oss-sec: by date
RSS Feed
About List
All Lists
Previous period
383 messages
starting Oct 01 10 and
ending Dec 31 10
Date index |
Thread index |
Author index
Friday, 01 October
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger
Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Joachim Fritschi
CVE request: freeradius Vincent Danen
Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg
Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback Josh Bressers
Re: CVE request: Horde Gollem <1.1.2 XSS in view.php Josh Bressers
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen
Re: CVE request: freeradius Josh Bressers
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen
Re: Minor security flaw with pam_xauth Vincent Danen
Re: Small exposure in ocfs2 fast symlinks. Joel Becker
Sunday, 03 October
Re: Minor security flaw with pam_xauth Dmitry V. Levin
Monday, 04 October
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Tomas Hoger
CVE request: kernel: SCTP memory corruption in HMAC handling Dan Rosenberg
CVE request, security issues fixed in MySQL 5.1.51 Vincent Danen
CVE Request: more dovecot ACL issues Ludwig Nussel
Re: Small exposure in ocfs2 fast symlinks. Josh Bressers
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Josh Bressers
Re: CVE request: kernel: SCTP memory corruption in HMAC handling Josh Bressers
Re: CVE Request: more dovecot ACL issues Josh Bressers
Re: CVE request, security issues fixed in MySQL 5.1.51 Josh Bressers
Tuesday, 05 October
Nagios format string issues Florian Weimer
Wednesday, 06 October
Re: Nagios format string issues Oden Eriksson
Re: Nagios format string issues Josh Bressers
Re: Nagios format string issues Steven M. Christey
Re: CVE request: multiple kernel stack memory disclosures Steven M. Christey
Re: Nagios format string issues Oden Eriksson
Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg
Re: CVE request: multiple kernel stack memory disclosures Dan Rosenberg
Thursday, 07 October
Re: Nagios format string issues Tomas Hoger
Re: CVE request, security issues fixed in MySQL 5.1.51 Steven M. Christey
qpidd SSL connection DoS (CVE-2010-3083) Vincent Danen
Friday, 08 October
CVE Request -- Mercurial --Doesn't verify subject Common Name properly Jan Lieskovsky
CVE request eoCMS SQL injection vulnerability Henri Salo
CVE request: joomla before 1.5.21 XSS Hanno Böck
CVE request: usebb before 1.0.11 unauthorized access to content Hanno Böck
CVE request (2009): vanilla forums before 1.1.8 Hanno Böck
CVE request: mybb before 1.4.11 and before 1.4.12 Hanno Böck
Fwd: CVE id request: fluxbb < 1.2.22 XSS Hanno Böck
Monday, 11 October
CVE request: TYPO3-SA-2010-020 Moritz Muehlenhoff
CVE request: Simple Machines Forum Cross-Site Request Forgery Henri Salo
Re: CVE request eoCMS SQL injection vulnerability Josh Bressers
Re: CVE request: joomla before 1.5.21 XSS Josh Bressers
Re: CVE request: usebb before 1.0.11 unauthorized access to content Josh Bressers
Re: CVE request (2009): vanilla forums before 1.1.8 Josh Bressers
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Josh Bressers
Re: CVE request: mybb before 1.4.11 and before 1.4.12 Josh Bressers
Re: CVE id request: fluxbb < 1.2.22 XSS Josh Bressers
Re: CVE request: Simple Machines Forum Cross-Site Request Forgery Josh Bressers
Re: CVE request: TYPO3-SA-2010-020 Josh Bressers
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Gerald Combs
Tuesday, 12 October
kernel: avoid pgoff overflow in remap_file_pages Eugene Teo
Re: kernel: avoid pgoff overflow in remap_file_pages Thomas Pollet
Re: Nagios format string issues Oden Eriksson
Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark Vincent Danen
Re: kernel: avoid pgoff overflow in remap_file_pages akiphie
Wednesday, 13 October
CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files Jan Lieskovsky
CVE request: ettercap GTK Dan Rosenberg
CVE request: Apache-AuthenHook perl module Moritz Muehlenhoff
Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files Jan Lieskovsky
Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files Josh Bressers
Re: CVE request: ettercap GTK Josh Bressers
Re: CVE request: Apache-AuthenHook perl module Josh Bressers
Thursday, 14 October
Re: CVE request: ettercap GTK Steven M. Christey
