oss-sec: by thread
788 messages
starting Oct 01 16 and
ending Dec 31 16
Date index |
Thread index |
Author index
- GraphicsMagick CVE request: 8BIM/8BIMW unsigned underflow leads to heap overflow Bob Friesenhahn (Oct 01)
- Re: imagemagick mogrify global buffer overflow cve-assign (Oct 01)
- imagemagick mogrify use after free Marco Grassi (Oct 01)
- Re: imagemagick mogrify use after free cve-assign (Oct 02)
- cJSON buffer out of bound read Marco Grassi (Oct 02)
- CVE request: cJSON buffer out of bound read Henri Salo (Nov 07)
- NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer (Oct 02)
- Re: NSPR 4.12, NSS 3.22.1 and PR_GetEnvSecure Florian Weimer (Oct 05)
- CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function P J P (Oct 03)
- Re: CVE request Qemu: net: inifinte loop in imx_fec_do_tx() function cve-assign (Oct 03)
- CVE request Qemu: net: Infinite loop in mcf_fec_do_tx P J P (Oct 03)
- Re: CVE request Qemu: net: Infinite loop in mcf_fec_do_tx cve-assign (Oct 03)
- CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr P J P (Oct 03)
- Re: CVE Request Qemu: net: pcnet: infinite loop in pcnet_rdra_addr cve-assign (Oct 03)
- CVE-2016-1246: Buffer overflow in DBD-mysql error reporting (Perl DBI module) Florian Weimer (Oct 03)
- Xen Security Advisory 190 (CVE-2016-7777) - CR0.TS and CR0.EM not always honored for x86 HVM guests Xen . org security team (Oct 04)
- X.Org security advisory: Protocol handling issues in X Window System client libraries Matthieu Herrb (Oct 04)
- Re: X.Org security advisory: Protocol handling issues in X Window System client libraries Marcus Meissner (Oct 04)
- CVE Request Steve Richert (Oct 04)
- KMail vulnerabilites: need 3 CVE Albert Astals Cid (Oct 04)
- Re: KMail vulnerabilites: need 3 CVE cve-assign (Oct 04)
- Handful of libass issues Brandon Perry (Oct 04)
- Re: Handful of libass issues cve-assign (Oct 04)
- Re: Re: Handful of libass issues Salvatore Bonaccorso (Oct 27)
- Re: Re: Handful of libass issues Brandon Perry (Oct 27)
- Re: Re: Handful of libass issues Salvatore Bonaccorso (Oct 31)
- Re: Handful of libass issues cve-assign (Nov 01)
- Re: Re: Handful of libass issues Salvatore Bonaccorso (Oct 27)
- Re: Handful of libass issues cve-assign (Oct 04)
- Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 Raphael Geissert (Oct 05)
- CVE request: openjpeg: incorrect fix for CVE-2013-6045 (was Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045) Doran Moppert (Oct 05)
- <Possible follow-ups>
- Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 cve-assign (Nov 29)
- CVE-2016-7903: Dotclear <= 2.10.2 Password Reset Address Spoof Hongkun Zeng (Oct 05)
- CVE-2016-7902: Dotclear <= 2.10.2 (Media Manager) Unrestricted File Upload Hongkun Zeng (Oct 05)
- CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Bob Friesenhahn (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Jakub Wilk (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Florian Weimer (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign (Oct 05)
- Re: Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Cedric Buissart (Oct 19)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 05)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 11)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems cve-assign (Oct 11)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Tavis Ormandy (Oct 11)
- Re: CVE Request - multiple ghostscript -dSAFER sandbox problems Hanno Böck (Oct 05)
- CVE request: sunxi-debug (root privilege escalation in Allwinner kernel) David Manouchehri (Oct 05)
- SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 05)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)
- Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 08)
- Re: SPIP vulnerabilities: request for 5 CVE Sysdream Labs (Oct 07)
- Re: SPIP vulnerabilities: request for 5 CVE cve-assign (Oct 06)
- librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 05)
- Re: librsvg and cairo are causing libpng to write out-of-bounds Glenn Randers-Pehrson (Oct 06)
- <Possible follow-ups>
- Re: librsvg and cairo are causing libpng to write out-of-bounds John Bowler (Oct 06)
- Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 26)
- Re: librsvg and cairo are causing libpng to write out-of-bounds cve-assign (Oct 26)
- Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 26)
- [SECURITY] CVE-2016-6808 Apache Tomcat JK ISAPI Connector buffer overflow Mark Thomas (Oct 06)
- CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 06)
- Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 26)
- Re: CVE request: DoS loading a SVG in Firefox cve-assign (Nov 26)
- Re: CVE request: DoS loading a SVG in Firefox Gustavo Grieco (Oct 26)
- [OSSA 2016-012] Malicious qemu-img input may exhaust resources in Cinder, Glance, Nova (CVE-2015-5162) Jeremy Stanley (Oct 06)
- CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d P J P (Oct 07)
- Re: CVE request Qemu virtio-gpu: memory leak in virtio_gpu_resource_create_2d cve-assign (Oct 08)
- CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd P J P (Oct 07)
- Re: CVE request Qemu: usb: hcd-ehci: memory leak in ehci_process_itd cve-assign (Oct 08)
- GraphicsMagick CVE Request - WPG Reader Issues Bob Friesenhahn (Oct 07)
- Re: GraphicsMagick CVE Request - WPG Reader Issues cve-assign (Oct 08)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Chet Ramey (Oct 07)
- RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi (Oct 10)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Salvatore Bonaccorso (Oct 10)
- Re: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Agostino Sarubbo (Oct 10)
- RE: Re: CVE-2016-0634 -- bash prompt expanding $HOSTNAME Sona Sarmadi (Oct 10)
- ffmpeg before 3.1.4 [CVE-2016-7562] [CVE-2016-7122] [CVE-2016-7450] [CVE-2016-7502] [CVE-2016-7555] [CVE-2016-7785] [CVE-2016-7905] 连一汉 (Oct 08)
- CVE request: invalid memory accesses parsing object files in libgit2 Gustavo Grieco (Oct 08)
- Re: CVE request: invalid memory accesses parsing object files in libgit2 cve-assign (Oct 08)
- libav: null pointer dereference in get_vlc2 (get_bits.h) Agostino Sarubbo (Oct 08)
- Re: libav: null pointer dereference in get_vlc2 (get_bits.h) cve-assign (Oct 15)
- imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) Agostino Sarubbo (Oct 08)
- Re: imagemagick: memory allocate failure in AcquireQuantumPixels (quantum.c) cve-assign (Oct 15)
- imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Agostino Sarubbo (Oct 08)
- Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) cve-assign (Oct 15)
- Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) Ian Zimmerman (Dec 08)
- Re: imagemagick: heap-based buffer overflow in IsPixelMonochrome (pixel-accessor.h) cve-assign (Oct 15)
- libdwarf: heap-based buffer overflow in _dwarf_get_size_of_val (dwarf_util.c) Agostino Sarubbo (Oct 08)
- libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) Agostino Sarubbo (Oct 08)
- libdwarf: heap-based buffer overflow in _dwarf_get_abbrev_for_code (dwarf_util.c) (ANOTHER ONE) Agostino Sarubbo (Oct 08)
- graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) Agostino Sarubbo (Oct 08)
- Re: graphicsmagick: stack-based buffer overflow in ReadSCTImage (sct.c) cve-assign (Oct 15)
- graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) Agostino Sarubbo (Oct 08)
- Re: graphicsmagick: memory allocation failure in ReadPCXImage (pcx.c) cve-assign (Oct 15)
- graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo (Oct 08)
- Re: graphicsmagick: memory allocation failure in MagickMalloc (memory.c) cve-assign (Oct 15)
- potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo (Oct 08)
- Re: potrace: invalid memory access in findnext (decompose.c) cve-assign (Oct 15)
- Re: potrace: invalid memory access in findnext (decompose.c) Johannes Segitz (Oct 17)
- Re: potrace: invalid memory access in findnext (decompose.c) Agostino Sarubbo (Oct 17)
- potrace: memory allocation failure Agostino Sarubbo (Oct 08)
- Re: potrace: memory allocation failure Marcus Meissner (Oct 09)
- Re: potrace: memory allocation failure Agostino Sarubbo (Oct 10)
- Re: potrace: memory allocation failure cve-assign (Oct 15)
- Re: potrace: memory allocation failure Agostino Sarubbo (Oct 21)
- Re: potrace: memory allocation failure Marcus Meissner (Oct 09)
- CVE-2016-5425 - Apache Tomcat packaging on RedHat-based distros - Root Privilege Escalation (affecting CentOS, Fedora, OracleLinux, RedHat etc.) Dawid Golunski (Oct 10)
- CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch P J P (Oct 10)
- Re: CVE request Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch cve-assign (Oct 10)
- CVE request: Qemu: 9pfs: host memory leakage in v9fs_read P J P (Oct 10)
- Re: CVE request: Qemu: 9pfs: host memory leakage in v9fs_read cve-assign (Oct 10)
- CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines P J P (Oct 10)
- Re: CVE request Qemu: 9pfs: potential NULL dereferencein 9pfs routines cve-assign (Oct 10)
- fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie (Oct 10)
- Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Szabolcs Nagy (Oct 10)
- Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Simon McVittie (Oct 10)
- Re: fd.o #98157: dbus format string vulnerability fixed in 1.10.12 Szabolcs Nagy (Oct 10)
- CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing P J P (Oct 10)
- CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification Ludovic Courtès (Oct 11)
- Re: CVE request: GNU Guile <= 2.0.12: Thread-unsafe umask modification cve-assign (Oct 11)
- linux kernel do_blockdev_direct_IO invalid memory access Marco Grassi (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access cve-assign (Oct 11)
- Re: Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- Re: linux kernel do_blockdev_direct_IO invalid memory access Greg KH (Oct 11)
- CVE request: GNU Guile <= 2.0.12: REPL server vulnerable to HTTP inter-protocol attacks Ludovic Courtès (Oct 11)
- CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow freener (Oct 12)
- bubblewrap LPE Sebastian Krahmer (Oct 12)
