oss-sec: by date
272 messages
starting Jul 01 09 and
ending Sep 30 09
Date index |
Thread index |
Author index
Wednesday, 01 July
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Steven M. Christey
Re: CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Steven M. Christey
Re: CVE id request: compface Steven M. Christey
Re: CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS Steven M. Christey
Re: CVE id request: nagios Steven M. Christey
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde
Thursday, 02 July
CVE id request: drupal Nico Golde
CVE request: ruby on rails authenticate_with_http_digest bypass Thomas Biege
CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock Eugene Teo
[oCERT-2009-009] CamlImages integer overflows Andrea Barisani
Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz
Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani
Friday, 03 July
Re: CVE id request: compface Alex Legler
[oCERT-2009-007] FCKeditor input sanitization errors Andrea Barisani
[oCERT-2009-008] Dillo integer overflow Andrea Barisani
Saturday, 04 July
Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz
Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani
Monday, 06 July
CVE id request: xcftools Steffen Joeris
Re: CVE id request: xcftools Steffen Joeris
Tuesday, 07 July
Re: nagios: remote code execution Steven M. Christey
Monday, 13 July
CVE Request - MySQL <= 5.0.45 Jan Lieskovsky
[oCERT-2009-012] libtiff tools integer overflows Andrea Barisani
[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection Andrea Barisani
Tuesday, 14 July
CVE: Request Firefox 3.5 Stefan Behte
Re: CVE Request (syslog-ng) Solar Designer
Fixing the XML signature HMAC truncation authentication bypass Florian Weimer
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz
Wednesday, 15 July
CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID Eugene Teo
Thursday, 16 July
CVE request: XEmacs Multiple Integer Overflows Alex Legler
Re: CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID Marcus Meissner
[oCERT-2009-011] Android improper camera and audio permission verification Andrea Barisani
Friday, 17 July
Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia
Saturday, 18 July
CVE Request -- HTMLDOC Jan Lieskovsky
Sunday, 19 July
Re: CVE: Request Firefox 3.5 Reed Loden
Monday, 20 July
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Greg KH
squid DoS in external auth header parser Vincent Danen
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Julien Tinnes
Tuesday, 21 July
CVE Request -- WordPress Jan Lieskovsky
CVE request: Wireshark <1.2.1 Multiple DoS Alex Legler
CVE Request -- RubyGems Jan Lieskovsky
Re: CVE Request -- RubyGems Alex Legler
CVE Request -- znc Reed Loden
Wednesday, 22 July
Coverity / kernel issues Marcus Meissner
Re: CVE request: Wireshark <1.2.1 Multiple DoS Jan Lieskovsky
PHP security fix in 5.2.10 Tomas Hoger
Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Todd Sabin
Re: Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia
Friday, 24 July
md raid null ptr dereference (when sysfs is writable) Marcus Meissner
CVE duplicate notification (CVE-2009-2580 to be duplicate of CVE-2009-1862) Jan Lieskovsky
CVE Request -- Ocsinventory-Agent Jan Lieskovsky
nilfs-utils privilege escalation Tomas Hoger
CVE Request -- Drupal 6 Date / Calendar XSS vulnerability Jan Lieskovsky
Saturday, 25 July
Re: CVE Request -- Ocsinventory-Agent Nico Golde
camlimages: Integer overflows in GIF and JPEG readers Robert Buchholz
Re: CVE Request -- HTMLDOC Nico Golde
Re: md raid null ptr dereference (when sysfs is writable) Eugene Teo
Sunday, 26 July
Re: CVE Request -- HTMLDOC Alex Legler
CVE id request: mediawiki Nico Golde
Monday, 27 July
CVE id request: strongswan Ludwig Nussel
Re: CVE request: Wireshark <1.2.1 Multiple DoS Jan Lieskovsky
squid 3.x vulnerabilities Vincent Danen
CVE id request: mplayer and vlc Nico Golde
Tuesday, 28 July
Apache 2.2 HTTP Basic Auth bypass Solar Designer
