oss-sec: by thread
465 messages
starting Jul 01 10 and
ending Sep 30 10
Date index |
Thread index |
Author index
- Re: CVE requests: LibTIFF Tomas Hoger (Jul 01)
- <Possible follow-ups>
- Re: CVE requests: LibTIFF Steven M. Christey (Jul 01)
- CVE request: moin multiple XSS Raphael Geissert (Jul 01)
- Re: CVE request: moin multiple XSS Josh Bressers (Jul 02)
- CVE request: ZNC NULL pointer dereference Raphael Geissert (Jul 01)
- Re: CVE request: ZNC NULL pointer dereference Josh Bressers (Jul 02)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Péter Veres (Jul 01)
- Re: CVE Request -- PHP strrchr() Interruption Information Leak Vulnerability Josh Bressers (Jul 02)
- CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE Jan Lieskovsky (Jul 02)
- Re: CVE Request [Microsoft Windows Ruby-v1.9.x] -- Buffer over-run leading to ACE Josh Bressers (Jul 02)
- CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Luigi Auriemma (Jul 02)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Raphael Geissert (Jul 02)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: Qt SSL endless loop Josh Bressers (Jul 16)
- Re: Qt SSL endless loop Vincent Danen (Jul 16)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 19)
- Re: Qt SSL endless loop Vincent Danen (Jul 19)
- Re: Qt SSL endless loop Steven M. Christey (Aug 20)
- Re: Qt SSL endless loop Vincent Danen (Aug 20)
- Re: Qt SSL endless loop Ludwig Nussel (Jul 16)
- Re: CVE Request -- Mumble server (Murmur) / Qt SQLite -- Remotely exploitable DoS (murmur termination) due QueryUsers Qt SQLite database bug Josh Bressers (Jul 02)
- CVE Request -- Roundup: XSS by processing PageTemplate template for a named page Jan Lieskovsky (Jul 02)
- Re: CVE Request -- Roundup: XSS by processing PageTemplate template for a named page Josh Bressers (Jul 02)
- Re: CVE request: simplemachinesforum Josh Bressers (Jul 02)
- Request CVE ID for bogofilter base64 decoder heap corruption Matthias Andree (Jul 03)
- Re: Request CVE ID for bogofilter base64 decoder heap corruption Eren Türkay (Jul 05)
- Re: Request CVE ID for bogofilter base64 decoder heap corruption Josh Bressers (Jul 06)
- CVE request for browser IFRAME/file download DoS Kurt Seifried (Jul 04)
- Re: CVE request for browser IFRAME/file download DoS Josh Bressers (Jul 06)
- Re: kernel: l2tp: Fix oops in pppol2tp_xmit Moritz Muehlenhoff (Jul 04)
- Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit Eugene Teo (Jul 04)
- <Possible follow-ups>
- Re: kernel: l2tp: Fix oops in pppol2tp_xmit Josh Bressers (Jul 06)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Christoph Thiel (Jul 04)
- [HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam Hafez Kamal (Jul 04)
- Re: CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Marcus Meissner (Jul 05)
- RE: [png-mng-implement] [oss-security] CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks John Bowler (Jul 05)
- Re: [png-mng-implement] [oss-security] CVE Request -- libpng v1.4.3 and v1.2.44 -- memory leak while processing PNG image with malformed sCAL chunks Glenn Randers-Pehrson (Jul 05)
- REPOST: CVE request for bogofilter Matthias Andree (Jul 06)
- CVE request: Apache Axis2 Session Fixation Matthias Weckbecker (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Marcus Meissner (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation Josh Bressers (Jul 06)
- Re: CVE request: Apache Axis2 Session Fixation security curmudgeon (Jul 06)
- patch for remote buffer overflows and local message spoofing in mipv6 daemon Sebastian Krahmer (Jul 06)
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Josh Bressers (Jul 07)
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Sebastian Krahmer (Jul 07)
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Arnaud Ebalard (Jul 08)
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Sebastian Krahmer (Jul 07)
- <Possible follow-ups>
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Josh Bressers (Jul 08)
- Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon Josh Bressers (Jul 07)
