oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

640 messages starting Jan 02 11 and ending Mar 31 11
Date index | Thread index | Author index

Sunday, 02 January

CVE request for subversion Kurt Seifried
Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES Huzaifa Sidhpurwala

Monday, 03 January

CVE request for buffer overflows in gimp Huzaifa Sidhpurwala
Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: [oss-security] CVE request: opensc buffer overflow ] Josh Bressers
Re: Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Josh Bressers
Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws Josh Bressers
Re: CVE request: wordpress before 3.0.4 XSS Josh Bressers
Re: CVE Request: CrawlTrack < 3.2.7 - remote php code execution Josh Bressers
Re: CVE Request: Wireshark Josh Bressers
Re: CVE request for subversion Josh Bressers
Possible CVE Request: improper AppArmor exec transition Jamie Strandboge
Re: Possible CVE Request: improper AppArmor exec transition Jamie Strandboge
CVE request: silverstripe before 2.4.4 Hanno Böck
CVE request: AusweisApp Hanno Böck
Re: CVE request: AusweisApp Hanno Böck
CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Eugene Teo

Tuesday, 04 January

Re: CVE request: kernel: Multiple DoS issues in block layer Eugene Teo
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Jan Lieskovsky
(possible) CVE request: Clickjacking in Mediawiki Jonathan Wiltshire
Re: CVE request for buffer overflows in gimp Josh Bressers
Re: CVE request for subversion Jan Lieskovsky
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Mark Stosberg
Re: CVE request for subversion Hyrum Wright
Re: CVE request: silverstripe before 2.4.4 Josh Bressers
Re: (possible) CVE request: Clickjacking in Mediawiki Josh Bressers
Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Greg KH
CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo

Wednesday, 05 January

possible flaw in widely used strtod.c implementation Pierre Joye
CVE request: hastymail before 1.01 XSS Hanno Böck
Re: CVE request for subversion Josh Bressers
Re: possible flaw in widely used strtod.c implementation Michael Gilbert
CGI.pm 3.51 released Mark Stosberg
Re: CGI.pm 3.51 released (revised) Mark Stosberg
Re: possible flaw in widely used strtod.c implementation Pierre Joye
Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Greg KH
CVE request: patch directory traversal flaw Vincent Danen
Re: CVE request: patch directory traversal flaw Dan Rosenberg
Re: CVE request: patch directory traversal flaw Vincent Danen
CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Anthon Pang
CVE-NONE kernel: PHONET signedness issue Eugene Teo

Thursday, 06 January

Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo
Re: possible flaw in widely used strtod.c implementation Pierre Joye
Re: possible flaw in widely used strtod.c implementation Josh Bressers
CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) YGN Ethical Hacker Group
CVE Request: kernel [Re: Security review of 2.6.32.28] dann frazier
Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert
Re: CVE-NONE kernel: PHONET signedness issue Dan Rosenberg
Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert
Re: CVE-NONE kernel: PHONET signedness issue Nelson Elhage
Re: CVE request: patch directory traversal flaw Steve Beattie
Re: CVE request: hastymail before 1.01 XSS Josh Bressers
Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Josh Bressers
Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) Josh Bressers
Re: CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability Josh Bressers
Re: CVE Request: kernel [Re: Security review of 2.6.32.28] Josh Bressers
Re: CVE request: patch directory traversal flaw Raphael Geissert
Re: CVE request: patch directory traversal flaw Josh Bressers
Re: CVE request: patch directory traversal flaw Raphael Geissert
Re: CVE-NONE kernel: PHONET signedness issue Steven M. Christey

Friday, 07 January

CVE-2010-4225: XSP/mod_mono source code disclosure Thomas Biege
CVE Request - pimd - Insecure file creation in /var/tmp Steve Kemp
Re: CVE Request - pimd - Insecure file creation in /var/tmp Josh Bressers

Saturday, 08 January

Re: CVE request for subversion Hyrum K Wright
Re: CVE request for subversion Kurt Seifried

Monday, 10 January

Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Pierre Joye
CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Petr Matousek
Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Kurt Seifried
Re: possible flaw in widely used strtod.c implementation Steven M. Christey