Re: CVE request: ettercap GTK Dan Rosenberg
Monday, 18 October
CVE request -- libguestfs: missing disk format specifier when adding a disk Petr Matousek
Re: CVE request -- libguestfs: missing disk format specifier when adding a disk Eugene Teo
Wednesday, 20 October
CVE request: kernel: setup_arg_pages: diagnose excessive argument size Eugene Teo
Thursday, 21 October
glibc $ORIGIN problem - CVE-2010-3847 Marcus Meissner
Re: glibc $ORIGIN problem - CVE-2010-3847 Robert Święcki
CVE-2010-1693: OFED openibd startup script uses predictable tmpfile Mike O'Connor
Friday, 22 October
CVE request: kernel: heap overflow in TIPC Dan Rosenberg
Re: glibc $ORIGIN problem - CVE-2010-3847 Florian Weimer
Re: CVE request: kernel: setup_arg_pages: diagnose excessive argument size Josh Bressers
Re: CVE request: kernel: heap overflow in TIPC Josh Bressers
Sunday, 24 October
Re: glibc $ORIGIN problem - CVE-2010-3847 Solar Designer
Re: Minor security flaw with pam_xauth Solar Designer
Monday, 25 October
Re: CVE request: multiple kernel stack memory disclosures Steven M. Christey
CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL Kees Cook
Re: CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL Eugene Teo
Tuesday, 26 October
Re: glibc $ORIGIN problem - CVE-2010-3847 Dmitry V. Levin
Thursday, 28 October
CVE request: kernel: iovec overflow in rds_rdma_pages() Eugene Teo
Friday, 29 October
CVE request: moodle 1.9.10 Ludwig Nussel
Monday, 01 November
Re: CVE request: kernel: iovec overflow in rds_rdma_pages() Josh Bressers
Proftpd pre-authentication buffer overflow in Telnet code Florian Weimer
Re: CVE request: moodle 1.9.10 Josh Bressers
Re: Proftpd pre-authentication buffer overflow in Telnet code Josh Bressers
Tuesday, 02 November
utf-8 security issue in php Oden Eriksson
Re: utf-8 security issue in php Pierre Joye
Re: utf-8 security issue in php Pierre Joye
Re: utf-8 security issue in php Josh Bressers
libxml2 xpath Sebastian Krahmer
Re: utf-8 security issue in php Pierre Joye
CVE request: kernel stack infoleaks Jon Oberheide
Re: utf-8 security issue in php Vincent Danen
Re: CVE request: kernel stack infoleaks Dan Rosenberg
Re: CVE request: kernel stack infoleaks Dan Rosenberg
Re: utf-8 security issue in php Pierre Joye
Re: CVE request: kernel stack infoleaks Steven M. Christey
Re: utf-8 security issue in php Vincent Danen
Wednesday, 03 November
Re: utf-8 security issue in php Sebastian Krahmer
CVE request: X.25 remote DoS Dan Rosenberg
CVE request: kernel: CAN information leak Dan Rosenberg
CVE request: kernel: sys_semctl: fix kernel stack leakage Eugene Teo
Thursday, 04 November
Re: CVE request: kernel: sys_semctl: fix kernel stack leakage Eugene Teo
Re: CVE request: X.25 remote DoS Eugene Teo
Re: CVE request: kernel: CAN information leak Eugene Teo
Re: CVE request: kernel stack infoleaks Josh Bressers
Re: libxml2 xpath Josh Bressers
CVE Clarification: OpenFabrics ofed stack also contains RDS protocol Marcus Meissner
CVE request: fuse Marc Deslauriers
CVE request: kernel: logic error in INET_DIAG bytecode auditing Nelson Elhage
CVE request: kernel: kvm kernel stack leakage Petr Matousek
Friday, 05 November
Re: CVE Clarification: OpenFabrics ofed stack also contains RDS protocol Josh Bressers
Re: CVE request: fuse Josh Bressers
Re: CVE request: kernel: logic error in INET_DIAG bytecode auditing Josh Bressers
Re: CVE request: kernel: kvm kernel stack leakage Josh Bressers
Sunday, 07 November
Re: CVE request: moodle 1.9.10 Steven M. Christey
CVE Request: PHP 5.3.3, libmbfl, mb_strcut Pierre Joye
Linux kernel proactive security hardening Kees Cook
Re: Linux kernel proactive security hardening Solar Designer
Re: Linux kernel proactive security hardening Dan Rosenberg
filesystem capabilities Solar Designer
Re: Linux kernel proactive security hardening Solar Designer
Re: Linux kernel proactive security hardening Solar Designer
Monday, 08 November
Re: filesystem capabilities Ludwig Nussel
Re: filesystem capabilities Sebastian Krahmer
Re: filesystem capabilities yersinia
Re: Linux kernel proactive security hardening Vasiliy Kulikov
Re: filesystem capabilities Steve Grubb
Re: filesystem capabilities Steve Grubb
Re: Linux kernel proactive security hardening Vasiliy Kulikov
Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut Josh Bressers
CVE request: kernel: gdth: integer overflow in ioc_general() Petr Matousek
Re: filesystem capabilities James Morris
Re: CVE request: kernel: gdth: integer overflow in ioc_general() Dan Rosenberg
Tuesday, 09 November
Re: CVE request: kernel: gdth: integer overflow in ioc_general() Petr Matousek
Re: CVE request: kernel: gdth: integer overflow in ioc_general() Dan Rosenberg
Re: libxml2 xpath Giuseppe Iuculano
CVE-2010-3086 kernel panic via futex Eugene Teo
CVE Request: kernel: socket filters infoleak Eugene Teo
Wednesday, 10 November
CVE request: mono loading shared libs from cwd Thomas Biege
Re: CVE request: mono loading shared libs from cwd Thomas Biege
CVE request: kernel: L2TP send buffer allocation size overflows Petr Matousek
Re: Linux kernel proactive security hardening Kees Cook
Re: Linux kernel proactive security hardening Kees Cook
Re: filesystem capabilities Kees Cook
Re: filesystem capabilities Kees Cook
Re: Linux kernel proactive security hardening Vasiliy Kulikov
Re: filesystem capabilities Steve Grubb
Re: CVE request: kernel: gdth: integer overflow in ioc_general() Josh Bressers
Re: CVE Request: kernel: socket filters infoleak Josh Bressers
Re: CVE request: mono loading shared libs from cwd Josh Bressers
Re: filesystem capabilities Kees Cook
Re: CVE request: kernel: L2TP send buffer allocation size overflows Josh Bressers
Re: filesystem capabilities Steve Grubb
CVE request: kernel: Multiple DoS issues in block layer Dan Rosenberg
Thursday, 11 November
[HITB-Announce] HITB Magazine #5 Call for Articles Hafez Kamal
CVE request: kernel: remote DoS in X.25 Dan Rosenberg
CVE request: kernel: possible kernel oops from user MSS Eugene Teo
Friday, 12 November
Re: CVE request: kernel: Multiple DoS issues in block layer Josh Bressers
Re: CVE request: kernel: remote DoS in X.25 Josh Bressers
Re: CVE request: kernel: possible kernel oops from user MSS Josh Bressers
CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure Henri Salo
Re: CVE request: Joomla 1.5.21 SQL Injection and Information Disclosure Josh Bressers
CVE request: ImageMagick opens config files in $CWD Vincent Danen
Sunday, 14 November
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers
econet iovec Thomas Pollet
Re: econet iovec Dan Rosenberg
Re: econet iovec Dan Rosenberg
CVE request for OpenTTD Rubidium
Re: utf-8 security issue in php Pierre Joye
Re: econet iovec Eugene Teo
CVE request: kernel: perf bug Eugene Teo
Monday, 15 November
Re: CVE request: ImageMagick opens config files in $CWD Josh Bressers
Re: CVE request for OpenTTD Josh Bressers
Re: CVE request: kernel: perf bug Josh Bressers
Re: econet iovec Steven M. Christey
Re: econet iovec Dan Rosenberg
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Steven M. Christey
utf-8 security issue in php - 2 CVEs? Huzaifa Sidhpurwala
CVE Request: libsdp Huzaifa Sidhpurwala
Tuesday, 16 November
Re: utf-8 security issue in php - 2 CVEs? Pierre Joye
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Marc Deslauriers
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ben Laurie
Clear text password in process list when using MySQL GUI tools Martin Drescher
Re: CVE Request: libsdp Josh Bressers
Wednesday, 17 November
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Ludwig Nussel
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly Matthias Andree
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b
Re: Re: utf-8 security issue in php - 2 CVEs? Huzaifa Sidhpurwala
Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly dave b
Re: Clear text password in process list when using MySQL GUI tools Josh Bressers
Re: Re: utf-8 security issue in php - 2 CVEs? Pierre Joye
CVE request: kernel: integer overflow in RDS Dan Rosenberg
Re: Clear text password in process list when using MySQL GUI tools Moritz Muehlenhoff
Re: Clear text password in process list when using MySQL GUI tools Steven M. Christey
Re: CVE request: kernel: integer overflow in RDS Eugene Teo
Thursday, 18 November
Re: Clear text password in process list when using MySQL GUI tools Josh Bressers
[HITB-Announce] HITB2011AMS -- Call For Papers now Open Hafez Kamal
NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: filesystem capabilities Kees Cook
