oss-sec: by thread
701 messages
starting Jan 01 17 and
ending Mar 31 17
Date index |
Thread index |
Author index
- Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions Salvatore Bonaccorso (Jan 01)
- libtiff: multilple crashes Agostino Sarubbo (Jan 01)
- libtiff: multiple divide-by-zero Agostino Sarubbo (Jan 01)
- Re: libtiff: multiple divide-by-zero Leo Famulari (Jan 02)
- Re: libtiff: multiple divide-by-zero Henri Salo (Jan 02)
- Re: libtiff: multiple divide-by-zero Agostino Sarubbo (Mar 25)
- Re: libtiff: multiple divide-by-zero Leo Famulari (Jan 02)
- libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
- Re: libtiff: multiple heap-based buffer overflow cve-assign (Jan 01)
- Re: Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
- Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Mar 25)
- Re: libtiff: multiple heap-based buffer overflow cve-assign (Jan 01)
- libtiff: invalid memory READ in t2p_writeproc (tiff2pdf.c) Agostino Sarubbo (Jan 01)
- libtiff: memcpy-param-overlap in t2p_tile_collapse_left (tiff2pdf.c) Agostino Sarubbo (Jan 01)
- libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) Agostino Sarubbo (Jan 01)
- Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c) cve-assign (Jan 01)
- libtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c) Agostino Sarubbo (Jan 01)
- libtiff: NULL pointer dereference in TIFFReadRawData (tiffinfo.c) Agostino Sarubbo (Jan 01)
- Multiple issues in OpenH264 1.5.1 Brandon Perry (Jan 01)
- Re: Multiple issues in OpenH264 1.5.1 Brandon Perry (Jan 01)
- freeIPA CVEs CVE-2016-9575 (insufficient permission check) & CVE-2016-7030 (DoS) Cedric Buissart (Jan 02)
- Re: Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Sebastian Krahmer (Jan 03)
- CVE Request: pcsc-lite use-after-free and double-free Peter Wu (Jan 03)
- Re: CVE Request: pcsc-lite use-after-free and double-free cve-assign (Jan 03)
- Firejail local root exploit Sebastian Krahmer (Jan 04)
- Re: Firejail local root exploit cve-assign (Jan 04)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit sivmu (Jan 06)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Simon McVittie (Jan 08)
- Re: Re: Firejail local root exploit Brad Spengler (Jan 08)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 08)
- Re: Re: Firejail local root exploit Lizzie Dixon (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 07)
- Re: Firejail local root exploit cve-assign (Jan 07)
- Re: Re: Firejail local root exploit Marcus Meissner (Jan 06)
- Re: Firejail local root exploit cve-assign (Jan 06)
- Re: Re: Firejail local root exploit Martin Carpenter (Jan 05)
- Re: Firejail local root exploit KellerFuchs (Jan 05)
- Re: Firejail local root exploit Ion Ionescu (Jan 29)
- Re: Re: Firejail local root exploit Thomas Deutschmann (Jan 31)
- <Possible follow-ups>
- Re: Re: Firejail local root exploit Thomas Deutschmann (Feb 09)
- Re: Firejail local root exploit cve-assign (Jan 04)
- CVE Request: Irssi Multiple Vulnerabilities (2017/01) Ailin Nemui (Jan 05)
- Re: CVE Request: Irssi Multiple Vulnerabilities (2017/01) cve-assign (Jan 06)
- [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure Mark Thomas (Jan 05)
- CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)
- Re: CVE Request: Plone Multiple Vulnerabilities Nathan Van Gheem (Jan 07)
- CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 08)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 08)
- Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 09)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 10)
- Re: Re: CVE Request: icoutils: exploitable crash in wrestool programm Salvatore Bonaccorso (Jan 09)
- Re: CVE Request: icoutils: exploitable crash in wrestool programm cve-assign (Jan 08)
- Re: [Security] Qt QXmlSimpleReader Thiago Macieira (Jan 09)
- Re: [Security] Qt QXmlSimpleReader Solar Designer (Jan 14)
- Re: [Security] Qt QXmlSimpleReader Thiago Macieira (Jan 14)
- Re: [Security] Qt QXmlSimpleReader Solar Designer (Jan 14)
- ark vulnerability: need CVE Albert Astals Cid (Jan 09)
- Re: ark vulnerability: need CVE cve-assign (Jan 09)
- [SECURITY] CVE-2016-3086: Apache Hadoop YARN NodeManager vulnerability Akira Ajisaka (Jan 09)
- CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Andreas Stieger (Jan 10)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign (Jan 10)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 Carlos Martín Nieto (Jan 11)
- Re: CVE Request: two security fixes in libgit2 0.25.1, 0.24.6 cve-assign (Jan 10)
- CVE request: python-pysaml2 XML external entity attack Sébastien Delafond (Jan 10)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 10)
- Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 10)
- Re: Re: CVE request: python-pysaml2 XML external entity attack Doran Moppert (Jan 18)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 19)
- Re: CVE request: python-pysaml2 XML external entity attack cve-assign (Jan 10)
- CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8 Andreas Stieger (Jan 10)
- CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Cesar Pereida Garcia (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Huzaifa Sidhpurwala (Jan 11)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Casper Thomsen (Jan 12)
- Re: CVE-2016-7056 ECDSA P-256 timing attack key recovery (OpenSSL, LibreSSL, BoringSSL) Dan McDonald (Jan 10)
- Docker 1.12.6 - Security Advisory Nathan McCauley (Jan 10)
- Re: Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
- Re: Docker 1.12.6 - Security Advisory Andreas Stieger (Jan 11)
- Re: Docker 1.12.6 - Security Advisory Trevor Jay (Jan 11)
- Re: Docker 1.12.6 - Security Advisory Kurt Seifried (Jan 10)
- [CVE-2016-3403] [Zimbra] Multiple CSRF in Administration interface - all versions Sysdream Labs (Jan 11)
- Introducing sodium_compat, a PHP polyfill for libsodium Scott Arciszewski (Jan 11)
- Four BIND vulnerabilities have been disclosed today (11 January) that are fixed in new security releases ISC Security Officer (Jan 11)
- ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters Simon McVittie (Jan 11)
- CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" Salvatore Bonaccorso (Jan 11)
- Re: CVE Request: Zabbix: SQL injection vulnerabilities in "Latest data" cve-assign (Jan 12)
- invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Hanno Böck (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 cve-assign (Jan 12)
- Re: invalid free in GNU ed before 1.14.1 Florian Weimer (Jan 12)
- CVE Request: Irssi out of bounds read in format string Ailin Nemui (Jan 12)
- Re: CVE Request: Irssi out of bounds read in format string cve-assign (Jan 12)
- CVE Request: MUJS null pointer dereference and Heap buffer overflow write Dileep Kumar (Jan 12)
- Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write cve-assign (Jan 12)
- Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Dawid Golunski (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Daniel Kahn Gillmor (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Thomas Deutschmann (Jan 13)
- Re: Nginx (Debian-based + Gentoo distros) - Root Privilege Escalation [CVE-2016-1247 UPDATE] Carlos Alberto Lopez Perez (Jan 13)
- linux-distros subscription Michal Hrusecky (Jan 13)
- Re: linux-distros subscription Solar Designer (Jan 14)
- Re: linux-distros subscription Kurt Seifried (Jan 15)
- Re: linux-distros subscription Solar Designer (Jan 15)
- Re: linux-distros subscription Michal Hrusecky (Jan 18)
- Re: linux-distros subscription Kurt Seifried (Jan 15)
- Re: linux-distros subscription Solar Designer (Jan 14)
- CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio P J P (Jan 13)
- Re: Re: Fuzzing jasper Tomas Hoger (Jan 13)
- CVE-2017-0357: iucode-tool (v1.4 to v2.1): heap buffer overflow on -tr loader Henrique de Moraes Holschuh (Jan 13)
- CVE Request: Wordpress: 8 security issues in 4.7 Craig Small (Jan 13)
- Re: CVE Request: Wordpress: 8 security issues in 4.7 cve-assign (Jan 14)
- Duplicates of CVE-2015-8789 CVE-2015-8790 for libebml from TALOS reports? Salvatore Bonaccorso (Jan 13)
- [CVE-2016-6814] Apache Groovy Information Disclosure Paul King (Jan 14)
- PowerDNS Security Advisories 2016-02, 2016-03, 2016-04 and 2016-05 Remi Gacogne (Jan 15)
- CVE-2016-7904: CMS Made Simple <= 2.1.5 CSRF Hongkun Zeng (Jan 15)
- jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 16)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 16)
- Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 17)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 17)
- Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 17)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 16)
- jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) cve-assign (Jan 16)
- Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
- Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Moritz Muehlenhoff (Jan 17)
- Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
- Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
- Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) cve-assign (Jan 16)
- jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign (Jan 16)
- Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 17)
- Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign (Jan 16)
- jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign (Jan 16)
- Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 17)
- Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign (Jan 16)
- CVE Request: Imagemagick: various flaws: memory corruption, out-of-bounds writes, memory leaks, double-frees, off-by-one errors Salvatore Bonaccorso (Jan 16)
- CVE-2016-9602 Qemu: 9p: virtfs allows guest to access host filesystem P J P (Jan 17)
- CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm Vladis Dronov (Jan 17)
- CVE Request: Plone Sandbox escape vulnerability Nathan Van Gheem (Jan 17)