- Re: bubblewrap LPE cve-assign (Oct 13)
- Re: bubblewrap LPE Simon McVittie (Oct 13)
- CVE-2016-7980: SPIP 3.1.2 Exec Code Cross-Site Request Forgery Sysdream Labs (Oct 12)
- CVE-2016-7981: SPIP 3.1.2 Reflected Cross-Site Scripting Sysdream Labs (Oct 12)
- CVE-2016-7982: SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal Sysdream Labs (Oct 12)
- CVE-2016-7998: SPIP 3.1.2 Template Compiler/Composer PHP Code Execution Sysdream Labs (Oct 12)
- CVE-2016-7999: SPIP 3.1.2 Server Side Request Forgery Sysdream Labs (Oct 12)
- kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Vladis Dronov (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Petr Matousek (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) John Haxby (Oct 14)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) P J P (Oct 13)
- Re: kernel: Stack corruption while reading /proc/keys (CVE-2016-7042) Greg KH (Oct 13)
- Re: cve request: systemd-machined: information exposure for docker containers CAI Qian (Oct 13)
- CVE request: kernel - local DoS due to a page lock order bug in the XFS seek hole/data implementation CAI Qian (Oct 13)
- CVE Request: another recursion in GRE Marcus Meissner (Oct 13)
- Re: CVE Request: another recursion in GRE cve-assign (Oct 14)
- docker2aci: infinite loop in deps walking(CVE-2016-8579) 张开翔 (Oct 13)
- CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick P J P (Oct 14)
- Re: CVE request Qemu: dma: rc4030 divide by zero error in set_next_tick cve-assign (Oct 15)
- CVE request Qemu: net: OOB buffer access in rocker switch emulation P J P (Oct 14)
- Re: CVE request Qemu: net: OOB buffer access in rocker switch emulation cve-assign (Oct 15)
- CVE request Qemu: char: divide by zero error in serial_update_parameters P J P (Oct 14)
- Re: CVE request Qemu: char: divide by zero error in serial_update_parameters cve-assign (Oct 15)
- CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf Salvatore Bonaccorso (Oct 14)
- Re: CVE Request: libgd: Stack Buffer Overflow in GD dynamicGetbuf cve-assign (Oct 15)
- Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) Hanno Böck (Oct 15)
- Re: Update on MatrixSSL miscalculation (incomplete fix for CVE-2016-6887) cve-assign (Oct 15)
- Re: [SECURITY ADVISORY] c-ares: single byte out of buffer write Solar Designer (Oct 15)
- dcraw and CVE-2015-8366 + CVE-2015-8367 Ben Woods (Oct 15)
- Re: dcraw and CVE-2015-8366 + CVE-2015-8367 Ian Zimmerman (Dec 01)
- Re: mupdf: use-after-free in pdf_to_num (pdf-object.c) cve-assign (Oct 15)
- Re: Libarchive/bsdtar: multiple crashes cve-assign (Oct 15)
- Re: potrace: multiple crashes cve-assign (Oct 15)
- Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
- Re: Fuzzing jasper cve-assign (Oct 22)
- Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- mupdf: mujstest: global-buffer-overflow in my_getline (jstest_main.c) Agostino Sarubbo (Oct 16)
- mupdf: mujstest: global-buffer-overflow in main (jstest_main.c) Agostino Sarubbo (Oct 16)
- mupdf: mujstest: strcpy-param-overlap in main (jstest_main.c) Agostino Sarubbo (Oct 16)
- imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) Agostino Sarubbo (Oct 17)
- Re: imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) cve-assign (Oct 19)
- CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Adam Maris (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Remi Collet (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Emmanuel Law (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign (Oct 18)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Nov 01)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 cve-assign (Nov 01)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Lior Kaplan (Nov 01)
- Re: CVE assignment for PHP 5.6.27 and 7.0.12 Adam Maris (Oct 18)
- jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo (Oct 18)
- jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo (Oct 18)
- Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) cve-assign (Oct 22)
- Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Tavis Ormandy (Oct 25)
- Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Agostino Sarubbo (Oct 26)
- Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Simon McVittie (Oct 26)
- Re: Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) Tavis Ormandy (Oct 25)
- Re: jasper: memory allocation failure in jas_malloc (jas_malloc.c) cve-assign (Oct 22)
- jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) Agostino Sarubbo (Oct 18)
- Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) cve-assign (Oct 22)
- snzip: memory allocation failure in work_buffer_resize (snzip.c) Agostino Sarubbo (Oct 18)
- libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo (Oct 18)
- Re: libwmf: memory allocation failure in wmf_malloc (api.c) cve-assign (Oct 24)
- Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner (Oct 25)
- Re: libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo (Oct 25)
- Re: libwmf: memory allocation failure in wmf_malloc (api.c) Marcus Meissner (Oct 25)
