oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

272 messages starting Jul 01 09 and ending Sep 30 09
Date index | Thread index | Author index

Wednesday, 01 July

Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Steven M. Christey
Re: CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Steven M. Christey
Re: CVE id request: compface Steven M. Christey
Re: CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS Steven M. Christey
Re: CVE id request: nagios Steven M. Christey
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde

Thursday, 02 July

CVE id request: drupal Nico Golde
CVE request: ruby on rails authenticate_with_http_digest bypass Thomas Biege
CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock Eugene Teo
[oCERT-2009-009] CamlImages integer overflows Andrea Barisani
Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz
Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani

Friday, 03 July

Re: CVE id request: compface Alex Legler
[oCERT-2009-007] FCKeditor input sanitization errors Andrea Barisani
[oCERT-2009-008] Dillo integer overflow Andrea Barisani

Saturday, 04 July

Re: [oCERT-2009-009] CamlImages integer overflows Robert Buchholz
Re: [oCERT-2009-009] CamlImages integer overflows Andrea Barisani

Monday, 06 July

CVE id request: xcftools Steffen Joeris
Re: CVE id request: xcftools Steffen Joeris

Tuesday, 07 July

Re: nagios: remote code execution Steven M. Christey

Monday, 13 July

CVE Request - MySQL <= 5.0.45 Jan Lieskovsky
[oCERT-2009-012] libtiff tools integer overflows Andrea Barisani
[oCERT-2009-010] mimeTeX and mathTeX buffer overflows and command injection Andrea Barisani

Tuesday, 14 July

CVE: Request Firefox 3.5 Stefan Behte
Re: CVE Request (syslog-ng) Solar Designer
Fixing the XML signature HMAC truncation authentication bypass Florian Weimer
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz
Re: Fixing the XML signature HMAC truncation authentication bypass Robert Buchholz

Wednesday, 15 July

CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID Eugene Teo

Thursday, 16 July

CVE request: XEmacs Multiple Integer Overflows Alex Legler
Re: CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID Marcus Meissner
[oCERT-2009-011] Android improper camera and audio permission verification Andrea Barisani

Friday, 17 July

Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia

Saturday, 18 July

CVE Request -- HTMLDOC Jan Lieskovsky

Sunday, 19 July

Re: CVE: Request Firefox 3.5 Reed Loden

Monday, 20 July

Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Marcus Meissner
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Brad Spengler
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Solar Designer
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Greg KH
squid DoS in external auth header parser Vincent Danen
Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Julien Tinnes

Tuesday, 21 July

CVE Request -- WordPress Jan Lieskovsky
CVE request: Wireshark <1.2.1 Multiple DoS Alex Legler
CVE Request -- RubyGems Jan Lieskovsky
Re: CVE Request -- RubyGems Alex Legler
CVE Request -- znc Reed Loden

Wednesday, 22 July

Coverity / kernel issues Marcus Meissner
Re: CVE request: Wireshark <1.2.1 Multiple DoS Jan Lieskovsky
PHP security fix in 5.2.10 Tomas Hoger
Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable Todd Sabin
Re: Re: [Dailydave] [oss-security] Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable yersinia

Friday, 24 July

md raid null ptr dereference (when sysfs is writable) Marcus Meissner
CVE duplicate notification (CVE-2009-2580 to be duplicate of CVE-2009-1862) Jan Lieskovsky
CVE Request -- Ocsinventory-Agent Jan Lieskovsky
nilfs-utils privilege escalation Tomas Hoger
CVE Request -- Drupal 6 Date / Calendar XSS vulnerability Jan Lieskovsky

Saturday, 25 July

Re: CVE Request -- Ocsinventory-Agent Nico Golde
camlimages: Integer overflows in GIF and JPEG readers Robert Buchholz
Re: CVE Request -- HTMLDOC Nico Golde
Re: md raid null ptr dereference (when sysfs is writable) Eugene Teo

Sunday, 26 July

Re: CVE Request -- HTMLDOC Alex Legler
CVE id request: mediawiki Nico Golde

Monday, 27 July

CVE id request: strongswan Ludwig Nussel
Re: CVE request: Wireshark <1.2.1 Multiple DoS Jan Lieskovsky
squid 3.x vulnerabilities Vincent Danen
CVE id request: mplayer and vlc Nico Golde