- Re: CVE Request: Plone Sandbox escape vulnerability cve-assign (Jan 18)
- CVE Request: php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter Salvatore Bonaccorso (Jan 17)
- WebKitGTK+ Security Advisory WSA-2017-0001 Carlos Alberto Lopez Perez (Jan 17)
- CVE request Qemu: audio: memory leakage in ac97 device P J P (Jan 17)
- Re: CVE request Qemu: audio: memory leakage in ac97 device cve-assign (Jan 18)
- CVE request Qemu: audio: memory leakage in es1370 device P J P (Jan 17)
- Re: CVE request Qemu: audio: memory leakage in es1370 device cve-assign (Jan 18)
- CVE-2017-2591 389 Directory Server: DoS via OOB heap read in "attribute uniqueness" plugin Cedric Buissart (Jan 18)
- CVE request Kernel: kvm: use-after-free issue while creating devices P J P (Jan 18)
- Re: CVE request Kernel: kvm: use-after-free issue while creating devices cve-assign (Jan 19)
- CVE request Weblate: information disclosure in password reset form Jelle van der Waa (Jan 18)
- Re: CVE request Weblate: information disclosure in password reset form cve-assign (Jan 19)
- CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest P J P (Jan 19)
- CVE Request - Samsung Exynos GPU driver OOB read Idler (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 19)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 20)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 20)
- RE: CVE Request - Samsung Exynos GPU driver OOB read idl3r (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read cve-assign (Jan 19)
- Re: CVE Request - Samsung Exynos GPU driver OOB read Greg KH (Jan 19)
- CVE Request: two flaws in hesiod permitting privilege elevation Doran Moppert (Jan 19)
- Re: CVE Request: two flaws in hesiod permitting privilege elevation cve-assign (Jan 20)
- CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula (Jan 19)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Harshula (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Brad Spengler (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel cve-assign (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash cve-assign (Jan 20)
- Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel Greg KH (Jan 20)
- CVE request: cgiemail multiple vulnerabilities Sébastien Delafond (Jan 20)
- Re: CVE request: cgiemail multiple vulnerabilities cve-assign (Jan 28)
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 20)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 20)
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 20)
- CVE request Qemu: watchdog: memory leakage in virtual hardware watchdog wdt_i6300esb P J P (Jan 20)
- CVE request Qemu: display: virtio-gpu-3d: memory leakage in virgl_resource_attach_backing P J P (Jan 20)
- Please assign CVE to PageKit Remote Password Reset Vulnerability Sandeep Kamble (Jan 21)
- Re: Please assign CVE to PageKit Remote Password Reset Vulnerability cve-assign (Jan 25)
- CVE request: Linux kernel: vc4: int overflow leading to heap-based buffer overflow Murray McAllister (Jan 21)
- Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 21)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Alan Coopersmith (Jan 23)
- Re: [tigervnc-announce] TigerVNC 1.7.1 cve-assign (Jan 25)
- Re: [tigervnc-devel] Re: [tigervnc-announce] TigerVNC 1.7.1 Pierre Ossman (Jan 23)
- CVE Request: libXpm < 3.5.12 heap overflow Tobias Stoeckmann (Jan 22)
- Re: CVE Request: libXpm < 3.5.12 heap overflow cve-assign (Jan 25)
- CVE request: lcms2 heap OOB read parsing crafted ICC profile Doran Moppert (Jan 22)
- Re: CVE request: lcms2 heap OOB read parsing crafted ICC profile cve-assign (Jan 25)
- CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing P J P (Jan 23)
- wavpack: multiple out of bounds memory reads Hanno Böck (Jan 23)
- Re: wavpack: multiple out of bounds memory reads cve-assign (Jan 28)
- CVE request Virglrenderer: host memory leakage when creating decode context P J P (Jan 23)
- Re: CVE request Virglrenderer: host memory leakage when creating decode context cve-assign (Jan 25)
- Headsup: systemd v228 local root exploit (CVE-2016-10156) Sebastian Krahmer (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Daniel Micay (Jan 24)
- Re: Headsup: systemd v228 local root exploit (CVE-2016-10156) Alexander E. Patrakov (Jan 24)
- CVE request Virglrenderer: OOB access while parsing texture instruction P J P (Jan 24)
- Re: CVE request Virglrenderer: OOB access while parsing texture instruction cve-assign (Jan 25)
- Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Hanno Böck (Jan 24)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader (Jan 25)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Jeffrey Walton (Jan 25)
- Re: Windows ports of Linux software bundling outdated libraries (Gajim / PyCurl) Adrien Nader (Jan 25)
- CVE request: rubygem minitar: directory traversal vulnerability Max Veytsman (Jan 24)
- Re: CVE request: rubygem minitar: directory traversal vulnerability cve-assign (Jan 29)