- Re: libwmf: memory allocation failure in wmf_malloc (api.c) Agostino Sarubbo (Oct 25)
- CVE request for tor Moritz Muehlenhoff (Oct 18)
- Re: CVE request for tor cve-assign (Oct 19)
- veracrypt security fixes in 1.19 Christian Rebischke (Oct 18)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried (Oct 18)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Oct 18)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried (Oct 18)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Oct 19)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Seaman, Chad (Oct 19)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Kurt Seifried (Oct 18)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Oct 18)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Gsunde Orangen (Oct 18)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Dawid Golunski (Oct 19)
- Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) Tomas Hoger (Oct 25)
- CVE Request - TRE & musl libc regex integer overflows in buffer size computations Rich Felker (Oct 18)
- CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH 石磊 (Oct 18)
- Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH cve-assign (Oct 19)
- Re: Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH Huzaifa Sidhpurwala (Oct 19)
- Re: CVE Request: OpenSSH: Memory exhaustion issue found in OpenSSH cve-assign (Oct 19)
- imagemagick: memory allocation failure in AcquireMagickMemory (memory.c) (incomplete fix for CVE-2016-8862) Agostino Sarubbo (Oct 20)
- jasper: NULL pointer dereference in jpc_tsfb_synthesize (jpc_tsfb.c) Agostino Sarubbo (Oct 20)
- Re: CVE Request - Portable UPnP SDK 1.6.19 through 1.8.x cve-assign (Oct 20)
- CVE-2016-2848 has been disclosed. Michael McNally (Oct 20)
- Re: CVE-2016-2848 has been disclosed. Florian Weimer (Oct 20)
- CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Oct 20)
- Re: CVE request - textract 1.4.0 - OS Command Injection Pierre Ernst (Nov 17)
- CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 20)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 26)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Steve Grubb (Nov 03)
- Re: CVE-2016-5195 "Dirty COW" Linux kernel privilege escalation vulnerability Solar Designer (Oct 26)
- Requesting membership to linux-distros Alex Crawford (Oct 20)
- Re: Requesting membership to linux-distros Kurt Seifried (Oct 20)
- Re: Requesting membership to linux-distros Alex Crawford (Oct 20)
- Re: Requesting membership to linux-distros Kurt Seifried (Oct 21)
- Re: Requesting membership to linux-distros Alex Crawford (Oct 22)
- Re: Requesting membership to linux-distros Alex Crawford (Oct 20)
- Re: Requesting membership to linux-distros Kurt Seifried (Oct 20)
- Addition to linux-distros for Arch Linux Allan McRae (Oct 22)
- Re: Addition to linux-distros for Arch Linux Solar Designer (Oct 25)
- jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c) (incomplete fix for CVE-2016-8887) Agostino Sarubbo (Oct 23)
- jasper: heap-based buffer overflow in jpc_dec_tiledecode (jpc_dec.c) Agostino Sarubbo (Oct 23)
- CVE request Qemu: audio: intel-hda: infinite loop in processing dma buffer stream P J P (Oct 24)
- CVE request Qemu: net: rtl8139: infinite loop while transmit in C+ mode P J P (Oct 24)
- CVE-2016-8610: SSL Death Alert: OpenSSL SSL/TLS SSL3_AL_WARNING undefined alert Remote DoS 石磊 (Oct 24)
- membership request to the closed linux-distros Sona Sarmadi (Oct 24)
- Re: CVE-2016-7545 -- SELinux sandbox escape Yves-Alexis Perez (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape netblue30 (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 cve-assign (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape - Firejail is CVE-2016-9016 Yves-Alexis Perez (Oct 25)
- Re: CVE-2016-7545 -- SELinux sandbox escape up201407890 (Oct 25)
- CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 25)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer (Oct 26)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Dawid Golunski (Oct 27)
- Re: CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation Solar Designer (Oct 26)
- CVE-2016-4455: subscription-manager: incorrect permisions in /var/lib/rhsm/ Cedric Buissart (Oct 26)
- CVE requests: some issues in gif2webp Gustavo Grieco (Oct 26)
- Re: CVE requests: some issues in gif2webp cve-assign (Oct 27)
- kernel: low-severity vfio driver integer overflow Vlad Tsyrklevich (Oct 26)
- Re: kernel: low-severity vfio driver integer overflow - Linux kernel cve-assign (Oct 26)
- CVE-2016-9015: Python urllib3 1.17 and 1.18 certificate verification failure Cory Benfield (Oct 27)
- [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources Mark Thomas (Oct 27)
- [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack Mark Thomas (Oct 27)
- [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass Mark Thomas (Oct 27)
- [SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure Mark Thomas (Oct 27)
- [SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass Mark Thomas (Oct 27)
