oss-sec: by thread
596 messages
starting Jul 01 17 and
ending Sep 30 17
Date index |
Thread index |
Author index
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 01)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- <Possible follow-ups>
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
- Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 25)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 06)
- Re: accepting new members to (linux-)distros lists kseifried () redhat com (Jul 06)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 06)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 06)
- Re: accepting new members to (linux-)distros lists kseifried () redhat com (Jul 06)
- Re: accepting new members to (linux-)distros lists Salvatore Bonaccorso (Jul 08)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists kseifried () redhat com (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Kurt Seifried (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Kurt Seifried (Jul 14)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 14)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 01)
- systemd fails to parse user that should run service Daniel Skowroński (Jul 02)
- Re: systemd fails to parse user that should run service Pali Rohár (Jul 05)
- Re: systemd fails to parse user that should run service Marcus Meissner (Jul 05)
- Re: systemd fails to parse user that should run service Casper . Dik (Jul 05)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
- Re: systemd fails to parse user that should run service John Haxby (Jul 05)
- Re: systemd fails to parse user that should run service Daniel Micay (Jul 05)
- Re: systemd fails to parse user that should run service John Haxby (Jul 05)
- Re: systemd fails to parse user that should run service Daniel Micay (Jul 05)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
- Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
- Re: systemd fails to parse user that should run service Ben Tasker (Jul 05)
- Re: systemd fails to parse user that should run service Pali Rohár (Jul 05)
- Re: systemd fails to parse user that should run service Alan Coopersmith (Jul 05)
- Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
- Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
- Re: systemd fails to parse user that should run service Jeremy Stanley (Jul 05)
- Re: systemd fails to parse user that should run service Kristian Fiskerstrand (Jul 05)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 05)
- Re: systemd fails to parse user that should run service Ben Tasker (Jul 06)
- Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
- Re: systemd fails to parse user that should run service Robert Scheck (Jul 05)
- Re: systemd fails to parse user that should run service Patrick J. Volkerding (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
- Re: systemd fails to parse user that should run service Eric Blake (Jul 05)
- Re: systemd fails to parse user that should run service Jeffrey Walton (Jul 05)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
- Re: systemd fails to parse user that should run service Kurt Seifried (Jul 06)
- Re: systemd fails to parse user that should run service Pali Rohár (Jul 05)
- linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 02)
- RE: linux-distros list membership application - CloudLinux Bobby Broughton (Jul 02)
- Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
- Re: linux-distros list membership application - CloudLinux Dmitry V. Levin (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Leonid Kanter (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 02)
- CVE-2017-10788 for DBD::mysql (Re: [oss-security] Re: MySQL - use-after-free after mysql_stmt_close()) Pali Rohár (Jul 03)
- jabberd2: CVE-2017-10807: Allows to authenticate using SASL ANONYMOUS even if disabled Salvatore Bonaccorso (Jul 04)
- CVE-2017-10789: DBD::mysql - mysql_ssl=1 does not enforce encryption Pali Rohár (Jul 05)
- CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan (Jul 05)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Salvatore Bonaccorso (Jul 05)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan (Jul 05)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Solar Designer (Jul 05)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner (Jul 06)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan (Jul 05)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner (Jul 10)
- Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Salvatore Bonaccorso (Jul 05)
- LKML thread "mm: larger stack guard gap, between vmas" partially CC'ed to linux-distros Solar Designer (Jul 05)