Tuesday, 28 July

Apache 2.2 HTTP Basic Auth bypass Solar Designer
Re: Apache 2.2 HTTP Basic Auth bypass ithilgore
Re: Apache 2.2 HTTP Basic Auth bypass Solar Designer
Re: squid 3.x vulnerabilities Steven M. Christey
debian bug report on bind9 DoS Vincent Danen
Re: debian bug report on bind9 DoS Thijs Kinkhorst
Re: debian bug report on bind9 DoS Vincent Danen
Re: debian bug report on bind9 DoS Robert Buchholz

Wednesday, 29 July

Re: debian bug report on bind9 DoS Nico Golde
CVE Request (django) Josh Bressers
Re: debian bug report on bind9 DoS Solar Designer
Re: debian bug report on bind9 DoS Solar Designer

Monday, 03 August

Re: http://www.securityfocus.com/bid/33672/info kernel issue Marcus Meissner
Re: CVE request: Wireshark <1.2.1 Multiple DoS Steven M. Christey
Re: squid DoS in external auth header parser security curmudgeon
CVE request - kernel: information leak in sigaltstack Eugene Teo

Tuesday, 04 August

CVE request - kernel: execve: must clear current->clear_child_tid Eugene Teo
Re: squid DoS in external auth header parser Nico Golde
Re: squid DoS in external auth header parser Vincent Danen
CVE request: Wordpress Alex Legler
Re: squid DoS in external auth header parser Nico Golde
Re: CVE request - kernel: information leak in sigaltstack Eugene Teo

Wednesday, 05 August

Re: CVE request: XEmacs Multiple Integer Overflows Thomas Biege
Re: CVE request: XEmacs Multiple Integer Overflows Vincent Danen
CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Henri Salo
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Steven M. Christey
Re: CVE request: XEmacs Multiple Integer Overflows Steven M. Christey
Re: CVE request - kernel: execve: must clear current->clear_child_tid Michael K. Johnson
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Tomas Hoger
Re: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass Matthias Andree
CVE request: kernel: clock_nanosleep() with CLOCK_MONOTONIC_RAW NULL pointer dereference Eugene Teo

Sunday, 09 August

CVE id request: groff (pdfroff) Nico Golde
CVE id request: spip Nico Golde
CVE request: mantis Michael S. Gilbert
CVE request: kernel: parisc: isa-eeprom missing lower bound check Eugene Teo

Monday, 10 August

Re: CVE id request: groff (pdfroff) Tomas Hoger
CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading Eugene Teo

Wednesday, 12 August

CVE request: phpgroupware Alex Legler
CVE request: kernel: flat: fix uninitialized ptr with shared libs Eugene Teo

Thursday, 13 August

new root exploit from Brad Marcus Meissner
CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Eugene Teo

Friday, 14 August

Re: CVE-2009-2692 kernel: uninit op in SOCKOPS_WRAP() leads to privesc Marcus Meissner
CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows Alex Legler
Re: CVE id request: groff (pdfroff) Solar Designer
Re: CVE id request: groff (pdfroff) Nico Golde
GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2) Jamie Strandboge
kernel issues pending CVE assignment dann frazier

Saturday, 15 August

mailfilter 0.8.2 fixes CVE-2007-1558 (APOP) Robert Buchholz
Re: kernel issues pending CVE assignment Jon Oberheide
Re: GnuTLS CVE-2009-2730 Patches Simon Josefsson

Sunday, 16 August

CVE request: kernel: cfg80211: missing NULL pointer checks Eugene Teo
Re: CVE request: kernel: cfg80211: missing NULL pointer checks Eugene Teo

Monday, 17 August

CVE Request -- OCS Inventory NG Jan Lieskovsky
SELinux and mmap_min_addr behaviour (CVE-2009-2695) Mark J Cox
Re: GnuTLS CVE-2009-2730 Patches (Was Re: GnuTLS 2.8.2) Jamie Strandboge
Re: GnuTLS CVE-2009-2730 Patches Jamie Strandboge

Tuesday, 18 August

Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Matthias Andree
Re: GnuTLS CVE-2009-2730 Patches Simon Josefsson
neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton
Re: CVE request: kernel: cfg80211: missing NULL pointer checks Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Steven M. Christey
Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Steven M. Christey
Re: CVE request: kernel: clock_nanosleep() with CLOCK_MONOTONIC_RAW NULL pointer dereference Steven M. Christey
Re: squid DoS in external auth header parser Steven M. Christey
Re: CVE request: Wordpress Steven M. Christey
Re: CVE Request -- WordPress Steven M. Christey
Re: CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows Steven M. Christey
Re: md raid null ptr dereference (when sysfs is writable) Steven M. Christey
Re: CVE request - kernel: execve: must clear current->clear_child_tid Steven M. Christey
Re: CVE request - kernel: information leak in sigaltstack Steven M. Christey
Re: CVE request: kernel: parisc: isa-eeprom missing lower bound check Steven M. Christey
Re: CVE request: kernel: flat: fix uninitialized ptr with shared libs Eugene Teo