- CVE-2016-5195 test case Andy Lutomirski (Oct 27)
- Re: CVE-2016-5195 test case Solar Designer (Oct 29)
- CVE request Qemu: net: eepro100 memory leakage at device unplug P J P (Oct 27)
- Re: CVE request Qemu: net: eepro100 memory leakage at device unplug cve-assign (Oct 30)
- CVE request Qemu: 9pfs: memory leakage when creating extended attribute P J P (Oct 27)
- Re: CVE request Qemu: 9pfs: memory leakage when creating extended attribute cve-assign (Oct 30)
- [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Luke Hinds (Oct 27)
- Re: [OSSN-0076] Glance Image service v1 and v2 api image-create vulnerability Kurt Seifried (Oct 27)
- CVE-2016-7067 - CSRF in Monit Service Manager Adith Sudhakar (Oct 27)
- CVE request Qemu: 9pfs: information leakage via xattribute P J P (Oct 27)
- Re: CVE request Qemu: 9pfs: information leakage via xattribute cve-assign (Oct 30)
- CVE request Qemu: 9pfs: integer overflow leading to OOB access P J P (Oct 28)
- Re: CVE request Qemu: 9pfs: integer overflow leading to OOB access cve-assign (Oct 30)
- CVE request Qemu: memory leakage in v9fs_link P J P (Oct 28)
- Re: CVE request Qemu: memory leakage in v9fs_link cve-assign (Oct 30)
- CVE request Qemu: 9pfs: memory leakage in v9fs_write P J P (Oct 28)
- Re: CVE request Qemu: 9pfs: memory leakage in v9fs_write cve-assign (Oct 30)
- gajim otr plugin cleartext leak Hanno Böck (Oct 30)
- Re: gajim otr plugin cleartext leak cve-assign (Oct 30)
- CVE request - integer overflow and crash parsing regex in mujs Gustavo Grieco (Oct 30)
- Re: CVE request - integer overflow and crash parsing regex in mujs cve-assign (Oct 30)
- Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Oct 30)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Oct 30)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Nov 07)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Oct 30)
- Stack guard canary massaging Florian Weimer (Oct 31)
- Re: Stack guard canary massaging Solar Designer (Oct 31)
- Re: [kernel-hardening] Re: Stack guard canary massaging Daniel Micay (Oct 31)
- Re: Stack guard canary massaging Seth Arnold (Nov 02)
- Re: Stack guard canary massaging Solar Designer (Oct 31)
- Memcached 1.4.32 and earlier buffer overflow. dormando (Oct 31)
- Re: Memcached 1.4.32 and earlier buffer overflow. Andrej Nemec (Nov 01)
- RCE in Zabbix 2.2 to 3.0.3 Martin Prpic (Nov 01)
- Re: RCE in Zabbix 2.2 to 3.0.3 cve-assign (Nov 01)
- Re: Re: RCE in Zabbix 2.2 to 3.0.3 Salvatore Bonaccorso (Dec 04)
- Re: RCE in Zabbix 2.2 to 3.0.3 cve-assign (Nov 01)
- CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment Salvatore Bonaccorso (Nov 01)
- [ANNOUNCE] Django security releases issued: 1.10.3, 1.9.11, and 1.8.16 Tim Graham (Nov 01)
- BIND9 CVE-2016-8864: A problem handling responses containing a DNAME,answer can lead to an assertion failure ISC Security Officer (Nov 01)
- CVE request: XXE in perl Image::Info and XML::Twig Doran Moppert (Nov 01)
- Re: CVE request: XXE in perl Image::Info and XML::Twig cve-assign (Nov 04)
- [SECURITY ADVISORY] curl cookie injection for other servers Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl case insensitive password comparison Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl OOB write via unchecked multiplication Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl double-free in curl_maprintf Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl double-free in krb5 code Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl glob parser write/read out of bounds Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl_getdate read out of bounds Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl URL unescape heap overflow via integer truncation Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl use-after-free via shared cookies Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] curl invalid URL parsing with '#' Daniel Stenberg (Nov 02)
- [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson (Nov 02)
- Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Hanno Böck (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 02)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host cve-assign (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Daniel Stenberg (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Robert Scheck (Nov 04)
- Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Kristian Fiskerstrand (Nov 04)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Florian Weimer (Nov 03)
- Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host Stuart Henderson (Nov 02)
- ZJ Invoice 384418 ZJ, do-not-reply (Nov 02)
- CVE request: multiple issues in go-jose package Cedric Staub (Nov 02)
- kernel: fix minor infoleak in get_user_ex() Shawn (Nov 03)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 28)
- Re: Re: kernel: fix minor infoleak in get_user_ex() Moritz Muehlenhoff (Nov 07)
- Re: kernel: fix minor infoleak in get_user_ex() cve-assign (Nov 04)
- CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 03)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 18)