- Bugzilla 3.7.1 CVE request Kurt Seifried (Jul 06)
- Re: Bugzilla 3.7.1 CVE request Reed Loden (Jul 06)
- Re: Bugzilla 3.7.1 CVE request Moritz Muehlenhoff (Jul 08)
- Re: Bugzilla 3.7.1 CVE request Reed Loden (Jul 06)
- CVE Request: kernel: hvc_console: Fix race between hvc_close and hvc_remove dann frazier (Jul 06)
- CVE request - kernel: nfsd4: bug in read_buf Eugene Teo (Jul 06)
- Re: CVE request - kernel: nfsd4: bug in read_buf Josh Bressers (Jul 08)
- Re: kernel: hvc_console: Fix race between hvc_close and hvc_remove Steven M. Christey (Jul 07)
- kernel: bridge br_multicast null ptr deref Eugene Teo (Jul 07)
- kernel: gfs2 acl issue Eugene Teo (Jul 08)
- Re: kernel: gfs2 acl issue Dan Rosenberg (Jul 08)
- Re: kernel: gfs2 acl issue Eugene Teo (Jul 08)
- Re: kernel: gfs2 acl issue Josh Bressers (Jul 09)
- Re: kernel: gfs2 acl issue akuster (Jul 09)
- Re: kernel: gfs2 acl issue Dan Rosenberg (Jul 09)
- Re: kernel: gfs2 acl issue Dan Rosenberg (Jul 08)
- Re: Re: Stefan Esser's 0day PHP SysCan flaw Nico Golde (Jul 10)
- CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- Re: CVE request: ghostscript Marc Deslauriers (Jul 12)
- Re: CVE request: ghostscript Josh Bressers (Jul 12)
- Re: CVE request: ghostscript Vincent Danen (Jul 12)
- Re: CVE request: ghostscript Dan Rosenberg (Jul 12)
- CVE request: NetSMB BSD kernel module (minor) Dan Rosenberg (Jul 12)
- Re: CVE request: NetSMB BSD kernel module (minor) Josh Bressers (Jul 16)
- CVE request, php var_export Pierre Joye (Jul 13)
- Re: CVE request, php var_export Pierre Joye (Jul 14)
- Re: Re: CVE request, php var_export Josh Bressers (Jul 16)
- Re: Re: CVE request, php var_export Pierre Joye (Jul 16)
- Re: Re: CVE request, php var_export Josh Bressers (Jul 16)
- Re: CVE request, php var_export Pierre Joye (Jul 14)
- Multiple bugs in freetype Robert Święcki (Jul 13)
- Re: Multiple bugs in freetype Pierre Joye (Jul 14)
- Re: Multiple bugs in freetype Josh Bressers (Jul 14)
- znc id: CVE-2010-2448 or CVE-2010-2488? Raphael Geissert (Jul 13)
- CVE request: lxsession-logout Matthias Weckbecker (Jul 15)
- Re: CVE request: lxsession-logout Josh Bressers (Jul 16)
- Re: CVE request: ghostscript and gv Tomas Hoger (Jul 19)
- <Possible follow-ups>
- Re: CVE request: ghostscript and gv Tomas Hoger (Aug 25)
- Re: CVE request: ghostscript and gv Ludwig Nussel (Aug 25)
- Re: CVE request: ghostscript and gv Tomas Hoger (Aug 26)
- Re: CVE request: ghostscript and gv Ludwig Nussel (Aug 25)
- CVE request for OpenTTD Matthijs Kooijman (Jul 20)
- Re: CVE request for OpenTTD Josh Bressers (Jul 21)
- [oCERT-2010-002] Joomla input sanitization errors (XSS) Andrea Barisani (Jul 20)
- Re: [oCERT-2010-002] Joomla input sanitization errors (XSS) Josh Bressers (Jul 21)
- CVE for Intel INTEL-SA-00025 Kurt Seifried (Jul 20)
- Re: CVE for Intel INTEL-SA-00025 Mike O'Connor (Jul 21)
- Re: CVE for Intel INTEL-SA-00025 Josh Bressers (Jul 21)
- Re: CVE for Intel INTEL-SA-00025 Mike O'Connor (Jul 21)
- Universal XSS in Rekonq Tim Brown (Jul 21)
- Re: Universal XSS in Rekonq Josh Bressers (Jul 21)
- CVE request: kernel: btrfs Dan Rosenberg (Jul 21)
- Re: CVE request: kernel: btrfs Josh Bressers (Jul 21)
- CVE id request: mapserver Nico Golde (Jul 21)
- <Possible follow-ups>
- Re: CVE id request: mapserver Josh Bressers (Jul 21)
- CVE request: git Greg Brockman (Jul 21)
- Re: CVE request: git Josh Bressers (Jul 22)
- Cacti XSS fixes in 0.8.7g Tomas Hoger (Jul 22)
- <Possible follow-ups>
- Re: Cacti XSS fixes in 0.8.7g Josh Bressers (Jul 26)
- Another freetype-demos buffer overflow Josh Bressers (Jul 22)
- Re: Another freetype-demos buffer overflow Werner LEMBERG (Jul 23)
- mikmod incomplete fix for CVE-2009-3995 Tomas Hoger (Jul 23)
- Re: mikmod incomplete fix for CVE-2009-3995 Josh Bressers (Jul 26)
- CVE assignment notification -- CVE-2010-2474 -- JBossESB Marc Schoenefeld (Jul 23)
- CVE request: GnuPG 2 Florian Weimer (Jul 23)
- Re: CVE request: GnuPG 2 Josh Bressers (Jul 26)
- CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow Jan Lieskovsky (Jul 26)
- Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow Josh Bressers (Jul 26)
- Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow Steven M. Christey (Aug 02)
- Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow Steven M. Christey (Aug 19)
- Re: CVE-2008-id Request -- ssmtp -- standardise() -- Buffer overflow Josh Bressers (Jul 26)
- CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter Jan Lieskovsky (Jul 28)
- CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Anthon Pang (Jul 28)
- Re: CVE Request: Piwik < 0.6.4 Arbitrary file inclusion Josh Bressers (Jul 29)
- CVE request: mediawiki Raphael Geissert (Jul 28)
- Re: CVE request: mediawiki Josh Bressers (Jul 29)
- CVE request: zabbix Raphael Geissert (Jul 28)
- Re: CVE request: zabbix Josh Bressers (Jul 29)
- [HITB-Ann] Reminder: HITB2010 Malaysia Call for Papers Closing August 9th Hafez Kamal (Jul 29)
- CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only Joe Orton (Jul 30)
- Re: CVE-2010-2791: mod_proxy information leak affecting 2.2.9 only Steven M. Christey (Aug 04)
- Re: CVE request: lxr Nico Golde (Jul 31)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)
- Re: CVE request: lxr Steven M. Christey (Aug 20)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)
- CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates Jan Lieskovsky (Aug 01)
- Re: CVE Request -- OpenConnect < v2.25 did not verify SSL server certificates Josh Bressers (Aug 02)
- CVE request: cmsmadesimple < 1.8.1 Hanno Böck (Aug 01)
- Re: CVE request: cmsmadesimple < 1.8.1 Josh Bressers (Aug 02)
- CVE request: joomla < 1.5.20 Hanno Böck (Aug 01)
- Re: CVE request: joomla < 1.5.20 Josh Bressers (Aug 02)
- CVE request: kernel: gfs2: rename cases kernel panic Eugene Teo (Aug 01)
- Re: CVE request: kernel: gfs2: rename cases kernel panic Josh Bressers (Aug 02)
- CVE-2010-2524 kernel: dns_resolver upcall security issue Eugene Teo (Aug 01)
- Re: CVE-2010-2524 kernel: dns_resolver upcall security issue akuster (Aug 02)
- Re: CVE-2010-2524 kernel: dns_resolver upcall security issue Eugene Teo (Aug 02)
- Re: CVE-2010-2524 kernel: dns_resolver upcall security issue akuster (Aug 02)
- CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Jan Lieskovsky (Aug 02)
- Re: CVE Request -- Socat -- Stack overflow by lexical scanning of nested character patterns Josh Bressers (Aug 02)
- CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Jan Lieskovsky (Aug 02)
- <Possible follow-ups>
- Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Josh Bressers (Aug 02)
- RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Thomas Biege (Aug 02)
- Re: RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Josh Bressers (Aug 12)
- Re: RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Thomas Biege (Aug 13)
- Re: RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Henrik Nordström (Aug 13)
- Re: RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Thomas Biege (Aug 13)
- Re: RFC: squid: Fix free memory corruption and off-by-on error when comparing SNMP OIDs Josh Bressers (Aug 12)
- Re: CVE Request [two ids] -- cabextract -- 1, Infinite loop in MS-ZIP and Quantum decoders (minor) 2, Integer wrap-around (crash) by processing certain *.cab files in test archive mode Josh Bressers (Aug 02)
- CVE request: Attachment XSS in mantis < 1.2.2 Hanno Böck (Aug 02)
- Re: CVE request: Attachment XSS in mantis < 1.2.2 Josh Bressers (Aug 03)
- CVE 2009 request: twiki before 4.3.2 CSRF Hanno Böck (Aug 02)
- Re: CVE 2009 request: twiki before 4.3.2 CSRF Josh Bressers (Aug 03)
- kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 02)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Moritz Muehlenhoff (Aug 02)
- CVE request - kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 03)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Josh Bressers (Aug 03)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() dann frazier (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Ben Hutchings (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Moritz Muehlenhoff (Aug 02)