- File upload vulnerability in Kindeditor <= 4.1.12 Larry W. Cashdollar (Jul 05)
- X.Org X Server stack overflow and information leak Marcus Meissner (Jul 06)
- Libgcrypt 1.7.8 fixes "Sliding right into disaster" RSA side-channel attack (CVE-2017-7526) Solar Designer (Jul 06)
- CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging P J P (Jul 07)
- CVE-2017-10810 Kernel: virtio-gpu: memory leakage while creating gpu object P J P (Jul 07)
- Irssi 1.0.4: CVE-2017-10965, CVE-2017-10966. Ailin Nemui (Jul 07)
- [ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Shalin Shekhar Mangar (Jul 07)
- Xen Security Advisory 217 (CVE-2017-10912) - page transfer may allow PV guest to elevate privilege Xen . org security team (Jul 07)
- Xen Security Advisory 219 (CVE-2017-10915) - x86: insufficient reference counts during shadow emulation Xen . org security team (Jul 07)
- Xen Security Advisory 216 (CVE-2017-10911) - blkif responses leak backend stack data Xen . org security team (Jul 07)
- Xen Security Advisory 221 (CVE-2017-10917) - NULL pointer deref in event channel poll Xen . org security team (Jul 07)
- Xen Security Advisory 220 (CVE-2017-10916) - x86: PKRU and BND* leakage between vCPU-s Xen . org security team (Jul 07)
- Xen Security Advisory 223 (CVE-2017-10919) - ARM guest disabling interrupt may crash Xen Xen . org security team (Jul 07)
- Xen Security Advisory 225 (CVE-2017-10923) - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team (Jul 07)
- Xen Security Advisory 222 (CVE-2017-10918) - stale P2M mappings due to insufficient error checking Xen . org security team (Jul 07)
- Xen Security Advisory 224 (CVE-2017-10920,CVE-2017-10921,CVE-2017-10922) - grant table operations mishandle reference counts Xen . org security team (Jul 07)
- Xen Security Advisory 218 (CVE-2017-10913,CVE-2017-10914) - Races in the grant table unmap code Xen . org security team (Jul 07)
- [ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series Lukasz Lenart (Jul 07)
- [cve-request () mitre org: Re: [scr357564] sqlite3 - fix in progress] Seth Arnold (Jul 07)
- [ANNOUNCE] Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670 Jeff Elsloo (Jul 07)
- Re: CVE for the TSIG issue in knot? Salvatore Bonaccorso (Jul 08)
- CVE ID for JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz (Jul 08)
- xar: NULL pointer dereference in xar_unserialize (archive.c) Agostino Sarubbo (Jul 10)
- xar: NULL pointer dereference in xar_get_path (util.c) Agostino Sarubbo (Jul 10)
- mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Seth Arnold (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Michal Zalewski (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Jonas Thiem (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)
- PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner (Jul 10)
- Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Stanislav Malyshev (Jul 10)
- Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Kurt Seifried (Jul 10)
- Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner (Jul 10)
- Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Stanislav Malyshev (Jul 10)
- Fwd: [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure Sailesh Mukil (Jul 10)
- CVE-2017-5640 Apache Impala (incubating) Information Disclosure Sailesh Mukil (Jul 10)
- Re: [scr358145] pcre-8.41 - 8.41 ben (Jul 10)
- Re: Re: [scr358145] pcre-8.41 - 8.41 Agostino Sarubbo (Jul 10)
- Jenkins plugins -- multiple vulnerabilities Daniel Beck (Jul 11)
- Re: Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 23)
- <Possible follow-ups>
- Jenkins plugins -- multiple vulnerabilities Daniel Beck (Aug 07)
- Blind SQL injection in wordpress plugin event-espresso-free v3.1.37.11.L, fixed in v3.1.37.12.L Larry W. Cashdollar (Jul 11)
- CVE-2017-11171: gnome-session: Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c Matthias Gerstner (Jul 12)
- CVE-2017-7678 Apache Spark XSS web UI MHTML vulnerability Sean Owen (Jul 12)
- Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap ???????????? (Jul 12)
- Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap Zach W (Jul 13)
- Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap 598930392 () qq com (Jul 14)
- Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap GbigMao (Jul 17)
- Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap Zach W (Jul 13)
- CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak (Jul 12)
- [ANN] Apache Struts 2.5.12 GA with Security Fixes Release Lukasz Lenart (Jul 13)
- CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 William A Rowe Jr (Jul 13)
- CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest William A Rowe Jr (Jul 13)
- CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Johannes Segitz (Jul 13)
- Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Hanno Böck (Jul 14)
- Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Brandon Perry (Jul 14)
- Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Seth Arnold (Jul 14)
- Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Marcus Meissner (Sep 04)
- CVE-2017-7663 - Apache OpenMeetings - XSS in chat Maxim Solodovnik (Jul 13)
- CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers Maxim Solodovnik (Jul 13)
- CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords Maxim Solodovnik (Jul 13)
- CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy Maxim Solodovnik (Jul 13)
- CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services Maxim Solodovnik (Jul 13)
- CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass Maxim Solodovnik (Jul 13)
- CVE-2017-7683 - Apache OpenMeetings - Information Disclosure Maxim Solodovnik (Jul 13)
- CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload Maxim Solodovnik (Jul 13)
- CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods Maxim Solodovnik (Jul 13)
- CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update Maxim Solodovnik (Jul 13)
- firewalld: lockdown whitelist cmdline access check is not secure Matthias Gerstner (Jul 13)
- CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation Maxim Solodovnik (Jul 13)
- CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations Kristian Fiskerstrand (Jul 14)
- Estimate for the total number of exploitable bugs in large linux distro? Georgi Guninski (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Greg KH (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Steven Miano (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Alan Coopersmith (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Hanno Böck (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Steve Grubb (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Santiago Torres (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Kurt Seifried (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Javantea (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Kristian Fiskerstrand (Jul 14)
- ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 16)
- Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Matthew Daley (Jul 19)
- Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 19)
- Re: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Kurt Seifried (Jul 19)
- Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 19)
- Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo (Jul 23)
- Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Matthew Daley (Jul 19)
- ImageMagick: CVE-2017-11352: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) Salvatore Bonaccorso (Jul 16)
- yadm: CVE-2017-11353: race condition allows access to SSH and PGP keys Salvatore Bonaccorso (Jul 16)
- CVE-2017-11343 CHICKEN Scheme: algorithmic complexity attack in hash tables Peter Bex (Jul 16)
- CVE-2017-11334 Qemu: exec: oob access during dma operation P J P (Jul 17)
- 11 remote vulnerabilities (inc. 2x RCE) in FreeRADIUS packet parsers Guido Vranken (Jul 17)
- graphicsmagick: use-after-free in CloseBlob (blob.c) Agostino Sarubbo (Jul 18)
- CVE-2016-6798 : Apache Sling XXE vulnerability Bertrand Delacretaz (Jul 18)
- CVE-2016-5394 : Apache Sling XSS vulnerability Bertrand Delacretaz (Jul 18)
- CoreOS membership to linux-distros (updated) Euan Kemp (Jul 18)
- Re: CoreOS membership to linux-distros (updated) Kees Cook (Jul 18)
- Re: CoreOS membership to linux-distros (updated) gremlin (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Greg KH (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Jesse Hertz (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Stiepan (Jul 21)
- Re: CoreOS membership to linux-distros (updated) Nicolas RUFF (Jul 21)
- Re: CoreOS membership to linux-distros (updated) Greg KH (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 21)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 31)
- Re: CoreOS membership to linux-distros (updated) akuster (Aug 01)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 01)
- Re: CoreOS membership to linux-distros (updated) Johannes Segitz (Aug 02)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 02)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 31)
- CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Hooman Ghasem Broujerdi (Jul 18)
- Re: CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Salvatore Bonaccorso (Jul 19)
- CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options P J P (Jul 18)