- <Possible follow-ups>
- CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 21)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 23)
- Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 25)
- Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Dec 14)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 23)
- CVE request:Lynx invalid URL parsing with '?' redrain root (Nov 03)
- Re: CVE request:Lynx invalid URL parsing with '?' Leo Famulari (Nov 03)
- Re: CVE request:Lynx invalid URL parsing with '?' cve-assign (Nov 04)
- Re: CVE request:Lynx invalid URL parsing with '?' Thomas Dickey (Nov 04)
- Message not available
- Re: [FD] [oss-security] CVE request:Lynx invalid URL parsing with '?' Michal Zalewski (Nov 05)
- Re: CVE request -- linux kernel: crypto: GPF in lrw_crypt caused by null-deref cve-assign (Nov 04)
- Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 Nicolas Braud-Santoni (Nov 04)
- Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7 cve-assign (Nov 06)
- Re: CVE request: linux kernel - local DoS with cgroup offline code cve-assign (Nov 05)
- <Possible follow-ups>
- CVE-2016-8632 -- Linux kernel: tipc_msg_build() doesn't validate MTU that can trigger heap overflow Qian Zhang (Nov 10)
- Re: CVE Request: Cryptography 1.5.3: HKDF might return an empty byte-string cve-assign (Nov 08)
- Re: CVE Request - Samsung Exynos fimg2d Multiple Issues cve-assign (Nov 11)
- Re: jasper: use after free in jas_realloc (jas_malloc.c) cve-assign (Nov 09)
- Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) cve-assign (Nov 11)
- Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) cve-assign (Nov 11)
- Re: Re: libdwarf: heap-based buffer overflow in get_attr_value (print_die.c) Agostino Sarubbo (Nov 12)
- Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Henri Salo (Nov 09)
- Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
- Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
- Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) cve-assign (Nov 10)
- Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) cve-assign (Nov 10)
- Re: libming: listmp3: left shift in listmp3.c cve-assign (Nov 10)
- Re: CVE Request: libtiff: heap buffer overflow/read outside of array Ian Zimmerman (Nov 09)
- Re: Re: CVE Request: libtiff: heap buffer overflow/read outside of array Bob Friesenhahn (Nov 09)
- Re: CVE Request: libtiff: heap buffer overflow/read outside of array cve-assign (Nov 11)
- Re: CVE Request: Blind SQL Injection Vulnerability in Exponent CMS 2.4.0 cve-assign (Nov 18)
- Re: Vlany: A Linux (LD_PRELOAD) rootkit Rich Felker (Nov 10)
- Re: CVE request: MyBB multiple vulnerabilities cve-assign (Nov 17)
- Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 11)
- Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 16)
- Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 30)
- Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c Vladis Dronov (Nov 16)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso (Nov 20)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign (Nov 21)
- Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField() cve-assign (Nov 14)
- Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
- Re: Remote crash in MaraDNS 2.0.13 and git master Ondřej Surý (Nov 14)
- Re: Remote crash in MaraDNS 2.0.13 and git master cve-assign (Nov 14)
- Re: Re: Remote crash in MaraDNS 2.0.13 and git master Salvatore Bonaccorso (Dec 05)
- Re: CVE request: Jenkins remote code execution vulnerability cve-assign (Nov 14)
- Re: Imagemagick heap overflow cve-assign (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell - Update: Dracut is also vulnerable Hector Marco-Gisbert (Nov 14)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Leo Famulari (Nov 14)
- Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 15)
- Re: Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Jeremy Stanley (Nov 15)
- Re: [FD] [oss-security] CVE-2016-4484: - Cryptsetup Initrd root Shell Hector Marco (Nov 15)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 16)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 16)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 17)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 17)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 17)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 17)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell Jacobo Avariento (Nov 17)
- Linux encrypted boot security, was: CVE-2016-4484: - Cryptsetup Initrd root Shell Jason Cooper (Nov 18)
- Re: CVE-2016-4484: - Cryptsetup Initrd root Shell John Haxby (Nov 16)
- Re: jasper: multiple assertion failures cve-assign (Nov 16)
- Re: CVE Request - Webproxy Portlet - cross-user cache over-hits Andrew W Petro (Dec 06)
- Re: CVE Request: teeworlds: possible remote code execution on teeworlds client cve-assign (Nov 17)
- Re: bash - popd controlled free cve-assign (Nov 17)
- Re: CVE requests for Drupal core (SA-CORE-2016-005) cve-assign (Nov 18)