Wednesday, 19 August

CVE Request pidgin Josh Bressers

Thursday, 20 August

Re: neon 0.28.6 - CVE-2009-2473, CVE-2009-2474 Joe Orton

Friday, 21 August

Re: "umbrella" CVE names (was: CVE request: fetchmail <= 6.3.10 SSL certificate NUL prefix verification bypass) Matthias Andree
expat bug 1990430 Robert Buchholz

Saturday, 22 August

Using NSS (Netscape Security Services) in setuid programs Florian Weimer

Sunday, 23 August

Follow oss_security on Twitter Eugene Teo

Monday, 24 August

CVE id request: pidgin Steffen Joeris
CVE-2009-2698 kernel: udp socket NULL ptr dereference Eugene Teo

Tuesday, 25 August

CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo
Re: CVE request - kernel: information leak in sigaltstack Solar Designer

Wednesday, 26 August

Re: expat bug 1990430 CERT-FI Vulnerability Coordination
Re: Re: expat bug 1990430 Steven M. Christey
Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo
Re: CVE request: kernel: AF_LLC getsockname 5-Byte Stack Disclosure Eugene Teo

Thursday, 27 August

Re: Re: CVE id request: php5 Tomas Hoger
Re: Re: expat bug 1990430 Joe Orton
Re: Re: CVE id request: php5 Steven M. Christey
Re: Re: expat bug 1990430 CERT-FI Vulnerability Coordination

Friday, 28 August

CVE request: perl-IO-Socket-SSL certificate hostname compare bug Ludwig Nussel

Saturday, 29 August

Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich

Sunday, 30 August

Re: CVE-2009-2698 kernel: udp socket NULL ptr dereference Eugene Teo
CVE request: kernel: tty: make sure to flush any pending work when halting the ldisc Eugene Teo

Monday, 31 August

Re: Follow oss_security on Twitter Solar Designer
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich
CVE id request: silc-toolkit Nico Golde
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Tomas Hoger
CVE id request: squirrelmail CSRF Nico Golde
Re: CVE id request: squirrelmail CSRF Tomas Hoger
Re: CVE id request: squirrelmail CSRF Nico Golde
Re: Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steffen Ullrich
Re: CVE id request: pidgin Steven M. Christey
Re: CVE Request pidgin Steven M. Christey
Re: CVE request: perl-IO-Socket-SSL certificate hostname compare bug Steven M. Christey

Tuesday, 01 September

Re: CVE Request -- HTMLDOC Alex Legler
Re: Re: CVE-2007-1558 update (was: mailfilter 0.8.2 fixes CVE-2007-1558 (APOP)) Steven M. Christey
Re: CVE id request: spip Steven M. Christey
Re: CVE Request -- OCS Inventory NG Steven M. Christey

Wednesday, 02 September

Re: CVE Request -- HTMLDOC Steven M. Christey

Monday, 07 September

viewvc: CVE request: XSS and illegal characters while printing name-value pairs Thomas Biege
Re: viewvc: CVE request: XSS and illegal characters while printing name-value pairs Alex Legler
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo

Tuesday, 08 September

CVE for recent cyrus-imap issue Sebastian Krahmer
Re: CVE for recent cyrus-imap issue Thomas Biege
CVE Request - Pidgin 2.6.2 Jan Lieskovsky
Re: CVE for recent cyrus-imap issue Chad Dougherty
Re: CVE for recent cyrus-imap issue Nico Golde
Re: CVE for recent cyrus-imap issue Steven M. Christey
CVE request - Debian/Ubuntu PAM auth module selection Kees Cook
CVE Request - glib symlink copying permission exposure Kees Cook

Wednesday, 09 September

CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky
CVE Request -- PostgreSQL Jan Lieskovsky
Re: CVE Request -- PostgreSQL Tomas Hoger
Re: CVE Request -- FreeRADIUS 1.1.8 Jan Lieskovsky
Re: CVE Request -- FreeRADIUS 1.1.8 Steven M. Christey
OpenOffice.org CVE-2009-2139 Tomas Hoger

Thursday, 10 September

Re: OpenOffice.org CVE-2009-2139 Thomas Biege
Re: OpenOffice.org CVE-2009-2139 Tomas Hoger