- gnome-exe-thumbnailer: CVE-2017-11421: VBScript script injection when generating thumbnails for MSI files Salvatore Bonaccorso (Jul 19)
- Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Alan Coopersmith (Jul 19)
- Re: Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Andreas Stieger (Jul 19)
- NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Graham Christensen (Jul 19)
- Re: NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Franz Pletz (Jul 21)
- phamm: CVE-2017-0378: reflected XSS in login page Salvatore Bonaccorso (Jul 19)
- [OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu Luke Hinds (Jul 21)
- CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine P J P (Jul 21)
- pagure: private repositories accessible through ssh Stefan Bühler (Jul 22)
- Re: pagure: private repositories accessible through ssh Patrick Uiterwijk (Jul 22)
- tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner (Jul 24)
- CVE-2017-7541: Linux kernel: Memory corruption due to a buffer overflow in brcmf_cfg80211_mgmt_tx() Vladis Dronov (Jul 24)
- [CVE-2015-5191] local privilege escalation in Open VMware Tools VMware Security Response Center (Jul 24)
- WebKitGTK+ Security Advisory WSA-2017-0006 Carlos Alberto Lopez Perez (Jul 25)
- Four memory safety bugs in "sipcrack" package (2 CVE IDs) Dhiru Kholia (Jul 26)
- Cacti: CVE-2017-11691: Cross-site scripting vulnerability in user profile management page (auth_profile.php) Salvatore Bonaccorso (Jul 26)
- CVE-2017-11671: GCC generates incorrect code for RDRAND/RDSEED intrinsics Florian Weimer (Jul 27)
- Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak sohu0106 (Jul 30)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby (Jul 31)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak Solar Designer (Jul 31)
- Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby (Jul 31)
- Linux kernel: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak sohu0106 (Jul 30)
- Potential security bugs in "eapmd5pass" software (3 CVE IDs) Dhiru Kholia (Jul 31)
- Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad (Aug 01)
- Re: Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad (Aug 01)
- Syslog forwarding with IP spoofing Александр Носарев (Aug 01)
- Re: Syslog forwarding with IP spoofing Solar Designer (Aug 01)
- Re: Syslog forwarding with IP spoofing Mikhail Utin (Aug 01)
- Re: Syslog forwarding with IP spoofing Kurt Seifried (Aug 01)
- Re: Syslog forwarding with IP spoofing Mikhail Utin (Aug 01)
- Re: Syslog forwarding with IP spoofing Sean Cassidy (Aug 01)
- Re: Syslog forwarding with IP spoofing Solar Designer (Aug 01)
- CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty Stefan Bodewig (Aug 01)
- Re: MySQL - use-after-free after mysql_stmt_close() Tomas Hoger (Aug 02)
- Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Aug 03)
- CVE-2017-11742 - Expat 2.2.{1,2} LoadLibrary DLL hijacking vulnerability on Windows Sebastian Pipping (Aug 02)
- [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 03)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() John Haxby (Aug 03)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Brad Spengler (Aug 05)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Solar Designer (Aug 10)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov (Aug 07)
- Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() John Haxby (Aug 03)
- Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Kurt Seifried (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Solar Designer (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov (Sep 01)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
- Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH (Aug 04)
- CVE-2017-12419: Arbitrary File Read in MantisBT install.php script Damien Regad (Aug 04)
- Cve issue discussion ne xo (Aug 06)
- Re: Cve issue discussion Agostino Sarubbo (Aug 07)
- RE: Cve issue discussion ne xo (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Marcus Meissner (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Bob Friesenhahn (Aug 07)
- Re: Cve issue discussion John Haxby (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- Re: Cve issue discussion Jesse Hertz (Aug 07)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 07)
- RE: Cve issue discussion ne xo (Aug 09)
- Re: Cve issue discussion Glenn Randers-Pehrson (Aug 09)
- Re: Cve issue discussion Jesse Hertz (Aug 09)
- RE: Cve issue discussion ne xo (Aug 07)
- Re: Cve issue discussion Agostino Sarubbo (Aug 07)
- Jenkins SAML Plugin 1.0.2 and earlier stored secrets unencrypted Daniel Beck (Aug 08)
- [SECURITY ADVISORY] curl: URL globbing out of bounds read Daniel Stenberg (Aug 08)
- [SECURITY ADVISORY] curl: TFTP sends more than buffer size Daniel Stenberg (Aug 08)