Re: filesystem capabilities Daniel J Walsh
CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Hanno Böck
Saturday, 20 November
Re: Clear text password in process list when using MySQL GUI tools Moritz Muehlenhoff
Monday, 22 November
CVE Request: gif2png: command-line buffer overflow problem Kurt Seifried
CVE Request -- pootle -- XSS via 'match_names' parameter on translate.html page Jan Lieskovsky
CVE request: kernel: missing tty ops write function presence check in hci_uart_tty_open() Eugene Teo
Re: CVE request: tikiwiki <= 5.2 XSS, CSRF, file inclusion Josh Bressers
Re: CVE Request: gif2png: command-line buffer overflow problem Josh Bressers
Re: CVE Request: gif2png: command-line buffer overflow problem Dan Rosenberg
Re: Re: NULL byte poisoning fix in php 5.3.4+ Josh Bressers
CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads Eugene Teo
Re: CVE Request: gif2png: command-line buffer overflow problem Steven M. Christey
Re: CVE request: kernel: missing tty ops write function presence check in hci_uart_tty_open() Josh Bressers
Re: CVE Request: gif2png: command-line buffer overflow problem Steven M. Christey
Re: CVE request: kernel: mm: mem allocated invisible to oom_kill() when not attached to any threads Josh Bressers
Re: CVE Request -- pootle -- XSS via 'match_names' parameter on translate.html page Josh Bressers
Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
CVE assignments for Wireshark LDSS / ZCL issues Steven M. Christey
Re: CVE Request: gif2png: command-line buffer overflow problem Kurt Seifried
Can I request a cve for pfsense regarding --> "pfSense "graph.php" Cross-Site Scripting Vulnerabilities" dave b
CVE-2010-4161 kernel: rhel5 backport of 93821778 caused deadlock Eugene Teo
Re: CVE Request: gif2png: command-line buffer overflow problem Benji
Linux kernel address leaks Dan Rosenberg
Re: Linux kernel address leaks Michael Gilbert
Tuesday, 23 November
CVE request: xen: request-processing loop is unbounded in blkback Eugene Teo
CVE request: kernel: posix-cpu-timers: workaround to suppress the problems with mt exec Eugene Teo
Re: Linux kernel address leaks Yves-Alexis Perez
Friday, 26 November
Re: CVE request: kernel: unix socket local dos Thomas Biege
Monday, 29 November
Re: CVE request: kernel: Multiple DoS issues in block layer Eugene Teo
Re: Linux kernel address leaks Steven M. Christey
Re: CVE request: mono/moonlight: execution of arbitrary code due to mutable Strings Josh Bressers
kernel: Multiple vulnerabilities in AF_ECONET Nelson Elhage
Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: Interesting behavior with struct initiailization Geoff Keating
Re: CVE request: kernel: Multiple DoS issues in block layer Eugene Teo
CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Eugene Teo
CVE request: kernel: pipe_fcntl local DoS Eugene Teo
Re: CVE request: kernel: Multiple DoS issues in block layer Thomas Biege
Tuesday, 30 November
Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Josh Bressers
Re: CVE request: kernel: pipe_fcntl local DoS Josh Bressers
Wednesday, 01 December
CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Jan Lieskovsky
Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Reed Loden
Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Mark Stosberg
Thursday, 02 December
CVE Request -- Wordpress v3.0.2 SQL injection flaw + two minor XSS issues Jan Lieskovsky
CVE request: kernel: failure to revert address limit override in OOPS error path Dan Rosenberg
kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Nelson Elhage
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Dan Rosenberg
CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header Jan Lieskovsky
Re: CVE Request -- Wordpress v3.0.2 SQL injection flaw + two minor XSS issues Josh Bressers
Re: CVE request: kernel: failure to revert address limit override in OOPS error path Josh Bressers
Re: CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header Josh Bressers
Friday, 03 December
clamav 0.96.5 released Thomas Biege
CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition Jan Lieskovsky
Re: clamav 0.96.5 released Hanno Böck
RE: Interesting behavior with struct initiailization Robert Seacord
Re: Interesting behavior with struct initiailization Geoff Keating