- CVE request Qemu: serial: host memory leakage in 16550A UART emulation P J P (Jan 24)
- Re: CVE request Qemu: serial: host memory leakage in 16550A UART emulation cve-assign (Jan 25)
- CVE request: GNU screen escalation Moritz Muehlenhoff (Jan 24)
- Re: CVE request: GNU screen escalation Solar Designer (Jan 24)
- Re: CVE request: GNU screen escalation cve-assign (Jan 29)
- jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Jan 25)
- Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Salvatore Bonaccorso (Jan 25)
- Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Mar 06)
- Re: jasper: NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) Agostino Sarubbo (Mar 13)
- jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Agostino Sarubbo (Jan 25)
- Re: jasper: invalid memory read in jas_matrix_bindsub (jas_seq.c) Salvatore Bonaccorso (Jan 25)
- jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo (Jan 25)
- Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Salvatore Bonaccorso (Jan 25)
- Re: jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) Agostino Sarubbo (Mar 13)
- Multiple PHP object injection vulnerabilities affecting three WordPress Plugins Summer of Pwnage (Jan 25)
- CVE Requests: libgd: potential unsigned onderflow, denial-of-service in gdImageCreateFromGd2Ctx and signed overflow in gd_io.c Salvatore Bonaccorso (Jan 26)
- Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890 (Jan 26)
- Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Noryungi (Jan 26)
- Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux up201407890 (Jan 26)
- Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Sebastian Krahmer (Jan 31)
- Re: Re: OpenSSH: CVE-2015-6565 (pty issue in 6.8-6.9) can lead to local privesc on Linux Noryungi (Jan 26)
- [OSSA-2017-001] CatchErrors leaks sensitive values in oslo.middleware (CVE-2017-2592) Jeremy Stanley (Jan 26)
- CVE Request: Wordpress: 4.7.2 security release: unauthorized bypass, SQL injection, cross-site scripting issues Salvatore Bonaccorso (Jan 26)
- SSRF issue in the svgsalamander library Luc Lynx (Jan 26)
- Re: SSRF issue in the svgsalamander library cve-assign (Jan 29)
- Re: Re: CVE request: linux kernel - local DoS with cgroup offline code Andreas Stieger (Jan 27)
- CVE Request: s-nail local root wapiflapi (Jan 27)
- Re: CVE Request: s-nail local root wapiflapi (Feb 05)
- Re: CVE Request: s-nail local root cve-assign (Feb 06)
- Re: CVE Request: s-nail local root wapiflapi (Feb 05)
- Use after free in libmysqlclient.so pali (Jan 27)
- Re: Use after free in libmysqlclient.so pali (Feb 10)
- Re: Use after free in libmysqlclient.so Solar Designer (Feb 10)
- Re: Use after free in libmysqlclient.so pali (Feb 11)
- Re: Re: Use after free in libmysqlclient.so pali (Feb 11)
- posting without being subscribed (was: Use after free in libmysqlclient.so) Solar Designer (Feb 11)
- Re: posting without being subscribed pali (Feb 11)
- Re: posting without being subscribed Solar Designer (Feb 11)
- Re: Re: Use after free in libmysqlclient.so Simon McVittie (Feb 10)
- Re: Use after free in libmysqlclient.so Solar Designer (Feb 10)
- Re: Use after free in libmysqlclient.so pali (Feb 10)
- Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. KARBOWSKI Piotr (Jan 28)
- Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. Kristian Fiskerstrand (Jan 28)
- Re: Gentoo: order of installed packages may result in vary directories permissions, leading to crontab not requiring cron group membership as example. cve-assign (Jan 28)
- Multiple vulnerabilities affecting two WordPress Plugins (XSS, CSRF & SQLi) Summer of Pwnage (Jan 28)
- mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) Agostino Sarubbo (Jan 29)
- Re: mp3splt: NULL pointer dereference in splt_cue_export_to_file (cue.c) cve-assign (Jan 31)
- mp3splt: invalid free in free_options (options_manager.c) Agostino Sarubbo (Jan 29)
- Re: mp3splt: invalid free in free_options (options_manager.c) cve-assign (Jan 31)
- mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo (Jan 29)
- Re: mp3splt: NULL pointer dereference in main (mp3splt.c) Agostino Sarubbo (Feb 02)
- Requesting CVE for calibre file disclosure Martin Pitt (Jan 29)
- Re: Requesting CVE for calibre file disclosure cve-assign (Jan 31)
- FW: [DSA 3775-1] tcpdump security update] Leo Famulari (Jan 30)
- Re: FW: [DSA 3775-1] tcpdump security update] David Manouchehri (Jan 30)
- Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky (Feb 01)
- Re: FW: [DSA 3775-1] tcpdump security update] Henri Salo (Feb 01)
- Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky (Feb 01)
- Re: FW: [DSA 3775-1] tcpdump security update] Michal Hrusecky (Feb 01)
- Re: FW: [DSA 3775-1] tcpdump security update] David Manouchehri (Jan 30)
- CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer P J P (Jan 30)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)