- [SECURITY ADVISORY] curl: FILE buffer read out of bounds Daniel Stenberg (Aug 08)
- Re: [SECURITY ADVISORY] curl: FILE buffer read out of bounds Yiteng Zhang (Aug 11)
- CVE-2017-12425: Varnish HTTP Cache 4.0.1 to 5.1.2 DoS vulnerability Evy Bongers (Aug 09)
- [CVE-2017-9799] Apache Storm Possible Code Execution As A Different User P. Taylor Goetz (Aug 09)
- CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller (Aug 10)
- Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller (Aug 16)
- CVE-2017-12762: buffer overflow in ISDN linux driver Annie Cherkaev (Aug 10)
- [SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released Daniel Shahaf (Aug 10)
- [ANN] Apache Struts: S2-049 Security Bulletin update Lukasz Lenart (Aug 10)
- Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov (Aug 10)
- Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov (Aug 13)
- Linux kernel: CVE-2017-1000111: heap out-of-bounds in AF_PACKET sockets Willem de Bruijn (Aug 10)
- CVS and ssh command injection (see CVE-2017-1000117, etc.) Hank Leininger (Aug 10)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso (Aug 11)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hanno Böck (Aug 20)
- Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger (Aug 11)
- Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal (Aug 12)
- [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. 连一汉 (Aug 14)
- CVE-2017-9802: Apache Sling XSS vulnerability Robert Munteanu (Aug 14)
- UnRAR: directory traversal + memory safety bugs Jakub Wilk (Aug 14)
- Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
- Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
- Re: Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner (Aug 18)
- Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 15)
- <Possible follow-ups>
- Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 17)
- Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team (Aug 29)
- Xen Security Advisory 227 (CVE-2017-12137) - x86: PV privilege escalation via map_grant_ref Xen . org security team (Aug 15)
- Xen Security Advisory 228 (CVE-2017-12136) - grant_table: Race conditions with maptrack free list handling Xen . org security team (Aug 15)
- Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation Xen . org security team (Aug 15)
- Xen Security Advisory 230 - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team (Aug 15)
- Xen Security Advisory 230 (CVE-2017-12855) - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team (Aug 15)
- CVE-2017-12850, CVE-2017-12851: Privilege Escalation in Kanboard <= v1.0.45 chbi (Aug 15)
- Insecure DNS dependency in many Kerberos deployments Florian Weimer (Aug 16)
- Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor (Aug 16)
- Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery (Aug 16)
- Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor (Aug 16)
- Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery (Aug 17)
- Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor (Aug 16)
- imagemagick: use-after-free in DestroyImage (image.c) Agostino Sarubbo (Aug 16)
- imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c) Agostino Sarubbo (Aug 16)
- CVE-2017-12882, CVE-2017-12881: Stored XSS and CSRF on Spring Batch Admin before 1.3.0 Wen Bin Kong (Aug 16)
- CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 06)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Sep 07)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation kseifried () redhat com (Sep 11)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky (Aug 18)
- Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor (Aug 16)
- CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings Doran Moppert (Aug 16)
- [OpenStack OSSN 0080] Aodh can be used to launder Keystone trusts Luke Hinds (Aug 17)
- CVE-2017-11746: tenshi privilege escalation via PID file manipulation Michael Orlitzky (Aug 17)
- libfpx: divide-by-zero in CDirVector::GetTable (dirfunc.hxx) Agostino Sarubbo (Aug 17)
- libfpx: NULL pointer dereference in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo (Aug 17)
- libfpx: NULL pointer dereference in PFileFlashPixView::GetGlobalInfoProperty (f_fpxvw.cpp) Agostino Sarubbo (Aug 17)
- libfpx: NULL pointer dereference in wchar.c Agostino Sarubbo (Aug 17)
- libfpx: NULL pointer dereference in CDirectory::GetDirEntry (dir.cxx) Agostino Sarubbo (Aug 17)
- libfpx: heap-based buffer overflow in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo (Aug 17)
- libfpx: double-free in DfFromLB (docfile.cxx) Agostino Sarubbo (Aug 17)
- graphicsmagick: use-after-free in ReadWMFImage (wmf.c) Agostino Sarubbo (Aug 18)