- Re: CVE-2016-9297 LibTIFF regression cve-assign (Nov 18)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 18)
- Re: CVE Request: gstreamer plugins Hanno Böck (Nov 19)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
- Re: CVE Request: gstreamer plugins cve-assign (Nov 23)
- Re: CVE Request: gstreamer plugins Alex Gaynor (Nov 22)
- RE: Multiple XSS vulnerabilities affecting five WordPress Plugins Scott Gravelle (Nov 21)
- Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Henri Salo (Nov 21)
- Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Kurt Seifried (Nov 21)
- Re: Multiple XSS vulnerabilities affecting five WordPress Plugins Henri Salo (Nov 21)
- Re: imagemagick: heap-based buffer overflow in IsPixelGray (pixel-accessor.h) cve-assign (Nov 22)
- Re: jasper: signed integer overflow in jas_image.c cve-assign (Nov 22)
- Re: libdwarf: negation overflow in dwarf_leb.c cve-assign (Nov 22)
- Re: imagemagick: null pointer must never be null (tiff.c) cve-assign (Nov 22)
- Re: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) cve-assign (Nov 22)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Michael Babker (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Solar Designer (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Ben Tasker (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Michael Babker (Nov 21)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Hanno Böck (Nov 22)
- Re: WordPress (all versions): SPOF, RCE, and Negligence Scott Arciszewski (Nov 22)
- Re: CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb cve-assign (Nov 22)
- <Possible follow-ups>
- CVE request - BigTree CMS 4.2.13 - Cross-Site Scripting (XSS) haojun hou (Dec 06)
- Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName cve-assign (Nov 24)
- Re: Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName Steven R. Loomis (Nov 25)
- Re: CVE Request: salt confidentiality issue cve-assign (Nov 25)
- Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Zhe Zhang (Nov 28)
- Message not available
- Re: CVE-2016-5393: Apache Hadoop Privilege escalation vulnerability Yongjun Zhang (Nov 29)
- Re: Xen Security Advisory 201 - ARM guests may induce host asynchronous abort cve-assign (Dec 04)
- Re: cve-request: linux kernel - memory leak in xfs attribute mechanism. cve-assign (Nov 30)
- Re: CVE request: Kernel: kvm: stack memory information leakage cve-assign (Dec 01)
- Re: gstreamer multiple issues cve-assign (Dec 04)
- Re: libav: multiple crashes from the Undefined Behavior Sanitizer Agostino Sarubbo (Dec 04)
- Re: libav: multiple crashes from the Undefined Behavior Sanitizer cve-assign (Dec 04)
- Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) cve-assign (Dec 04)
- Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) cve-assign (Dec 04)
- Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) cve-assign (Dec 04)
- Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Bob Friesenhahn (Dec 01)
- Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) cve-assign (Dec 04)
- Re: CVE Request: OpenAFS: directory information leaks (OPENAFS-SA-2016-003) cve-assign (Dec 02)
- Re: CVE request: Kernel: kvm: out of bounds memory access via vcpu_id cve-assign (Dec 02)
- Re: Important vulnerability in Dovecot (CVE-2016-8652) Aki Tuomi (Dec 05)
- Re: CVE request: tomcat privilege escalations in Debian packaging cve-assign (Dec 02)
- Re: CVE Request: Linux: signed overflows for SO_{SND|RCV}BUFFORCE cve-assign (Dec 02)
- Re: CVE request: -- Linux kernel: ALSA: use-after-free in,kill_fasync cve-assign (Dec 02)
- Re: CVE Request: -- Linux kernel: double free in netlink_dump cve-assign (Dec 04)
- Re: CVE Request: zlib security issues found during audit cve-assign (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow cve-assign (Dec 05)
- <Possible follow-ups>
- CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
- Re: CVE request Qemu: display: virtio-gpu: memory leakage while updating cursor cve-assign (Dec 05)
- Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Philip Pettersson (Dec 06)
- Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Hanno Böck (Dec 07)
- Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Salvatore Bonaccorso (Dec 07)
- Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Brad Spengler (Dec 07)
- Re: Re: CVE-2016-8655 Linux af_packet.c race condition (local root) Hanno Böck (Dec 07)
- Re: CVE request Qemu: usb: redirector: memory leakage when destroying cve-assign (Dec 07)
- Re: Opensource Python whitebox code analysis tool recommendations Grant Murphy (Dec 06)
- Re: Opensource Python whitebox code analysis tool recommendations Sarah Newman (Dec 08)
- Re: CVE request: Qemu: usb: ehci: memory leakage in ehci_init_transfer cve-assign (Dec 07)
- Re: CVE request Qemu: 9pfs: memory leakage via proxy/handle callbacks cve-assign (Dec 07)
- Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy Huawei PSIRT (Dec 08)
- Re: CVE request Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy cve-assign (Dec 08)
- Re: roundcube code execution via mail() cve-assign (Dec 08)