Tuesday, 11 January

CVE request: sudo does not ask for password on GID changes Vincent Danen

Wednesday, 12 January

Re: CVE request: sudo does not ask for password on GID changes Josh Bressers
Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Josh Bressers
Re: CVE request: sudo does not ask for password on GID changes Todd C. Miller
CVE assignments for Wireshark Steven M. Christey

Thursday, 13 January

Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Raphael Geissert
CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Raphael Geissert

Friday, 14 January

Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Moritz Mühlenhoff
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Steven M. Christey
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Tomas Hoger
CVE request: proftpd before 1.3.3d Hanno Böck
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Josh Bressers
Re: CVE request: proftpd before 1.3.3d Josh Bressers
Re: CVE request: proftpd before 1.3.3d TJ Saunders

Monday, 17 January

CVE request: tor Moritz Muehlenhoff

Tuesday, 18 January

CVE request Tim Brown
Re: CVE request Michael Gilbert
Re: CVE request Tim Brown
Re: CVE request Michael Gilbert
Re: CVE request Josh Bressers
CVE request: heap corruption in libpango Dan Rosenberg
Re: CVE request: tor Josh Bressers
Re: CVE request: tor Steven M. Christey

Wednesday, 19 January

CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Jan Lieskovsky
Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Steven M. Christey
2 acpid flaws Vasiliy Kulikov
Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Matthew Nicholson
CVE request: heap corruption in VLC media player Dan Rosenberg
Re: CVE assignments for Wireshark Huzaifa Sidhpurwala

Thursday, 20 January

Re: CVE request: heap corruption in libpango Josh Bressers
Re: CVE request: heap corruption in VLC media player Josh Bressers
Re: CVE-2010-4225: XSP/mod_mono source code disclosure Oden Eriksson
Re: CVE-2010-4225: XSP/mod_mono source code disclosure Vincent Danen
CVE request: xpdf Dan Rosenberg
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo

Friday, 21 January

Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo

Saturday, 22 January

Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Steven M. Christey
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo

Sunday, 23 January

CVE request: MaraDNS DoS via long queries Raphael Geissert

Monday, 24 January

Linux kernel av7110 negative array offset Kees Cook
Re: CVE request: xpdf Josh Bressers
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Josh Bressers
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov
Re: CVE request: MaraDNS DoS via long queries Josh Bressers
CVE request: multiple status.net issues Kees Cook
CVE request: libxml2 heap contents leak Kees Cook
CVE request: linux kernel heap issues Kees Cook
CVE request: multiple gypsy vulnerabilities Kees Cook
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo
Re: Linux kernel av7110 negative array offset Eugene Teo
Re: CVE request: linux kernel heap issues Kurt Seifried
Re: CVE request: linux kernel heap issues Eugene Teo
Re: CVE request: linux kernel heap issues Eugene Teo

Tuesday, 25 January

syslog-ng wrong file permission vulnerability SZALAY Attila
CVE Request: VLC Subtitle StripTags heap corruption Marc Deslauriers
Re: CVE request: libxml2 heap contents leak Josh Bressers
Re: CVE Request: VLC Subtitle StripTags heap corruption Josh Bressers
Re: CVE request: multiple gypsy vulnerabilities Josh Bressers
Re: CVE request: libxml2 heap contents leak Pierre Joye
Re: CVE request: libxml2 heap contents leak Kees Cook
Re: CVE request: multiple status.net issues Josh Bressers
Batavi 1.0 - XSRF bug fixed Ronald van den Blink
CVE-2010-4238 xen dom0 issue Eugene Teo

Wednesday, 26 January

Re: CVE request: patch directory traversal flaw Vasiliy Kulikov
CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group

Thursday, 27 January

CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
Re: Batavi 1.0 - XSRF bug fixed Josh Bressers
Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Josh Bressers
Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability Josh Bressers
CVE request: puppet Moritz Mühlenhoff
Re: CVE request: linux kernel heap issues Eugene Teo

Friday, 28 January

request CVE for weborf Salvo Tomaselli
CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Jan Lieskovsky