- 2 vulnerabilties in phpCAS Joachim Fritschi (Aug 03)
- CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts Jan Lieskovsky (Aug 06)
- CVE request: uzbl before 2010.08.05: User-assisted execution of arbitrary commands caused by faulty default config Alex Legler (Aug 06)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Josh Bressers (Aug 06)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Braden Thomas (Aug 09)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Werner LEMBERG (Aug 09)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Robert Święcki (Aug 09)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Werner LEMBERG (Aug 09)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Robert Święcki (Aug 12)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Werner LEMBERG (Aug 09)
- Re: CVE Request -- FreeType -- Memory corruption flaw by processing certain LWFN fonts + three more Braden Thomas (Aug 09)
- CVE request: Lynx Dan Rosenberg (Aug 09)
- Re: CVE request: Lynx Josh Bressers (Aug 09)
- CVE Request - ZNC Kurt Seifried (Aug 09)
- Re: CVE Request - ZNC Kurt Seifried (Aug 09)
- Re: Re: CVE Request - ZNC Josh Bressers (Aug 10)
- Re: CVE Request - ZNC Kurt Seifried (Aug 09)
- CVE ID Request For 2Wire Broadband Router Session Hijacking Vulnerability YGN Ethical Hacker Group (Aug 09)
- Re: CVE ID Request For 2Wire Broadband Router Session Hijacking Vulnerability Josh Bressers (Aug 10)
- CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow Jan Lieskovsky (Aug 11)
- CVE Request: openssl double free Ludwig Nussel (Aug 11)
- Re: CVE Request: openssl double free Solar Designer (Aug 11)
- Re: CVE Request: openssl double free Josh Bressers (Aug 12)
- CVE request: VideoLAN advisory 1004 Rémi Denis-Courmont (Aug 11)
- Re: CVE request: VideoLAN advisory 1004 Josh Bressers (Aug 11)
- opera 10.61 fixes 3 security bugs Thomas Biege (Aug 12)
- Re: opera 10.61 fixes 3 security bugs Carsten H. Eiram (Aug 12)
- CVE request - kernel: integer overflow in ext4_ext_get_blocks() Eugene Teo (Aug 15)
- Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks() Steven M. Christey (Aug 16)
- Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks() Eugene Teo (Aug 16)
- Re: CVE request - kernel: integer overflow in ext4_ext_get_blocks() Steven M. Christey (Aug 16)
- Minor security flaw with pam_xauth Tim Brown (Aug 16)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Aug 16)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Steven M. Christey (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 21)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 24)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Vincent Danen (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Solar Designer (Sep 27)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 27)
- Re: Minor security flaw with pam_xauth Josh Bressers (Sep 21)
- Re: [oCERT-2010-001] multiple http client unexpected download filename vulnerability Solar Designer (Aug 17)
- CVE request - kernel: net sched memleak Eugene Teo (Aug 17)
- Re: CVE request - kernel: net sched memleak Josh Bressers (Aug 19)
- CVE request - kernel: xfs: stale data exposure Eugene Teo (Aug 17)
- Re: CVE request - kernel: xfs: stale data exposure Josh Bressers (Aug 19)
- CVE request: zope-ldapuser Sébastien Delafond (Aug 18)
- Re: CVE request: zope-ldapuser Josh Bressers (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- <Possible follow-ups>
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
- Re: CVE request: PHP MOPS-2010-56..60 Thomas Biege (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 24)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Aug 25)
- Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
- CVE Request: SLiM insecure PATH assignment Niels Heinen (Aug 19)
- Re: CVE Request: SLiM insecure PATH assignment Josh Bressers (Aug 20)
- CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others Eugene Teo (Aug 20)
- Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others Josh Bressers (Aug 20)