Re: clamav 0.96.5 released Josh Bressers
Sunday, 05 December
Re: Interesting behavior with struct initiailization Bhadrinath
Re: Interesting behavior with struct initiailization Bhadrinath
Re: Re: Interesting behavior with struct initiailization Dan Rosenberg
Re: Interesting behavior with struct initiailization Bhadrinath
CVE request: vanilla forums before 2.0.10, xss Hanno Böck
Re: CVE request: mybb before 1.4.11 and before 1.4.12 Hanno Böck
CVE request: kernel: igb panics when receiving tag vlan packet Eugene Teo
Monday, 06 December
CVE request: openx unknown vulnerability before 2.8.7 Hanno Böck
Re: CVE request: openx unknown vulnerability before 2.8.7 Anthon Pang
CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen
Re: Can I request a cve for pfsense regarding --> "pfSense "graph.php" Cross-Site Scripting Vulnerabilities" Steven M. Christey
Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition Josh Bressers
Re: CVE request: kernel: igb panics when receiving tag vlan packet Josh Bressers
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Steven M. Christey
Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers
Re: CVE request: openx unknown vulnerability before 2.8.7 Josh Bressers
Re: CVE request: vanilla forums before 2.0.10, xss Steven M. Christey
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Vincent Danen
CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Raphael Geissert
Tuesday, 07 December
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger
Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Josh Bressers
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz
CVE request: libvirt when compiled with openvz support has a potential security hole Vincent Danen
Re: CVE request: libvirt when compiled with openvz support has a potential security hole Eugene Teo
CVE request: kernel: bfa driver sysfs crash Eugene Teo
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Solar Designer
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Solar Designer
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Pierre Joye
Wednesday, 08 December
Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Maksymilian Arciemowicz
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Nelson Elhage
Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger
Re: CVE request: libvirt when compiled with openvz support has a potential security hole Vincent Danen
CVE request: kernel: NULL pointer dereference in AF_ECONET Nelson Elhage
Re: CVE request: kernel: NULL pointer dereference in AF_ECONET Eugene Teo
Thursday, 09 December
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Ludwig Nussel
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Solar Designer
Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Tomas Hoger
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Steven M. Christey
Re: Re: NULL byte poisoning fix in php 5.3.4+ Steven M. Christey
Re: Re: NULL byte poisoning fix in php 5.3.4+ Pierre Joye
Re: Re: NULL byte poisoning fix in php 5.3.4+ Steven M. Christey
[taviso () cmpxchg8b com: [PATCH] install_special_mapping skips security_file_mmap check.] Tavis Ormandy
Re: [taviso () cmpxchg8b com: [PATCH] install_special_mapping skips security_file_mmap check.] Solar Designer
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses Solar Designer
Re: CVE request: kernel: bfa driver sysfs crash Josh Bressers
Friday, 10 December
Exim remote root Mark J Cox
Subject: [oss-security] CVE request: kernel: install_special_mapping skips security_file_mmap check Petr Matousek
Re: Subject: [oss-security] CVE request: kernel: install_special_mapping skips security_file_mmap check Josh Bressers
Saturday, 11 December
Re: Clarifications on the D-Bus specification Rémi Denis-Courmont
Sunday, 12 December
Re: Clarifications on the D-Bus specification Havoc Pennington
Monday, 13 December
Exim security issue in historical release nigel
Issues without CVE names in PHP 5.3.4/5.2.15 release Vincent Danen
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Pierre Joye
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Vincent Danen
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Pierre Joye
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release Raphael Geissert
