string vuln Joshua Rogers (Dec 09)
- Re: Re: CVE Request: Graphviz format string vuln Steven M. Christey (Dec 01)
- Re: CVE Request: Graphviz format string vuln Vit Ry (Dec 01)
- Re: CVE request: missing checks for small-sized files in hivex Martin Prpic (Dec 01)
- Re: CVE request: missing checks for small-sized files in hivex cve-assign (Dec 04)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 25)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 25)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)
- Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 26)
- Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)
- Re: CVE Request: MantisBT SQL injection in view_all_set.php cve-assign (Nov 25)
- Re: OpenBSD patch issue also affects GNU patch Alan Coopersmith (Nov 25)
- Re: OpenBSD patch issue also affects GNU patch Tobias Stoeckmann (Nov 26)
- Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Eric Blake (Nov 26)
- AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
- Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Daniel Kahn Gillmor (Nov 26)
- Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Matthew Daley (Nov 26)
- AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
- Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Andy Lutomirski (Dec 01)
- AW: Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Dec 15)
- AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
- Re: blkid command injection cve-assign (Nov 26)
- Re: blkid command injection Murray McAllister (Nov 27)
- Re: blkid command injection Sebastian Krahmer (Dec 02)
- Re: blkid command injection Sebastian Krahmer (Dec 15)
- Re: blkid command injection Sebastian Krahmer (Dec 02)
- Re: CVE Request: CAPTCHA bypass in MantisBT cve-assign (Nov 26)
- Re: Apple goto fail - lessons that should be learned Hanno Böck (Nov 26)
- Re: Apple goto fail - lessons that should be learned David A. Wheeler (Nov 26)
- Re: CVE request: Canto Feed URL Parsing Command Line Injection cve-assign (Nov 26)
- Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Murray McAllister (Nov 26)
- Bug#771125: Info received ([oss-security] CVE request: mutt: heap-based buffer overflow in mutt_substrdup()) Debian Bug Tracking System (Nov 27)
- Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() cve-assign (Nov 26)
- Re: Bug#771125: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Antonio Radici (Nov 27)
- Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Henri Salo (Nov 27)
- Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil (Nov 27)
- <Possible follow-ups>
- CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil (Nov 27)
- Re: libyaml / YAML-LibYAML DoS John Haxby (Nov 28)
- Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
- Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
- Re: libyaml / YAML-LibYAML DoS Ian Cordasco (Nov 28)
- Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
- Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
- Re: libyaml / YAML-LibYAML DoS cve-assign (Nov 28)
- Re: Re: libyaml / YAML-LibYAML DoS Dāvis Mosāns (Nov 28)
- Re: Re: libyaml / YAML-LibYAML DoS Jonathan Gray (Nov 28)
- Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign (Nov 28)
- Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener (Nov 28)
- Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign (Nov 28)
- Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener (Nov 28)
- Re: CVE request: PHP Object Injection in MantisBT filter API cve-assign (Dec 05)
- Re: CVE request: OpenVAS Manager SQL injection (OVSA20141128) cve-assign (Dec 02)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Paul Richards (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 05)
- Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
- Re: Buffer overflow in antiword 0.37 Murray McAllister (Dec 01)
- Re: Buffer overflow in antiword 0.37 Fabian Keil (Dec 04)
- Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) cve-assign (Dec 04)
- RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Nicolas Gaudin (Dec 03)
- Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Max Mühlbronner (Dec 03)
- Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Matt U (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 05)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 08)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Alexander Cherepanov (Dec 11)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 21)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf cve-assign (Dec 04)
- Re: MediaWiki security release - 1.23.7 cve-assign (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Tero Marttila (Dec 03)
- Re: CVE request: procmail heap overflow in getlline() Santiago Vila (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Kurt Seifried (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
- Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
- RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards (Dec 05)
- RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Kees Cook (Dec 04)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Shawn (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florian Weimer (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Paul Pluzhnikov (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Kahn Gillmor (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Message not available
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Florian Weimer (Dec 05)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
- Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 11)
- Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 Dawa Ometto (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? lazytyped (Dec 06)
- Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 06)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 06)
- Re: How GNU/Linux distros deal with offset2lib attack? Loganaden Velvindron (Dec 06)
- Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Shawn (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Shawn (Dec 08)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Daniel Micay (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
- Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? Amos Jeffries (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause (Dec 19)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 19)
- Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 18)
- Re: How GNU/Linux distros deal with offset2lib attack? Loganaden Velvindron (Dec 06)
- Re: MantisBT 1.2.18 Released Vasyl Kaigorodov (Dec 08)
- Re: MantisBT 1.2.18 Released Remi Gacogne (Dec 08)
- Re: MantisBT 1.2.18 Released Damien Regad (Dec 14)
- Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
- Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
- Re: Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr Vincent Lefevre (Dec 09)
- Re: CVE request: mpfr: buffer overflow in mpfr_strtofr Moritz Muehlenhoff (Dec 29)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 09)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
- Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 12)
- Re: CVE Request Solar Designer (Dec 08)
- Re: CVE Request David Cramer (Dec 08)
- Re: CVE question: Return of POODLE Steven M. Christey (Dec 09)
- Re: CVE Request for illumos distributions Dan McDonald (Dec 11)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Martino Dell'Ambrogio (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Mathias Krause (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 10)
- Re: PIE bypass using VDSO ASLR weakness Hanno Böck (Dec 11)
- Re: PIE bypass using VDSO ASLR weakness Greg KH (Dec 11)
- Re: PIE bypass using VDSO ASLR weakness cve-assign (Dec 26)
- Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
- Re: Two rpm flaws Yves-Alexis Perez (Dec 09)
- Re: Two rpm flaws Florian Weimer (Dec 09)
- Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith (Dec 09)
- Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith (Dec 09)
- Re: CVE Request: MiniUPnPd: several issues Salvatore Bonaccorso (Dec 29)
- Re: CVE request: Reflected XSS in Nibbleblog <= v4.0.1 Henri Salo (Dec 28)
- Re: CVE request: Python, standard library HTTP clients David A. Wheeler (Dec 10)
- Re: CVE request: Python, standard library HTTP clients cve-assign (Dec 11)
- Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
- Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
- Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
- Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
- Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
- Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
- Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
- Re: CVE Request: ZNC NULL Pointer Dereference cve-assign (Dec 17)
- Re: CVE request: glibc cve-assign (Dec 17)
- Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b Martin Prpic (Dec 15)
- Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records cve-assign (Dec 25)
- Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba (Dec 25)
- Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P (Dec 25)
- Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba (Dec 26)
- Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P (Dec 25)
- Re: What is the "Grinch" polkit/wheel group issue? Elad Alfassa (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Todd C. Miller (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Nicolas Vigier (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Daniel Kahn Gillmor (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Kurt Seifried (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Grandma Eubanks (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Daniel Micay (Dec 17)
- Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce (Dec 17)
- Re: Embargoes for secondary issues Raphael Geissert (Dec 18)
- Re: CVE Request: Linux x86_64 userspace address leak cve-assign (Dec 24)
- Re: CVE Request: Linux x86_64 userspace address leak P J P (Dec 26)
- Re: CVE Request: Linux x86_64 userspace address leak Andy Lutomirski (Dec 28)
- Re: request for CVEs for git clients Kurt Seifried (Dec 18)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Julien Cristau (Dec 20)
- Re: request for CVEs for git clients Russ Allbery (Dec 18)
- Re: request for CVEs for git clients Alex Gaynor (Dec 18)
- Re: request for CVEs for git clients Reed Loden (Dec 19)
- RE: request for CVEs for git clients Christey, Steven M. (Dec 19)
- Re: can we talk about secure time? Stuart Henderson (Dec 20)
- Re: can we talk about secure time? Daniel Kahn Gillmor (Dec 20)
- Re: can we talk about secure time? ncl () cock li (Dec 20)
- Re: can we talk about secure time? Daniel Micay (Dec 20)
- Re: can we talk about secure time? Florian Weimer (Dec 21)
- Re: can we talk about secure time? Daniel Micay (Dec 21)
- Re: can we talk about secure time? Dave Horsfall (Dec 21)
- leap seconds and security [was: Re: can we talk about secure time?] Daniel Kahn Gillmor (Dec 21)
- Re: can we talk about secure time? Florian Weimer (Dec 21)
- Re: can we talk about secure time? Hanno Böck (Dec 21)
- Re: can we talk about secure time? Kurt Seifried (Dec 21)
- Re: can we talk about secure time? Hanno Böck (Dec 21)
- Re: can we talk about secure time? Walter Parker (Dec 21)
- Re: can we talk about secure time? John Haxby (Dec 22)
- Re: can we talk about secure time? Dave Horsfall (Dec 22)
- Re: can we talk about secure time? Richard Johnson (Dec 25)
- Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 Salvatore Bonaccorso (Dec 29)
- Re: Imagemagick fuzzing bug Hanno Böck (Dec 24)
- Re: Imagemagick fuzzing bug Gynvael Coldwind (Dec 24)
- Re: Imagemagick fuzzing bug Alexander Cherepanov (Dec 24)
- Re: Imagemagick fuzzing bug Gynvael Coldwind (Dec 25)
- Re: Imagemagick fuzzing bug Gynvael Coldwind (Dec 24)
- Re: CVE Request: libsndfile buffer overread Joshua Rogers (Dec 31)
- Re: libbfd / bfd Alexander Cherepanov (Dec 27)
- Re: OpenBSD signify and "fingerprint" Ted Unangst (Dec 29)
- Re: OpenBSD signify and "fingerprint" mancha (Dec 30)
- Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
- Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
- Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
- Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
- Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Dec 31)
- Re: CVE Request(s): libgcrypt Florian Weimer (Dec 29)
- Re: CVE Request(s): libgcrypt Joshua Rogers (Dec 29)
- Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign (Dec 31)
- Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel cve-assign (Dec 31)