- Re: CVE request Qemu: char: use after free issue in char backend cve-assign (Dec 08)
- Re: CVE request: Linux panic on fragemented IPv6 traffic (icmp6_send) cve-assign (Dec 08)
- Re: Linux Kernel use-after-free in SCSI generic device interface Salvatore Bonaccorso (Dec 30)
- Re: Linux Kernel use-after-free in SCSI generic device interface cve-assign (Dec 30)
- Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Mathieu Pasquet (Dec 09)
- Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza cve-assign (Dec 11)
- Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited (Dec 12)
- Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited (Dec 12)
- Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Salvatore Bonaccorso (Dec 12)
- Re: Re: CVE Request: MCabber: remote attackers can modify the roster and intercept messages via a crafted roster-push IQ stanza Sam Whited (Dec 12)
- Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 cve-assign (Dec 12)
- Re: CVE Request: Potential DoS in Crypto++ ASN.1 parser cve-assign (Dec 12)
- Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Marcus Meissner (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Kurt Seifried (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Sona Sarmadi (Dec 14)
- Re: why many CVEs are ** RESERVED ** on Mitre Sevan Janiyan (Dec 14)
- Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files cve-assign (Dec 15)
- <Possible follow-ups>
- Re: CVE Request: FlightGear: Allows the route manager to overwrite arbitrary files Florent Rougon (Dec 16)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file Salvatore Bonaccorso (Dec 14)
- Re: CVE Request: Game Music Emulators: incorrect emulation of the SPC700 audio co-processor of SNES: arbitrary code execution via malformed SPC music file cve-assign (Dec 15)
- Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry (Dec 15)
- Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry (Dec 15)
- Re: CVE-2016-9584: heap use-after-free on libical Agustin Mista (Dec 19)
- Re: CVE-2016-9584: heap use-after-free on libical Brandon Perry (Dec 15)
- Re: CVE Request - Exim 4.69-4.87 - disclosure of private information cve-assign (Dec 15)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 20)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Kurt H Maier (Dec 21)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Jeffrey Walton (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Kurt Seifried (Dec 22)
- Re: CVE-2016-9963 Exim private information leak Johannes Segitz (Dec 22)
- CVE-2016-9963 Exim private information leak Heiko Schlittermann (Dec 18)
- CVE-2016-9963 (Was: CVE Request - Exim 4.69-4.87 - disclosure of private information) Heiko Schlittermann (Dec 23)
- CVE-2016-9963 | Exim 4.87.1 released (Was: CVE Request - Exim 4.69-4.87) - disclosure of private information) Heiko Schlittermann (Dec 25)
- Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues cve-assign (Dec 17)
- Re: CVE request - DCMTK remote stack buffer overflow cve-assign (Dec 17)
- Re: Announce: OpenSSH 7.4 released cve-assign (Dec 19)
- Re: CVE requests for various ImageMagick issues cve-assign (Dec 26)
- Re: CVE request: ikiwiki: authorization bypass when reverting changes cve-assign (Dec 20)
- Re: Curious about the security of my router fermwair. Seth Arnold (Dec 21)
- Re: Curious about the security of my router fermwair. tapper (Dec 22)
- Re: Curious about the security of my router fermwair. Agostino Sarubbo (Dec 22)
- <Possible follow-ups>
- Re: Curious about the security of my router fermwair. Nicholas Prowse (Dec 22)
- Re: Qt QXmlSimpleReader cve-assign (Dec 24)
- Re: tqdm: insecure use of git cve-assign (Dec 25)
- Re: tqdm: insecure use of git Jakub Wilk (Dec 27)
- Re: tqdm: insecure use of git cve-assign (Dec 28)
- Re: tqdm: insecure use of git Jakub Wilk (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Hanno Böck (Dec 26)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex (Dec 26)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex (Dec 26)
- Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess (Dec 26)
- Re: [security] [oss-security] PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Yannick Warnier (Dec 26)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Peter Bex (Dec 26)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Tracy Reed (Dec 26)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Michael Hess (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Florian Pritz (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: Buffer overflow in pycrypto cve-assign (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Michael Hess (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Solar Designer (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
- Re: libpng NULL pointer dereference bugfix cve-assign (Dec 30)
- Re: CVE request: Nagios: Incomplete fix for CVE-2016-8641 cve-assign (Dec 30)
- Re: CVE Request: UnRTF: stack-based buffer overflows in cmd_* functions cve-assign (Dec 31)