Re: Apache 2.2 HTTP Basic Auth bypass ithilgore
Re: Apache 2.2 HTTP Basic Auth bypass Solar Designer
Re: squid 3.x vulnerabilities Steven M. Christey
debian bug report on bind9 DoS Vincent Danen
Re: debian bug report on bind9 DoS Thijs Kinkhorst
Re: debian bug report on bind9 DoS Vincent Danen
Re: debian bug report on bind9 DoS Robert Buchholz
Wednesday, 29 July
Re: debian bug report on bind9 DoS Nico Golde
CVE Request (django) Josh Bressers
Re: debian bug report on bind9 DoS Solar Designer
Re: debian bug report on bind9 DoS Solar Designer
Monday, 03 August
Re: http://www.securityfocus.com/bid/33672/info kernel issue Marcus Meissner
Re: CVE request: Wireshark <1.2.1 Multiple DoS Steven M. Christey
Re: squid DoS in external auth header parser security curmudgeon
CVE request - kernel: information leak in sigaltstack Eugene Teo
Tuesday, 04 August
CVE request - kernel: execve: must clear current->clear_child_tid Eugene Teo
Re: squid DoS in external auth header parser Nico Golde
Re: squid DoS in external auth header parser Vincent Danen
CVE request: Wordpress Alex Legler
Re: squid DoS in external auth header parser Nico Golde
Re: CVE request - kernel: information leak in sigaltstack Eugene Teo
Wednesday, 05 August
Re: CVE request: XEmacs Multiple Integer Overflows Thomas Biege
Re: CVE request: XEmacs Multiple Integer Overflows Vincent Danen
CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Henri Salo
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Steven M. Christey
Re: CVE request: XEmacs Multiple Integer Overflows Steven M. Christey
Re: CVE request - kernel: execve: must clear current->clear_child_tid Michael K. Johnson
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
CVE request: kernel: clock_nanosleep() with CLOCK_MONOTONIC_RAW NULL pointer dereference Eugene Teo
Sunday, 09 August
CVE id request: groff (pdfroff) Nico Golde
CVE id request: spip Nico Golde
CVE request: mantis Michael S. Gilbert
CVE request: kernel: parisc: isa-eeprom missing lower bound check Eugene Teo
Monday, 10 August
Re: CVE id request: groff (pdfroff) Tomas Hoger
CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading Eugene Teo
Wednesday, 12 August
CVE request: phpgroupware Alex Legler
CVE request: kernel: flat: fix uninitialized ptr with shared libs Eugene Teo
Thursday, 13 August
new root exploit from Brad Marcus Meissner
CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Eugene Teo
Friday, 14 August
Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Marcus Meissner
CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows Alex Legler
Re: CVE id request: groff (pdfroff) Solar Designer
Re: CVE id request: groff (pdfroff) Nico Golde
GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2) Jamie Strandboge
kernel issues pending CVE assignment dann frazier
Saturday, 15 August
mailfilter 0.8.2 fixes CVE-2007-1558 (APOP) Robert Buchholz
Re: kernel issues pending CVE assignment Jon Oberheide
Re: GnuTLS CVE-2009-2730 Patches Simon Josefsson
Sunday, 16 August
CVE request: kernel: cfg80211: missing NULL pointer checks Eugene Teo
Re: CVE request: kernel: cfg80211: missing NULL pointer checks Eugene Teo
Monday, 17 August
CVE Request -- OCS Inventory NG Jan Lieskovsky
SELinux and mmap_min_addr behaviour (CVE-2009-2695) Mark J Cox
Re: GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2) Jamie Strandboge
Re: GnuTLS CVE-2009-2730 Patches Jamie Strandboge
Tuesday, 18 August
Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Matthias Andree
Re: GnuTLS CVE-2009-2730 Patches Simon Josefsson
neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton
Re: CVE request: kernel: cfg80211: missing NULL pointer checks Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Steven M. Christey
Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Steven M. Christey
Re: CVE request: kernel: clock_nanosleep() with CLOCK_MONOTONIC_RAW NULL pointer dereference Steven M. Christey