- CVE-2010-2959 kernel: can: add limit for nframes and clean up signed/unsigned variables Eugene Teo (Aug 20)
- CVE Request: heap-based buffer overflow in libHX Thomas Biege (Aug 20)
- Re: CVE Request: heap-based buffer overflow in libHX Josh Bressers (Aug 20)
- CVE Request -- Quagga (bgpd) [two ids] -- 1, Stack buffer overflow by processing crafted Refresh-Route msgs 2, NULL ptr deref by parsing certain AS paths by BGP update request Jan Lieskovsky (Aug 24)
- CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present Jan Lieskovsky (Aug 24)
- CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Dan Rosenberg (Aug 25)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Tomas Hoger (Aug 26)
- Re: CVE request: CouchDB insecure library loading (Debian/Ubuntu only) Josh Bressers (Aug 26)
- CVE id request: libc fortify source information disclosure Nico Golde (Aug 25)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Tomas Hoger (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Dan Rosenberg (Sep 02)
- Re: CVE id request: libc fortify source information disclosure Steven M. Christey (Aug 31)
- Re: CVE id request: libc fortify source information disclosure Josh Bressers (Aug 31)
- CVE request: VLC media player - DLL preloading vulnerability Geoffroy Couprie (Aug 25)
- Re: CVE request: VLC media player - DLL preloading vulnerability Steven M. Christey (Aug 25)
- Re: CVE request: VLC media player - DLL preloading vulnerability Geoffroy Couprie (Aug 26)
- Re: CVE request: VLC media player - DLL preloading vulnerability Steven M. Christey (Aug 25)
- [HITB-Announce] HITB2010 SIGNINT Sessions Hafez Kamal (Aug 26)
- [PATCH] exec argument expansion can inappropriately trigger OOM-killer Kees Cook (Aug 27)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer KOSAKI Motohiro (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 29)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Roland McGrath (Aug 31)
- [PATCH 0/3] execve argument-copying fixes Roland McGrath (Sep 07)
- [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 07)
- Message not available
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size KOSAKI Motohiro (Sep 09)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 10)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size KOSAKI Motohiro (Sep 10)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 11)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 15)
- Message not available
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 10)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 11)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 14)
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size pageexec (Sep 14)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 29)
- Message not available
- Re: [PATCH 1/3] setup_arg_pages: diagnose excessive argument size Roland McGrath (Sep 10)
- [PATCH 2/3] execve: improve interactivity with large arguments Roland McGrath (Sep 07)
- [PATCH 3/3] execve: make responsive to SIGKILL with large arguments Roland McGrath (Sep 07)
- Re: [PATCH 0/3] execve argument-copying fixes KOSAKI Motohiro (Sep 07)
- [PATCH 0/2] execve memory exhaust of argument-copying fixes KOSAKI Motohiro (Sep 09)
- [PATCH 1/2] oom: don't ignore rss in nascent mm KOSAKI Motohiro (Sep 09)
- Message not available
- Re: [PATCH 1/2] oom: don't ignore rss in nascent mm Roland McGrath (Sep 10)
- Message not available
- [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro (Sep 10)
- Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct Oleg Nesterov (Sep 10)
- Re: [PATCH] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro (Sep 15)
- [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 09)
- Re: [PATCH 2/2] execve: check the VM has enough memory at first Linus Torvalds (Sep 10)
- Re: [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 13)
- Re: [PATCH 2/2] execve: check the VM has enough memory at first KOSAKI Motohiro (Sep 15)