Saturday, 29 January

MaraDNS 1.4.06 and 1.3.07.11 released Sam Trenholme

Sunday, 30 January

[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal

Monday, 31 January

Re: MaraDNS 1.4.06 and 1.3.07.11 released Tomas Hoger
Re: CVE assignments for Wireshark Josh Bressers
CVE request: code execution in VLC media player Dan Rosenberg
Re: CVE request: puppet Josh Bressers
Re: request CVE for weborf Josh Bressers
Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Josh Bressers
Re: CVE request: code execution in VLC media player Josh Bressers

Tuesday, 01 February

CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
Re: possible flaw in widely used strtod.c implementation Pierre Joye
CVE request: glibc CVE-2010-3847 fix regression Tomas Hoger
CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Reed Loden
Re: CVE request: xpdf Michael Gilbert
CVE request: fuse Marc Deslauriers

Wednesday, 02 February

Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Steven M. Christey

Thursday, 03 February

Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers
Re: CVE request: glibc CVE-2010-3847 fix regression Josh Bressers
Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Josh Bressers
Re: CVE request: fuse Josh Bressers
Re: CVE request: fuse Marc Deslauriers

Friday, 04 February

Wireshark: Freeing uninitialized pointer Huzaifa Sidhpurwala
Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7 Josh Bressers

Saturday, 05 February

Webkit Roundup Michael Gilbert
Webkit Dupes Michael Gilbert

Monday, 07 February

CVE request: phpbb before 3.0.8 Hanno Böck

Tuesday, 08 February

Re: CVE request: xpdf Thomas Biege
Re: CVE request: xpdf Tomas Hoger
Re: CVE request: xpdf Thomas Biege
Re: CVE request: fuse Josh Bressers
Re: CVE request: phpbb before 3.0.8 Josh Bressers
Re: CVE request: phpbb before 3.0.8 Hanno Böck
CVE request: wordpress before 3.0.5 Hanno Böck
CVE request for feh Stefan Behte

Wednesday, 09 February

CVE request: kernel: btrfs heap overflow Dan Rosenberg
Re: CVE request: kernel: btrfs heap overflow Eugene Teo
Re: CVE assignments for Wireshark Josh Bressers
Re: CVE request: kernel: btrfs heap overflow Dan Rosenberg
Django multiple flaws (CVEs inside) Josh Bressers
Re: CVE request: kernel: btrfs heap overflow Eugene Teo
Re: CVE request: kernel: btrfs heap overflow Eugene Teo
[HITB-Announce] HITB Magazine Issue 005 Released Hafez Kamal
Re: CVE request: kernel: btrfs heap overflow Stéphane Gaudreault
Re: CVE request: kernel: btrfs heap overflow Moritz Muehlenhoff
Re: CVE request: kernel: btrfs heap overflow Greg KH
Re: CVE request: wordpress before 3.0.5 Josh Bressers
Re: CVE request for feh Josh Bressers

Thursday, 10 February

Re: CVE request: kernel: btrfs heap overflow Steven M. Christey

Monday, 14 February

PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye
CVE request: aircrack-ng Marc Deslauriers

Tuesday, 15 February

Re: CVE request: aircrack-ng Nico Golde

Wednesday, 16 February

CVE request - kernel: bridge br_multicast NULL pointer dereference Eugene Teo
Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye
CVE request - kernel: s390 task_show_regs infoleak Eugene Teo
CVE request - kernel: xfs infoleak Eugene Teo
kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo
Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye
Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Huzaifa Sidhpurwala
Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Josh Bressers
Re: CVE request - kernel: s390 task_show_regs infoleak Josh Bressers
Re: CVE request - kernel: xfs infoleak Josh Bressers
Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Josh Bressers
Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo
wireshark dct3trace buffer overflow Huzaifa Sidhpurwala
Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Moritz Muehlenhoff
CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Petr Matousek
Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Eugene Teo
CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Eugene Teo

Thursday, 17 February

CVE id request: telepathy-gabble Nico Golde
Re: Webkit Dupes Steven M. Christey
Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Josh Bressers
Re: CVE id request: telepathy-gabble Josh Bressers