Re: squid DoS in external auth header parser Steven M. Christey
Re: CVE request: Wordpress Steven M. Christey
Re: CVE Request -- WordPress Steven M. Christey
Re: CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows Steven M. Christey
Re: md raid null ptr dereference (when sysfs is writable) Steven M. Christey
Re: CVE request - kernel: execve: must clear current->clear_child_tid Steven M. Christey
Re: CVE request - kernel: information leak in sigaltstack Steven M. Christey
Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Eugene Teo
Wednesday, 19 August
CVE Request pidgin Josh Bressers
Thursday, 20 August
Re: neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton
Friday, 21 August
Re: "umbrella" CVE names (was: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass) Matthias Andree
expat bug 1990430 Robert Buchholz
Saturday, 22 August
Using NSS (Netscape Security Services) in setuid programs Florian Weimer
Sunday, 23 August
Follow oss_security on Twitter Eugene Teo
Monday, 24 August
CVE id request: pidgin Steffen Joeris
CVE-2009-2698 kernel: udp socket NULL ptr dereference Eugene Teo
Tuesday, 25 August
CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo
Re: CVE request - kernel: information leak in sigaltstack Solar Designer
Wednesday, 26 August
Re: expat bug 1990430 CERT-FI Vulnerability Coordination
Re: Re: expat bug 1990430 Steven M. Christey
Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo
Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo
Thursday, 27 August
Re: Re: CVE id request: php5 Tomas Hoger
Re: Re: expat bug 1990430 Joe Orton
Re: Re: CVE id request: php5 Steven M. Christey
Re: Re: expat bug 1990430 CERT-FI Vulnerability Coordination
Friday, 28 August
CVE request: perl-IO-Socket-SSL certificate hostname compare bug Ludwig Nussel
Saturday, 29 August
Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich
Sunday, 30 August
Re: CVE-2009-2698 kernel: udp socket NULL ptr dereference Eugene Teo
CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc Eugene Teo
Monday, 31 August
Re: Follow oss_security on Twitter Solar Designer
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich
CVE id request: silc-toolkit Nico Golde
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger
CVE id request: squirrelmail CSRF Nico Golde
Re: CVE id request: squirrelmail CSRF Tomas Hoger
Re: CVE id request: squirrelmail CSRF Nico Golde
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich
Re: CVE id request: pidgin Steven M. Christey
Re: CVE Request pidgin Steven M. Christey
Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steven M. Christey
Tuesday, 01 September
Re: CVE Request -- HTMLDOC Alex Legler
Re: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Steven M. Christey
Re: CVE id request: spip Steven M. Christey
Re: CVE Request -- OCS Inventory NG Steven M. Christey
Wednesday, 02 September
Re: CVE Request -- HTMLDOC Steven M. Christey
Monday, 07 September
viewvc: CVE request: XSS and illegal characters while printing name-value pairs Thomas Biege
Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs Alex Legler
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo
Tuesday, 08 September
CVE for recent cyrus-imap issue Sebastian Krahmer
Re: CVE for recent cyrus-imap issue Thomas Biege
CVE Request - Pidgin 2.6.2 Jan Lieskovsky
Re: CVE for recent cyrus-imap issue Chad Dougherty
Re: CVE for recent cyrus-imap issue Nico Golde
Re: CVE for recent cyrus-imap issue Steven M. Christey
CVE request - Debian/Ubuntu PAM auth module selection Kees Cook
CVE Request - glib symlink copying permission exposure Kees Cook
Wednesday, 09 September
CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky
CVE Request -- PostgreSQL Jan Lieskovsky
Re: CVE Request -- PostgreSQL Tomas Hoger
Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky
Re: CVE Request -- FreeRADIUS 1.1.8 Steven M. Christey
OpenOffice.org CVE-2009-2139 Tomas Hoger
Thursday, 10 September
Re: OpenOffice.org CVE-2009-2139 Thomas Biege