- Re: [PATCH 2/2] execve: check the VM has enough memory at first Linus Torvalds (Sep 16)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Brad Spengler (Aug 30)
- Re: [PATCH] exec argument expansion can inappropriately trigger OOM-killer Solar Designer (Aug 31)
- Re: [PATCH] exec argument expansion can inappropriately triggerOOM-killer Tetsuo Handa (Aug 31)
- Re: CVE Request: BGP protocol vulnerability Kurt Seifried (Aug 28)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE Request: BGP protocol vulnerability Josh Bressers (Aug 30)
- Re: CVE Request: BGP protocol vulnerability Steven M. Christey (Aug 31)
- Re: CVE Request: BGP protocol vulnerability Florian Weimer (Aug 29)
- Re: CVE request: serendipity < 1.5.4 xss Josh Bressers (Aug 31)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Josh Bressers (Sep 10)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Josh Bressers (Sep 22)
- Re: CVE Request -- MySQL v5.1.49 -- multiple DoS flaws Steven M. Christey (Sep 28)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Reed Loden (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Julien Cristau (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Reed Loden (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Julien Cristau (Sep 03)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Joe Orton (Sep 04)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Richard Moore (Sep 05)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Florian Weimer (Sep 06)
- Re: CVE Request 1, NSS 2, Qt: Doesn't handle wildcards in Common Name properly Tomas Hoger (Sep 27)
- Re: CVE request: XSS in nusoap Josh Bressers (Sep 07)
- Re: CVE Request -- Bip -- Remote Dos (crash) by exchanging user credentials Josh Bressers (Sep 07)
- Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS Valient Gough (Sep 06)
- Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS Josh Bressers (Sep 07)
- Re: CVE request: smbind Sql Injection Josh Bressers (Sep 07)
- Re: CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak Josh Bressers (Sep 07)
- Re: [Security] /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: Re: [Security] /proc infoleaks Marcus Meissner (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Willy Tarreau (Sep 13)
- Re: Re: [Security] /proc infoleaks Jon Oberheide (Sep 07)
- Re: Re: [Security] /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Andrew Morton (Sep 07)
- Re: [Security] [oss-security] Re: /proc infoleaks Brad Spengler (Sep 07)
- Re: Re: [Security] [oss-security] Re: /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: Re: [Security] [oss-security] Re: /proc infoleaks Brad Spengler (Sep 08)
- Re: [Security] [oss-security] Re: /proc infoleaks Linus Torvalds (Sep 07)
- Re: [Security] /proc infoleaks Sebastian Krahmer (Sep 07)
- Re: CVE Request -- phpMyAdmin (x < v3.3.7) -- XSS in setup script (PMASA-2010-7) Steven M. Christey (Sep 08)
- Re: CVE request: kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL Josh Bressers (Sep 10)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 10)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 22)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Steven M. Christey (Sep 24)
- Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases Josh Bressers (Sep 22)
- <Possible follow-ups>
- Re: CVE request: mednafen stack manipulation Josh Bressers (Sep 10)
- Re: CVE id requests: drupal Josh Bressers (Sep 13)
- Re: CVE request: mailscanner, multiple vulnerabilities Josh Bressers (Sep 13)
- Re: CVE Request: pidgin-knotify remote command injection Josh Bressers (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE Request: mailman Josh Bressers (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE Request: mailman Steven M. Christey (Sep 13)
- Re: CVE id request for non disclosed issue? Kyle Bader (Sep 13)
- Re: CVE id request for non disclosed issue? Josh Bressers (Sep 13)
- Re: CVE request: xss in pecl-apc before 3.1.4 Josh Bressers (Sep 14)
- Re: CVE request: xss in pecl-apc before 3.1.4 Pierre Joye (Sep 14)
- Re: CVE request: kernel: numerous infoleaks Josh Bressers (Sep 14)