- graphicsmagick: invalid memory read in SetImageColorCallBack (image.c) Agostino Sarubbo (Aug 18)
- graphicsmagick: heap-based buffer overflow in ReadSUNImage (sun.c) Agostino Sarubbo (Aug 18)
- cacti: CVE-2017-12927: XSS vulnerability in spikekill.php via method parameter Salvatore Bonaccorso (Aug 18)
- unrar-free/unrar-gpl: directory traversal and other issues Hanno Böck (Aug 20)
- Re: unrar-free/unrar-gpl: directory traversal and other issues Salvatore Bonaccorso (Sep 03)
- openjpeg: memory allocation failure in opj_aligned_alloc_n (opj_malloc.c) Agostino Sarubbo (Aug 20)
- CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference P J P (Aug 21)
- libmirage: NULL pointer dereference in mirage_stream_get_filename (stream.c) Agostino Sarubbo (Aug 21)
- PowerDNS Security Advisories for dnsdist 2017-01 and 2017-02 Remi Gacogne (Aug 21)
- Re: CVE Request: Multiple security issues in OpenJPEG Alan Coopersmith (Aug 22)
- Re: CVE Request: Multiple security issues in OpenJPEG Vladis Dronov (Aug 23)
- <Possible follow-ups>
- RE: CVE Request: Multiple security issues in OpenJPEG 刘科 (Aug 25)
- CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() Vladis Dronov (Aug 23)
- Authenticated Blind SQL Injection vulnerability in Wordpress plugin rk-responsive-contact-form v1.0 Larry W. Cashdollar (Aug 23)
- Xen Security Advisory 235 - add-to-physmap error paths fail to release lock on ARM Xen . org security team (Aug 23)
- CVE-2017-13649: UnrealIRCd privilege escalation via PID file manipulation Michael Orlitzky (Aug 23)
- Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 24)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold (Aug 24)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov (Aug 29)
- Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold (Aug 24)
- Blind SQL Injection in Wordpress plugin wordpress-gallery-transformation v1.0 Larry W. Cashdollar (Aug 25)
- WebKitGTK+ Security Advisory WSA-2017-0007 Carlos Alberto Lopez Perez (Aug 25)
- CVE-2017-13709: Incorrect access control in FlightGear Florent Rougon (Aug 27)
- Re: Integer overflow in bttv driver Greg KH (Aug 28)
- openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo (Aug 28)
- Re: openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo (Sep 01)
- openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo (Aug 28)
- Re: openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo (Sep 01)
- openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo (Aug 28)
- Re: openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo (Sep 01)
- graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo (Aug 28)
- Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo (Sep 01)
- A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
- Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
- Re: A bunch of duplicate CVEs requested for?? bho.. Bob Friesenhahn (Aug 29)
- Re: A bunch of duplicate CVEs requested for?? bho.. Kurt Seifried (Aug 29)
- Re: A bunch of duplicate CVEs requested for?? bho.. Henri S. (Aug 29)
- Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
- Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. cve-request (Aug 29)
- Re: Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo (Aug 29)
- CVE-2017-13711 Qemu: Slirp: use-after-free when sending response P J P (Aug 29)
- ConnMan #ConnManDo Vulnerability Daisuke Noguchi[NRIセキュア 野口] (Aug 29)
- CVE-2017-13672 Qemu: vga: OOB read access during display update P J P (Aug 30)
- CVE-2017-13673 Qemu: vga: reachable assert failure during during display update P J P (Aug 30)
- Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update Salvatore Bonaccorso (Sep 10)
- A recommendation for maintainers of BIND packages (re: DNSSEC validation) ISC Security Officer (Aug 30)
- RubyGems flaws Kurt Seifried (Aug 30)
- Re: RubyGems flaws Marcus Meissner (Aug 30)
- mbed TLS: CVE-2017-14032: Bypass of authentication of peer possible when the authentication mode is configured as 'optional' Salvatore Bonaccorso (Aug 30)
- CVE-2017-13777: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩 (Aug 30)
- CVE-2017-13776: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩 (Aug 30)
- CVE-2017-13775: GraphicsMagick 1.3.26 Denial of Service issue in ReadJNXImage() in coders/jnx.c 孙浩 (Aug 30)
- CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire (Aug 31)
- Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Salvatore Bonaccorso (Aug 31)
- Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire (Aug 31)
- Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Salvatore Bonaccorso (Aug 31)
- graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo (Sep 01)
- Re: graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo (Sep 01)