Friday, 11 September

Re: OpenOffice.org CVE-2009-2139 Tomas Hoger
Re: CVE id request: silc-toolkit Tomas Hoger
Re: CVE id request: silc-toolkit Steven M. Christey
Re: CVE id request: silc-toolkit Tomas Hoger

Saturday, 12 September

CVE request(?): Thin: Client IP spoofing Alex Legler
CVE request: serendipity freetag plugin Hanno Böck

Sunday, 13 September

CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo
Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Willy Tarreau

Monday, 14 September

Re: CVE for recent cyrus-imap issue Tomas Hoger
CVE-2009-1883 kernel: missing capability check in z90crypt Eugene Teo
Re: CVE-2009-1883 kernel: missing capability check in z90crypt Eugene Teo
Re: CVE-2009-1883 kernel: missing capability check in z90crypt Solar Designer

Tuesday, 15 September

CVE Request -- Horde 3.3.5 Jan Lieskovsky
Re: CVE Request -- Horde 3.3.5 Alex Legler
CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Eugene Teo
CVE request: kernel: cfg80211: fix looping soft lockup in find_ie() Eugene Teo

Wednesday, 16 September

CVE id request: changetrack Nico Golde
CVE-2008-4609 / Outpost24 TCP issues Marcus Meissner
Re: [Security] CVE-2008-4609 / Outpost24 TCP issues Willy Tarreau
watch for LDAP anonymous binds and empty passwords Steven M. Christey
Re: CVE request: kernel: tc: uninitialised kernel memory leak Steven M. Christey
Re: CVE Request -- Horde 3.3.5 Steven M. Christey
Re: CVE for recent cyrus-imap issue Steven M. Christey
Re: CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Steven M. Christey
Re: CVE id request: changetrack Steven M. Christey
Re: CVE request - Debian/Ubuntu PAM auth module selection Steven M. Christey
Re: CVE Request -- PostgreSQL Steven M. Christey
Re: CVE request: kernel: tc: uninitialised kernel memory leak Eugene Teo
Re: CVE request: kernel: tc: uninitialised kernel memory leak Willy Tarreau
Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo

Thursday, 17 September

Re: CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams Eugene Teo
Re: CVE for recent cyrus-imap issue Tomas Hoger
Re: CVE request: kernel: perf_counter: Fix buffer overflow in perf_copy_attr() Marcus Meissner
Re: watch for LDAP anonymous binds and empty passwords yersinia
Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request Jan Lieskovsky
CVE request: VLC -- Stack-based buffer overflows in three demuxers Alex Legler
CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
Re: Wireshark - wnpa-sec-2009-05.html && wnpa-sec-2009-06.html -- CVE confirmation and CVE Request Gerald Combs

Friday, 18 September

CVE Request -- PHP 5 - 5.2.11 Jan Lieskovsky
Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde
Re: CVE Request -- PHP 5 - 5.2.11 Joe Orton
Insecure pid directory permissions for postfix on Debian / Ubuntu Jamie Strandboge

Saturday, 19 September

Re: CVE Request -- PHP 5 - 5.2.11 Nico Golde

Sunday, 20 September

Re: CVE Request -- PHP 5 - 5.2.11 yersinia
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo

Monday, 21 September

Re: OpenOffice.org CVE-2009-2139 Steven M. Christey
Re: CVE Request -- PHP 5 - 5.2.11 Steven M. Christey
Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Steven M. Christey

Tuesday, 22 September

Re: CVE request(?): Thin: Client IP spoofing Steven M. Christey
Re: CVE request: kernel: NULL pointer dereference in sg_build_indirect() Steven M. Christey
Re: CVE Request - glib symlink copying permission exposure Steven M. Christey
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Steven M. Christey
Re: CVE Request -- PHP 5 - 5.2.11 Steven M. Christey
Re: CVE request: kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 Eugene Teo
Re: OpenOffice.org CVE-2009-2139 Marcus Meissner
Re: CVE request: kernel: issue with O_EXCL creates on NFSv4 Eugene Teo

Wednesday, 23 September

Re: More CVE-2009-2408 like issues Tomas Hoger
Three Shibboleth issues Florian Weimer

Thursday, 24 September

Re: CVE request: serendipity freetag plugin Steven M. Christey

Friday, 25 September

CVE Request -- Xen -- PyGrub Jan Lieskovsky

Monday, 28 September

CVE request: oping allows the disclosure of arbitrary file contents Steve Kemp

Wednesday, 30 September

Re: CVE Request (Sort of urgent) -- Xen -- PyGrub Jan Lieskovsky

Previous period

Next period