Re: OpenOffice.org CVE-2009-2139 Tomas Hoger
Friday, 11 September
Re: OpenOffice.org CVE-2009-2139 Tomas Hoger
Re: CVE id request: silc-toolkit Tomas Hoger
Re: CVE id request: silc-toolkit Steven M. Christey
Re: CVE id request: silc-toolkit Tomas Hoger
Saturday, 12 September
CVE request(?): Thin: Client IP spoofing Alex Legler
CVE request: serendipity freetag plugin Hanno Böck
Sunday, 13 September
CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo
Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Willy Tarreau
Monday, 14 September
Re: CVE for recent cyrus-imap issue Tomas Hoger
CVE-2009-1883 kernel: missing capability check in z90crypt Eugene Teo
Re: CVE-2009-1883 kernel: missing capability check in z90crypt Eugene Teo
Re: CVE-2009-1883 kernel: missing capability check in z90crypt Solar Designer
Tuesday, 15 September
CVE Request -- Horde 3.3.5 Jan Lieskovsky
Re: CVE Request -- Horde 3.3.5 Alex Legler
CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Eugene Teo
CVE request: kernel: cfg80211: fix looping soft lockup in find_ie() Eugene Teo
Wednesday, 16 September
CVE id request: changetrack Nico Golde
CVE-2008-4609 / Outpost24 TCP issues Marcus Meissner
Re: [Security] CVE-2008-4609 / Outpost24 TCP issues Willy Tarreau
watch for LDAP anonymous binds and empty passwords Steven M. Christey
Re: CVE request: kernel: tc: uninitialised kernel memory leak Steven M. Christey
Re: CVE Request -- Horde 3.3.5 Steven M. Christey
Re: CVE for recent cyrus-imap issue Steven M. Christey
Re: CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Steven M. Christey
Re: CVE id request: changetrack Steven M. Christey
Re: CVE request - Debian/Ubuntu PAM auth module selection Steven M. Christey
Re: CVE Request -- PostgreSQL Steven M. Christey
Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo
Thursday, 17 September
Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo
Re: CVE for recent cyrus-imap issue Tomas Hoger
Re: CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Marcus Meissner
Re: watch for LDAP anonymous binds and empty passwords yersinia
Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request Jan Lieskovsky
CVE request: VLC -- Stack-based buffer overflows in three demuxers Alex Legler
CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request Gerald Combs
Friday, 18 September
CVE Request -- PHP 5 - 5.2.11 Jan Lieskovsky
Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde
Re: CVE Request -- PHP 5 - 5.2.11 Joe Orton
Insecure pid directory permissions for postfix on Debian / Ubuntu Jamie Strandboge
Saturday, 19 September
Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde
Sunday, 20 September
Re: CVE Request -- PHP 5 - 5.2.11 yersinia
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo
Monday, 21 September
Re: OpenOffice.org CVE-2009-2139 Steven M. Christey
Re: CVE Request -- PHP 5 - 5.2.11 Steven M. Christey
Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Steven M. Christey
Tuesday, 22 September
Re: CVE request(?): Thin: Client IP spoofing Steven M. Christey
Re: CVE request: kernel: NULL pointer dereference in sg_build_indirect() Steven M. Christey
Re: CVE Request - glib symlink copying permission exposure Steven M. Christey
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Steven M. Christey
Re: CVE Request -- PHP 5 - 5.2.11 Steven M. Christey
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
Re: OpenOffice.org CVE-2009-2139 Marcus Meissner
Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo
Wednesday, 23 September
Re: More CVE-2009-2408 like issues Tomas Hoger
Three Shibboleth issues Florian Weimer
Thursday, 24 September
Re: CVE request: serendipity freetag plugin Steven M. Christey
Friday, 25 September
CVE Request -- Xen -- PyGrub Jan Lieskovsky
Monday, 28 September
CVE request: oping allows the disclosure of arbitrary file contents Steve Kemp
Wednesday, 30 September
Re: CVE Request (Sort of urgent) -- Xen -- PyGrub Jan Lieskovsky