- CVE-2017-14106 kernel: net/ipv4: divide by 0 in __tcp_select_window() Vasily Averin (Sep 01)
- libzip: memory allocation failure in _zip_cdir_grow (zip_dirent.c) Agostino Sarubbo (Sep 02)
- libzip: use-after-free in _zip_buffer_free (zip_buffer.c) Agostino Sarubbo (Sep 02)
- CVE-2017-14102: MIMEDefang privilege escalation via PID file manipulation Michael Orlitzky (Sep 03)
- [ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart (Sep 05)
- Re: [ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart (Sep 05)
- CVE-2017-1000249: file: stack based buffer overflow Thomas Jarosch (Sep 05)
- Django security releases issued: 1.11.5 and 1.10.8 Tim Graham (Sep 05)
- openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c) Agostino Sarubbo (Sep 06)
- openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) Agostino Sarubbo (Sep 06)
- openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152) Agostino Sarubbo (Sep 06)
- graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo (Sep 06)
- libarchive: heap-based buffer overflow in xml_data (archive_read_support_format_xar.c) Agostino Sarubbo (Sep 06)
- [ANN] Apache Struts 2.3.34 General Availability with Security Fixes Release Lukasz Lenart (Sep 07)
- CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image P J P (Sep 07)
- aacplusenc: NULL pointer dereference in DeleteBitBuffer (bitbuffer.c) Agostino Sarubbo (Sep 07)
- Tcpdump 4.9.2 Leo Famulari (Sep 07)
- Re: Tcpdump 4.9.2 Raphael Geissert (Sep 08)
- Re: Tcpdump 4.9.2 Peter Korsgaard (Sep 08)
- Re: Tcpdump 4.9.2 Jerry Lundström (Sep 08)
- Re: Tcpdump 4.9.2 akuster (Sep 13)
- Re: Tcpdump 4.9.2 Peter Korsgaard (Sep 08)
- Re: Tcpdump 4.9.2 Raphael Geissert (Sep 08)
- CVE-2017-12612 Unsafe deserialization in Apache Spark launcher API Sean Owen (Sep 08)
- Arch Linux and tcpdump 4.9.2 Denis Ovsienko (Sep 08)
- GNU Emacs 25.2 enriched text remote code execution Paul Eggert (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 14)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Florian Weimer (Sep 12)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- CVE-2017-14159: OpenLDAP privilege escalation via PID file manipulation Michael Orlitzky (Sep 11)
- Xen Security Advisory 231 (CVE-2017-14316) - Missing NUMA node parameter verification Xen . org security team (Sep 12)
- Xen Security Advisory 232 (CVE-2017-14318) - Missing check for grant table Xen . org security team (Sep 12)
- Xen Security Advisory 233 (CVE-2017-14317) - cxenstored: Race in domain cleanup Xen . org security team (Sep 12)
- Xen Security Advisory 234 (CVE-2017-14319) - insufficient grant unmapping checks for x86 PV guests Xen . org security team (Sep 12)
- Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg() Salvatore Bonaccorso (Sep 12)
- CVE-2017-14340: Linux kernel: xfs: unprivileged user kernel oops Dave Chinner (Sep 13)
- CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data() Vladis Dronov (Sep 13)
- Linux BlueBorne vulnerabilities Armis Security (Sep 13)
- Re: Linux BlueBorne vulnerabilities Petr Matousek (Sep 14)
- Re: Linux BlueBorne vulnerabilities Armis Security (Sep 14)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 14)
- Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 15)
- Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 27)
- Re: Linux BlueBorne vulnerabilities Armis Security (Sep 14)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 14)
- Re: Linux BlueBorne vulnerabilities Petr Matousek (Sep 14)
- tcpdump 4.9.2 is fully available Denis Ovsienko (Sep 13)
- Re: tcpdump 4.9.2 is fully available Solar Designer (Sep 14)
- Re: tcpdump 4.9.2 is fully available Levente Polyak (Sep 14)
- Re: tcpdump 4.9.2 is fully available Leo Famulari (Sep 24)
- Re: tcpdump 4.9.2 is fully available Levente Polyak (Sep 14)
- Re: tcpdump 4.9.2 is fully available Solar Designer (Sep 14)
- mp3gain: stack-based buffer overflow in filterYule (gain_analysis.c) Agostino Sarubbo (Sep 14)
- mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Simon McVittie (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis (Sep 14)
- Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Simon McVittie (Sep 14)
- mp3gain: stack-based buffer overflow in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- mp3gain: global buffer overflow in III_dequantize_sample (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
- mp3gain: stack-based buffer overflow in dct36 (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
- mp3gain: invalid memory write in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo (Sep 14)
- mp3gain: global buffer overflow in III_i_stereo (mpglibDBL/layer3.c) Agostino Sarubbo (Sep 14)