- Re: Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer Leo Famulari (Feb 12)
- Re: CVE request Qemu: sd: sdhci OOB access during multi block SDMA transfer cve-assign (Jan 31)
- CVE Request - Remote DoS vulnerabilities in BitlBee dequis (Jan 30)
- Re: CVE Request - Remote DoS vulnerabilities in BitlBee cve-assign (Jan 31)
- CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)
- Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) cve-assign (Feb 01)
- <Possible follow-ups>
- CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)
- CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon P J P (Jan 30)
- CVE request: multiples vulnerabilities in Revive Adserver Nicolas Grégoire (Jan 31)
- Re: CVE request: multiples vulnerabilities in Revive Adserver cve-assign (Feb 01)
- CVE request: multiples vulnerabilities in libplist nikola.sc (Jan 31)
- Re: CVE request: multiples vulnerabilities in libplist cve-assign (Feb 01)
- CVE Request: ffmpeg remote exploitaion results code execution Paul Cher (Jan 31)
- Re: CVE Request: ffmpeg remote exploitaion results code execution Leo Famulari (Jan 31)
- Re: CVE Request: ffmpeg remote exploitaion results code execution cve-assign (Feb 01)
- CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r Max Veytsman (Jan 31)
- CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Jan 31)
- Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign (Feb 01)
- Re: CVE requests: OpenBSD httpd - 2 DoS Pierre Kim (Feb 02)
- Re: CVE requests: OpenBSD httpd - 2 DoS cve-assign (Feb 01)
- Bugs fixed in libevent 2.1.6 Leo Famulari (Jan 31)
- Re: Bugs fixed in libevent 2.1.6 cve-assign (Feb 01)
- mp3splt: NULL pointer dereference in free_options (options_manager.c) Agostino Sarubbo (Feb 01)
- Re: mp3splt: NULL pointer dereference in free_options (options_manager.c) cve-assign (Feb 01)
- pax-utils: scanelf: out of bounds read in scanelf_file_textrel (scanelf.c) Agostino Sarubbo (Feb 01)
- pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo (Feb 01)
- <Possible follow-ups>
- pax-utils: scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c) Agostino Sarubbo (Feb 25)
- CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode P J P (Feb 01)
- Multiple memory access issues in gstreamer Hanno Böck (Feb 01)
- Re: Multiple memory access issues in gstreamer cve-assign (Feb 01)
- CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Laszlo Boszormenyi (GCS) (Feb 01)
- Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Agostino Sarubbo (Feb 01)
- Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables Kristian Erik Hermansen (Feb 03)
- podofo: multiple crashes Agostino Sarubbo (Feb 01)
- Re: podofo: multiple crashes Hanno Böck (Feb 01)
- Re: podofo: multiple crashes Agostino Sarubbo (Feb 01)
- Re: podofo: multiple crashes Hanno Böck (Feb 01)
- Re: podofo: multiple crashes cve-assign (Feb 01)
- Re: podofo: multiple crashes Agostino Sarubbo (Feb 01)
- Re: podofo: multiple crashes Hanno Böck (Feb 01)
- podofo: infinite loop in PoDoFo::PdfPage::GetInheritedKeyFromObject (PdfPage.cpp) Agostino Sarubbo (Feb 01)
- podofo: signed integer overflow in PdfParser.cpp Agostino Sarubbo (Feb 01)
- Re: podofo: signed integer overflow in PdfParser.cpp cve-assign (Feb 01)
- podofo: NULL pointer dereference in PdfOutputStream.cpp Agostino Sarubbo (Feb 01)
- Re: podofo: NULL pointer dereference in PdfOutputStream.cpp cve-assign (Feb 01)
- podofo: NULL pointer dereference in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo (Feb 01)
- podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo (Feb 01)
- Re: podofo: NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) Agostino Sarubbo (Feb 02)
- CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd P J P (Feb 01)
- Re: CVE request Qemu: scsi: megasas: host memory leakage in megasas_handle_dcmd cve-assign (Feb 01)
- CVE request Qemu: display: virtio-gpu-3d: host memory leakage in virgl_cmd_resource_unref P J P (Feb 01)
- CVE update - fixed in Apache Ranger 0.6.3 Velmurugan Periasamy (Feb 01)
- CVE request: Use after free in libmysqlclient.so (was: Re: Use after free in libmysqlclient.so) Bálint Réczey (Feb 01)
- Multiple vulnerabilities in Jenkins Daniel Beck (Feb 01)
- [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues FOXMOLE Advisories (Feb 02)
- Re: [FOXMOLE SA 2016-07-05] ZoneMinder - Multiple Issues cve-assign (Feb 04)
- curiosity for CVE-2016-10000 Vladis Dronov (Feb 02)
- Re: curiosity for CVE-2016-10000 Marcus Meissner (Feb 02)
- Re: curiosity for CVE-2016-10000 Justin Steven (Feb 03)
- Re: curiosity for CVE-2016-10000 Kurt Seifried (Feb 03)
- Re: curiosity for CVE-2016-10000 Vladis Dronov (Feb 03)
- Re: curiosity for CVE-2016-10000 Justin Steven (Feb 03)
- Re: curiosity for CVE-2016-10000 Marcus Meissner (Feb 02)
- CVE request tigervnc: vnc server can crash when TLS handshake terminates early Matthias Gerstner (Feb 02)
- Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing (Feb 02)
- Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read John Haxby (Feb 03)
- Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Andreas Stieger (Feb 03)
- Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Wade Mealing (Feb 05)
- Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read cve-assign (Feb 04)
- Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read John Haxby (Feb 03)
- podofo: heap-based buffer overflow in PoDoFo::PdfTokenizer::GetNextToken (PdfTokenizer.cpp) Agostino Sarubbo (Feb 03)
- CVE request for two input validation flaws in gtk-vnc Adam Maris (Feb 03)
- Re: CVE request for two input validation flaws in gtk-vnc cve-assign (Feb 04)
- pax-utils: dumpelf: out of bounds read in dump_notes (dumpelf.c) Agostino Sarubbo (Feb 04)
- pax-utils: dumpelf: multiple divide-by-zero in dumpelf.c Agostino Sarubbo (Feb 04)
- pax-utils: dumpelf: two invalid memory read in dumpelf.c Agostino Sarubbo (Feb 04)
- CVE-2017-2581, CVE-2017-2579, CVE-2017-2580, CVE-2017-2586, CVE-2017-2587: Multiple vulnerabilities in netpbm chunibalon (Feb 05)
- Irssi 1.0.0 minor remote memory leak Ailin Nemui (Feb 05)
- Re: Irssi 1.0.0 minor remote memory leak Ailin Nemui (Feb 05)
- mupdf: NULL pointer dereference in dodrawpage Agostino Sarubbo (Feb 06)
- mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap Agostino Sarubbo (Feb 09)
- Re: mupdf: heap-based buffer overflow in fz_subsample_pixmap cve-assign (Feb 06)
- CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() Andrey Konovalov (Feb 06)
- Re: CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() cve-assign (Feb 06)
- [KIS-2017-01] PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability Egidio Romano (Feb 06)
- CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest P J P (Feb 06)
- Re: CVE request Qemu: usb: integer overflow in emulated_apdu_from_guest cve-assign (Feb 06)
- CVE request: XXE in Openpyxl Sébastien Delafond (Feb 07)
- Re: CVE request: XXE in Openpyxl Doran Moppert (Feb 07)
- Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 13)
- Re: Re: CVE request: XXE in Openpyxl Doran Moppert (Feb 13)
- Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 14)
- Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 15)
- Re: CVE request: XXE in Openpyxl Sébastien Delafond (Feb 13)
- Re: CVE request: XXE in Openpyxl Doran Moppert (Feb 07)
- CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 07)
- Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign (Feb 07)
- Re: CVE request: PostfixAdmin allows to delete protected aliases Christian Boltz (Feb 08)
- Re: CVE request: PostfixAdmin allows to delete protected aliases cve-assign (Feb 07)
- a simple replacement for setuid and confinement systems Peter Grandi (Feb 07)
- CVE request Qemu: virtio: integer overflow in handling virtio-crypto requests P J P (Feb 07)
- CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion Jens Heyens (Feb 07)
- Re: CVE Request - Code execution vulnerability in GNU/bash v4.4 autocompletion cve-assign (Feb 07)
- CVE Request: Nova-LXD incorrectly applied Neutron security group rules Tyler Hicks (Feb 08)
- Re: CVE Request: Nova-LXD incorrectly applied Neutron security group rules cve-assign (Feb 08)
- CVE request virglrenderer: null pointer dereference in vrend_clear P J P (Feb 08)
- Re: CVE request virglrenderer: null pointer dereference in vrend_clear cve-assign (Feb 08)
- CVE request virglrenderer: host memory leak issue in virgl_resource_attach_backing P J P (Feb 08)
- CVE request: XSS in viewvc Sébastien Delafond (Feb 08)
- Re: CVE request: XSS in viewvc cve-assign (Feb 08)
- Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Ian Zimmerman (Feb 08)
- Re: Re: CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode) Gustavo Grieco (Feb 08)
- Message not available
- Re: MITRE is adding data intake to its CVE ID process P J P (Feb 08)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Peter Bex (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Steven R. Loomis (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Amos Jeffries (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Jeremy Stanley (Feb 09)
- Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Stiepan (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Simon McVittie (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Pierre Schweitzer (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Moritz Muehlenhoff (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Bob Friesenhahn (Feb 11)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Ben Tasker (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mike Gerwitz (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Seth Arnold (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 10)