Tuesday, 14 December
Breaking the links: Exploiting the linker Tim Brown
Wednesday, 15 December
Re: Breaking the links: Exploiting the linker Tomas Hoger
CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method Marcus Meissner
CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability David Hicks
CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability David Hicks
Re: Breaking the links: Exploiting the linker Justin Ossevoort
Re: CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method Eugene Teo
Thursday, 16 December
Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability Josh Bressers
Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability Josh Bressers
CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Ludwig Nussel
Re: Breaking the links: Exploiting the linker Ralf Wildenhues
Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Josh Bressers
CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12 Hanno Böck
Re: Breaking the links: Exploiting the linker Tim Brown
Re: Re: Breaking the links: Exploiting the linker Tim Brown
Monday, 20 December
CVE Request: MyBB XSS bugs Ulrik Persson
CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek
Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg
Re: CVE request: kernel: CAN information leak, 2nd attempt Petr Matousek
Re: CVE request: kernel: CAN information leak, 2nd attempt Dan Rosenberg
Re: CVE request: kernel: CAN information leak, 2nd attempt Steven M. Christey
Tuesday, 21 December
CVE request: opensc buffer overflow Ludwig Nussel
Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants Jan Lieskovsky
CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jan Lieskovsky
Re: CVE request: opensc buffer overflow Jamie Strandboge
FYI -- Tor v0.2.1.28 addressing CVE-2010-1676 -- remotely exploitable heap-based buffer overflow Jan Lieskovsky
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood
Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12 Josh Bressers
Re: CVE Request: MyBB XSS bugs Josh Bressers
Re: CVE request: opensc buffer overflow Josh Bressers
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Josh Bressers
Wednesday, 22 December
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Raphael Geissert
Re: Breaking the links: Exploiting the linker Jamie Nguyen
CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: [oss-security] CVE request: opensc buffer overflow ] Jan Lieskovsky
Re: Re: Breaking the links: Exploiting the linker Tim Brown
Re: Breaking the links: Exploiting the linker Jamie Nguyen
CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES Eugene Teo
Thursday, 23 December
CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Jan Lieskovsky
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol dave b
CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws Jan Lieskovsky
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol John Goerzen
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Nicolas Sebrecht
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Johannes Stezenbach
Friday, 24 December
IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe Moritz Muehlenhoff
Sunday, 26 December
CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin
Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Felipe Pena
Monday, 27 December
CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message Jan Lieskovsky
Wednesday, 29 December
Re: IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe Tomas Hoger
Thursday, 30 December
CVE request: wordpress before 3.0.4 XSS Hanno Böck
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jeff Breidenbach
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood
Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication Earl Hood
CVE request: kernel: buffer overflow in OSS load_mixer_volumes Dan Rosenberg
CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang
Friday, 31 December
CVE Request: CrawlTrack < 3.2.7 - remote php code execution Anthon Pang
Re: CVE request: kernel: buffer overflow in OSS load_mixer_volumes Huzaifa Sidhpurwala
Re: CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message Huzaifa Sidhpurwala
Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang
CVE Request: Wireshark Ulrik Persson