- mp3gain: memcpy-param-overlap in set_pointer (mpglibDBL/common.c) Agostino Sarubbo (Sep 14)
- CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Jan H. Schönherr (Sep 15)
- Podbeuter podcast fetcher: remote code execution Alexander Batischev (Sep 16)
- Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 16)
- Re: Podbeuter podcast fetcher: remote code execution Alexander Batischev (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Alexander Batischev (Sep 17)
- Re: Podbeuter podcast fetcher: remote code execution Solar Designer (Sep 16)
- [OSSN-0081] sha512_crypt is insufficient for password hashing Luke Hinds (Sep 17)
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer (Sep 17)
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jordan Glover (Sep 18)
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jeremy Stanley (Sep 18)
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer (Sep 27)
- <Possible follow-ups>
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Nicholas Prowse (Sep 18)
- Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer (Sep 17)
- CVE-2017-14312: Nagios core root privilege escalation via insecure permissions Michael Orlitzky (Sep 17)
- CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov (Sep 18)
- Re: CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov (Sep 18)
- Optionsbleed bug in Apache HTTPD Hanno Böck (Sep 18)
- [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello (Sep 18)
- Message not available
- Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello (Sep 19)
- Message not available
- <Possible follow-ups>
- Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Salvatore Bonaccorso (Sep 22)
- Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Solar Designer (Sep 21)
- Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Salvatore Bonaccorso (Sep 25)
- Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Guido Günther (Sep 30)
- Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch (Sep 21)
- Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch (Sep 21)
- Re: CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Vladis Dronov (Sep 25)
- Re: Why send bugs embargoed to distros? Levente Polyak (Sep 23)
- Re: Why send bugs embargoed to distros? Anthony Liguori (Sep 23)
- Re: Why send bugs embargoed to distros? Simon McVittie (Sep 23)
- Re: Why send bugs embargoed to distros? Marc Deslauriers (Sep 23)
- Re: Why send bugs embargoed to distros? Kurt H Maier (Sep 23)
- Re: Why send bugs embargoed to distros? Till Dörges (Sep 23)
- Re: Why send bugs embargoed to distros? Marcus Meissner (Sep 23)
- Re: Why send bugs embargoed to distros? Ludovic Courtès (Sep 24)
- Re: Why send bugs embargoed to distros? Igor Seletskiy (Sep 24)
- Re: Why send bugs embargoed to distros? John Haxby (Sep 25)
- Re: Why send bugs embargoed to distros? Cliff Perry (Sep 25)
- Re: Why send bugs embargoed to distros? Leo Famulari (Sep 25)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 25)
- Re: Linux kernel CVEs not mentioned on oss-security Priedhorsky, Reid (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Simon McVittie (Sep 25)
- Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Nicholas Luedtke (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Muhammed Mustapha Abiola (Sep 27)
- Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 27)
- Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 28)
- Re: Linux kernel CVEs not mentioned on oss-security Salvatore Bonaccorso (Sep 28)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 28)
- Re: Linux kernel CVEs not mentioned on oss-security Brad Spengler (Sep 28)
- Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Marcus Meissner (Sep 27)
- Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Sep 26)
- Re: Linux kernel CVEs not mentioned on oss-security Solar Designer (Sep 27)
- Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Efraim Flashner (Sep 27)
- Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Agostino Sarubbo (Sep 29)
- Re: Advisory: Git cvsserver OS Command Injection Salvatore Bonaccorso (Sep 28)
- Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Solar Designer (Sep 27)
- Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure David Jardin (Sep 28)
- Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure Larry W. Cashdollar (Sep 28)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Guido Vranken (Sep 28)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Sep 28)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Hanno Böck (Sep 29)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Kurt Seifried (Sep 29)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Sep 28)