- RE: MITRE is adding data intake to its CVE ID process Williams, Ken (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Mats Wichmann (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Adam Caudill (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Tim (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Guido Berhoerster (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process John Haxby (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process cve-assign (Feb 10)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Feb 11)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 12)
- Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman (Feb 13)
- Re: MITRE is adding data intake to its CVE ID process Ian Zimmerman (Feb 13)
- Re: Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Feb 13)
- Re: MITRE is adding data intake to its CVE ID process Raphael Geissert (Feb 15)
- Re: MITRE is adding data intake to its CVE ID process Fabio Olive Leite (Feb 16)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Feb 16)
- RE: [security-vendor] [oss-security] Re: MITRE is adding data intake to its CVE ID process Radzykewycz, T (Radzy) (Feb 13)
- Re: MITRE is adding data intake to its CVE ID process Priedhorsky, Reid (Feb 13)
- RE: MITRE is adding data intake to its CVE ID process Maier, Kurt H (Feb 13)
- Re: MITRE is adding data intake to its CVE ID process Henri Salo (Feb 15)
- Re: MITRE is adding data intake to its CVE ID process cve-assign (Feb 17)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Feb 11)
- Message not available
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Re: A note about the multiple crashes in zziplib Ian Zimmerman (Feb 14)
- Re: A note about the multiple crashes in zziplib Agostino Sarubbo (Feb 14)
- Re: Multiple DoS parsing and executing extended regex expressions in GNU libc Jakub Wilk (Feb 09)
- Re: mupdf: use-after-free in fz_subsample_pixmap (pixmap.c) Agostino Sarubbo (Mar 26)
- Re: [Xen-users] Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Roger Pau Monné (Feb 11)
- <Possible follow-ups>
- Xen Security Advisory 208 (CVE-2017-2615) - oob access in cirrus bitblt copy Xen . org security team (Feb 13)
- Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner (Feb 24)
- Re: CVE-2017-5956 virglrenderer: Virglrenderer: OOB access while in vrend_draw_vbo Matthias Gerstner (Feb 24)
- Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Henri Salo (Feb 14)
- Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf() Vladis Dronov (Feb 14)
- Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Solar Designer (Feb 20)
- Re: Blindspot Advisory: Java/Python FTP Injections Allow for Firewall Bypass Timothy D. Morgan (Feb 20)
- Re: [Xen-devel] Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Roger Pau Monné (Feb 23)
- <Possible follow-ups>
- Xen Security Advisory 209 (CVE-2017-2620) - cirrus_bitblt_cputovideo does not check if memory region is safe Xen . org security team (Feb 23)
- Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Leo Famulari (Feb 21)
- Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky (Feb 23)
- Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky (Feb 26)
- Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf Ariel Zelivansky (Feb 23)
- Re: Linux kernel: CVE-2017-6074: DCCP double-free vulnerability (local root) Andrey Konovalov (Feb 26)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Assaf Gordon (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Hanno Böck (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Bálint Réczey (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Emilio Pozuelo Monfort (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Serge E. Hallyn (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Leo Famulari (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Tobias Stöckmann (Feb 23)
- Re: util-linux 2.29.2 fixes CVE-2017-2616 Marcus Meissner (Feb 23)
- Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 24)
- Re: Re: GraphicsMagick heap out of bounds write issue Bob Friesenhahn (Feb 28)
- Re: gnu-paxutils: multiple crashes Assaf Gordon (Feb 25)
- Re: gnu-paxutils: multiple crashes Agostino Sarubbo (Feb 26)
- Re: audiofile: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) Solar Designer (Mar 14)
- Re: audiofile: heap-based buffer overflow in readValue (FileHandle.cpp) Solar Designer (Mar 14)
- Re: audiofile: global buffer overflow in decodeSample (IMA.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: heap-based buffer overflow in alaw2linear_buf (G711.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) Agostino Sarubbo (Mar 13)
- Re: audiofile: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) Agostino Sarubbo (Mar 13)
- Re: audiofile: multiple ubsan crashes Agostino Sarubbo (Mar 13)
- Re: kio vulnerability: need CVE P J P (Feb 28)
- Re: three issues in xorg (CVE-*2017*-2624, CVE-*2017*-2625, CVE-*2017*-2626) Doran Moppert (Feb 28)
- Re: podofo: invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 13)
- Re: podofo: NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) Agostino Sarubbo (Mar 13)