- Re: CVE request: kernel: numerous infoleaks Dan Rosenberg (Sep 15)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Josh Bressers (Sep 14)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Steven M. Christey (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Michael Koziarski (Sep 21)
- Re: CVE request: padding oracle attack: ruby on rails 2.3, owasp esapi Thomas Biege (Sep 21)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Josh Bressers (Sep 16)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability Eugene Teo (Sep 15)
- [PATCH 3/4] move cred_guard_mutex from task_struct to signal_struct KOSAKI Motohiro (Sep 15)
- [PATCH 1/4] oom: remove totalpage normalization from oom_badness() KOSAKI Motohiro (Sep 15)
- Re: [PATCH 1/4] oom: remove totalpage normalization from oom_badness() David Rientjes (Sep 15)
- Re: [PATCH 1/4] oom: remove totalpage normalization from oom_badness() KOSAKI Motohiro (Sep 16)
- Re: [PATCH 1/4] oom: remove totalpage normalization from oom_badness() Pekka Enberg (Sep 16)
- Re: [PATCH 1/4] oom: remove totalpage normalization from oom_badness() David Rientjes (Sep 15)
- [PATCH 2/4] Revert "oom: deprecate oom_adj tunable" KOSAKI Motohiro (Sep 15)
- [PATCH 4/4] oom: don't ignore rss in nascent mm KOSAKI Motohiro (Sep 15)
- Re: [PATCH 4/4] oom: don't ignore rss in nascent mm Oleg Nesterov (Sep 16)
- Re: [PATCH 4/4] oom: don't ignore rss in nascent mm KOSAKI Motohiro (Sep 26)
- Re: [PATCH 4/4] oom: don't ignore rss in nascent mm Oleg Nesterov (Sep 16)
- Re: CVE-identifier request for Dovecot ACL security bug Josh Bressers (Sep 16)
- Re: CVE request: pixelpost Josh Bressers (Sep 17)
- Re: CVE request: pixelpost Raphael Geissert (Sep 17)
- Re: CVE request: weborf: directory traversal Josh Bressers (Sep 17)
- Re: [oCERT-2010-003] Free Simple CMS path sanitization errors Josh Bressers (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Tomas Hoger (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Josh Bressers (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Steven M. Christey (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Michael Gilbert (Sep 17)
- Re: CVE request: epiphany not checking ssl certs Josh Bressers (Sep 21)
- Re: CVE request: epiphany not checking ssl certs Ludwig Nussel (Sep 20)
- Re: CVE request: egroupware remote code and xss Josh Bressers (Sep 21)
- Re: CVE request: kernel: Heap corruption in ROSE Eugene Teo (Sep 20)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Josh Bressers (Sep 27)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE Request -- Linux/SCTP DoS in sctp_packet_config() Eugene Teo (Sep 24)
- Re: CVE Request -- Linux/SCTP DoS in sctp_packet_config() Kurt Seifried (Sep 26)
- Re: CVE request: multiple kernel stack memory disclosures Josh Bressers (Sep 27)
- Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel Eugene Teo (Sep 27)
- Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel Moritz Muehlenhoff (Sep 29)
- <Possible follow-ups>
- Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel Josh Bressers (Sep 28)
- Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel Steven M. Christey (Sep 28)
- Re: CVE requests: POE::Component::IRC, Alien Arena, Babiloo, Typo3, abcm2ps, ModSecurity, Linux kernel Steven M. Christey (Sep 28)
- Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check Josh Bressers (Sep 28)
- Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() Marcus Meissner (Sep 29)
- Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() Eugene Teo (Sep 29)
- Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() Josh Bressers (Sep 29)
- Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() Eugene Teo (Sep 29)
- Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Josh Bressers (Sep 29)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Moritz Muehlenhoff (Sep 30)
- Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Alex Legler (Sep 30)
- Re: Small exposure in ocfs2 fast symlinks. Greg KH (Sep 29)
- Re: Small exposure in ocfs2 fast symlinks. Joel Becker (Sep 30)