- Re: podofo: heap-based buffer overflow in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 13)
- Re: podofo: global buffer overflow in PoDoFo::PdfParser::ReadXRefSubsection (PdfParser.cpp) Agostino Sarubbo (Mar 13)
- Re: podofo: NULL pointer dereference in PoDoFo::PdfColor::operator= (PdfColor.cpp) Agostino Sarubbo (Mar 13)
- Re: podofo: NULL pointer dereference in PoDoFo::PdfVariant::DelayedLoad (PdfVariant.h) Agostino Sarubbo (Mar 13)
- Re: podofo: NULL pointer dereference in PoDoFo::PdfXObject::PdfXObject (PdfXObject.cpp) Agostino Sarubbo (Mar 13)
- Re: podofo: NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) Agostino Sarubbo (Mar 13)
- Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Emilio Pozuelo Monfort (Mar 06)
- Re: CVE-Request JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Tomas Hoger (Mar 06)
- Re: JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Mar 07)
- Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Emilio Pozuelo Monfort (Mar 07)
- Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Kurt Seifried (Mar 07)
- Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Craig Small (Mar 11)
- Re: CVE Request: Wordpress: 6 security issues in Wordpress 4.7 2 Kurt Seifried (Mar 07)
- Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 08)
- Re: Linux kernel: CVE-2017-2636: local privilege escalation flaw in n_hdlc Alexander Popov (Mar 30)
- Re: Concerns about CVE-2017-5972 Wade Mealing (Mar 08)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 10)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks (Mar 13)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 14)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 15)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Stiepan (Mar 28)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Serge E. Hallyn (Mar 28)
- Re: LXC: CVE-2017-5985: lxc-user-nic didn't verify network namespace ownership Tyler Hicks (Mar 13)
- Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Emilio Pozuelo Monfort (Mar 12)
- Re: CVE Request: Irssi use after free in netjoin condition (2017/03) Ailin Nemui (Mar 20)
- <Possible follow-ups>
- Two Content Injection vulnerabilities in Wordpress Plugin DTracker v1.5 Larry W. Cashdollar (Mar 20)
- Re: Arbitrary file download vulnerability in Wordpress Plugin Membership Simplified v1.58 Larry W. Cashdollar (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Simon McVittie (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Seth Arnold (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Leo Famulari (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Kurt Seifried (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 16)
- Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 16)
- Re: Dealing with CVEs that apply to unspecified package versions Leo Famulari (Mar 15)
- Re: Dealing with CVEs that apply to unspecified package versions Brian May (Mar 18)
- Re: Dealing with CVEs that apply to unspecified package versions Jerome Athias (Mar 18)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Adam Maris (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Korsgaard (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Peter Bex (Mar 16)
- Re: CVE request for unchecked size argument in malloc() in CHICKEN Scheme Don A. Bailey (Mar 16)
- Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Agostino Sarubbo (Mar 16)
- Re: CVE Request: multiple bugs found in BFD libraries and Binutils' utilities Thuan Pham (Mar 17)
- Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Solar Designer (Mar 17)
- Re: libpcre: two stack-based buffer overflow write in pcre32_copy_substring (pcre_get.c) Agostino Sarubbo (Mar 24)
- Re: libpcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) Agostino Sarubbo (Mar 24)
- Re: information about pwn2own Kernel problem Tyler Hicks (Mar 22)
- Re: information about pwn2own Kernel problem Luedtke, Nicholas (HPE Linux Security) (Mar 22)
- Re: information about pwn2own Kernel problem Dave Null (Mar 23)
- Re: information about pwn2own Kernel problem Tyler Hicks (Mar 29)
- Re: information about pwn2own Kernel problem Luedtke, Nicholas (HPE Linux Security) (Mar 22)
- Re: [ANNOUNCE] Linux Security Summit 2017 - CFP Solar Designer (Mar 24)
- Re: [ANNOUNCE] Linux Security Summit 2017 - CFP James Morris (Mar 24)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Andrey Konovalov (Mar 24)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Eric Dumazet (Mar 24)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Solar Designer (Mar 24)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Eric Dumazet (Mar 24)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Lokesh Ubuntu (Mar 29)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Tyler Hicks (Mar 30)
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (Mar 31)
- Re: CVE Request -- mapr: information disclosure vulnerability Mark Felder (Mar 31)