Friday, 18 February

CVE request: avahi daemon remote denial of service by sending NULL UDP Thomas Biege
Re: CVE request: patch directory traversal flaw Vasiliy Kulikov
Re: Webkit Dupes Michael Gilbert
Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Josh Bressers
Re: CVE request: More Evince overflows Raphael Geissert

Monday, 21 February

clamav 0.97 Hanno Böck
CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Thomas Biege
CVE requests: freebsd kernel/tesseract/xinha/proftpd Moritz Muehlenhoff
Re: clamav 0.97 Josh Bressers
Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Josh Bressers
CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email Raphael Geissert
Re: CVE request: kernel: btrfs heap overflow Eugene Teo
CVE request: kernel: fs/partitions: validate map_count in mac partition tables Eugene Teo

Tuesday, 22 February

CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo
Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers
CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Jan Lieskovsky
gdm PostLogin script executes scripts as user gdm Thomas Biege
CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Steven M. Christey
Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers
Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Greg KH
Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers
Re: gdm PostLogin script executes scripts as user gdm Josh Bressers
Re: CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability Josh Bressers
Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers
Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Thomas Sibley
CVE request: simple machines forum before 1.1.13 Hanno Böck
CVE Request Kurt Seifried
Re: CVE Request Eugene Teo
Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo
CVE request: kernel: Corrupted LDM partition table issues Eugene Teo
Physical access vulnerabilities and auto-mounting Dan Rosenberg
Re: Physical access vulnerabilities and auto-mounting Eugene Teo
Re: Physical access vulnerabilities and auto-mounting Eugene Teo
Re: Physical access vulnerabilities and auto-mounting Nelson Elhage
Re: Physical access vulnerabilities and auto-mounting Solar Designer
Re: Physical access vulnerabilities and auto-mounting Sebastian Krahmer
Re: Physical access vulnerabilities and auto-mounting Michael Tokarev

Wednesday, 23 February

Re: gdm PostLogin script executes scripts as user gdm Thomas Biege
Re: Physical access vulnerabilities and auto-mounting Hanno Böck
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov
Re: Physical access vulnerabilities and auto-mounting Steve Grubb
CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns
Re: Physical access vulnerabilities and auto-mounting Timo Warns
CVE request: pmwiki before 2.2.21 Hanno Böck
Re: Physical access vulnerabilities and auto-mounting Vincent Danen
Re: CVE request: simple machines forum before 1.1.13 Josh Bressers
Re: CVE request: kernel: Corrupted LDM partition table issues Josh Bressers
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers
Re: CVE request: pmwiki before 2.2.21 Josh Bressers
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers
Re: Physical access vulnerabilities and auto-mounting Steven M. Christey
Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Josh Bressers
CVE request: Information disclosure in CGIHTTPServer from Python Moritz Muehlenhoff
Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers
Pattern lock bypass on SE X10 with Android 1.6 Tim Brown
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Eugene Teo
CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Jon Oberheide

Thursday, 24 February

Re: Pattern lock bypass on SE X10 with Android 1.6 Josh Bressers
XSSer v1.5 -beta- aka "Swarm Edition!" released. psy
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Ralf Corsepius
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen
Re: CVE request: Information disclosure in CGIHTTPServer from Python Josh Bressers
Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Josh Bressers
CVE Request -- OpenLDAP -- two issues Jan Lieskovsky
CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Jan Lieskovsky
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers
Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Josh Bressers
CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky
CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Kees Cook
CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Kees Cook
Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Eugene Teo
Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Eugene Teo
CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook
Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo
Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Eugene Teo
CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage
CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability YGN Ethical Hacker Group
Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
Re: CVE request: libcgroup: Failure to verify netlink messages Eugene Teo

Friday, 25 February

Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Vasiliy Kulikov
Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb
Re: CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage
Re: CVE Request -- OpenLDAP -- two issues Josh Bressers
Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb
CVE request: v86d: Failure to validate netlink message sender Nelson Elhage
Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook

Saturday, 26 February

cve request: eglibc memory corruption Michael Gilbert

Monday, 28 February

Re: CVE Request -- OpenLDAP -- two issues Thomas Biege
Re: CVE Request -- OpenLDAP -- two issues Vincent Danen
CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson
CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Vasiliy Kulikov
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg
CVE request: FreeBSD/OS X crontab information leakage Dan Rosenberg
CVE request: kernel: OOM-killer via argv expansion Kees Cook
Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers
Re: CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability Josh Bressers
Re: CVE request: v86d: Failure to validate netlink message sender Josh Bressers
Re: cve request: eglibc memory corruption Josh Bressers
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Josh Bressers
Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook
Re: CVE request: FreeBSD/OS X crontab information leakage Josh Bressers
Re: cve request: eglibc memory corruption Michael Gilbert
Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook
Re: CVE request: kernel: OOM-killer via argv expansion Nelson Elhage
Re: CVE request: kernel: OOM-killer via argv expansion Eugene Teo

Tuesday, 01 March

Re: CVE request - kernel: xfs infoleak Eugene Teo
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson
CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability henri
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson
Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Petr Matousek
Re: CVE Request -- OpenLDAP -- two issues Ralf Haferkamp
cve request for smoothwall & openfiler dave b
Re: CVE Request -- OpenLDAP -- two issues Vincent Danen
Re: CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability Josh Bressers
Re: CVE Request -- OpenLDAP -- two issues Josh Bressers
CVE request: kernel: Multiple DoS issues in epoll Nelson Elhage

Wednesday, 02 March

Re: CVE request: kernel: Multiple DoS issues in epoll Petr Matousek
CVE request: VLC bookmark buffer overflow henri
Re: CVE request: simple machines forum before 1.1.13 Steven M. Christey
Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Steven M. Christey
CVE request: gri < 2.12.18 insecure temp file generation henri

Thursday, 03 March

CVE-2011-1023 kernel: rds: prevent BUG_ON triggering on congestion map updates Eugene Teo
Vendor-sec hosting and future of closed lists Marcus Meissner
Re: Vendor-sec hosting and future of closed lists Mark J Cox
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen
Re: Vendor-sec hosting and future of closed lists Josh Bressers
Re: cve request for smoothwall & openfiler Josh Bressers
Re: CVE request: VLC bookmark buffer overflow Josh Bressers
Re: CVE request: VLC bookmark buffer overflow Josh Bressers
Re: CVE request: gri < 2.12.18 insecure temp file generation Josh Bressers
Re: Vendor-sec hosting and future of closed lists Kees Cook
Re: Vendor-sec hosting and future of closed lists Kees Cook
Re: Vendor-sec hosting and future of closed lists Steven M. Christey
Re: Vendor-sec hosting and future of closed lists Greg KH
Re: Vendor-sec hosting and future of closed lists Solar Designer
Re: Vendor-sec hosting and future of closed lists Kees Cook
Re: Vendor-sec hosting and future of closed lists Greg KH
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg
Re: Vendor-sec hosting and future of closed lists Greg KH
Re: Vendor-sec hosting and future of closed lists Marcus Meissner
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg
Re: Vendor-sec hosting and future of closed lists Greg KH
Re: Vendor-sec hosting and future of closed lists Michael Gilbert
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg
Re: Vendor-sec hosting and future of closed lists Greg KH
Re: Vendor-sec hosting and future of closed lists Greg KH
Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel
CVE-2011-1076 kernel: DNS: Fix a NULL pointer deref when trying to read an error key Eugene Teo

Friday, 04 March

Re: Vendor-sec hosting and future of closed lists Mark J Cox
Re: Vendor-sec hosting and future of closed lists David Hicks
CVE Request -- logrotate -- nine issues Jan Lieskovsky
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl
Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky
Re: Vendor-sec hosting and future of closed lists Nelson Elhage
Re: Re: CVE request: More Evince overflows Tomas Hoger
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: Vendor-sec hosting and future of closed lists Steven M. Christey
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Steven M. Christey
Re: CVE Request -- logrotate -- nine issues Steven M. Christey
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Steven M. Christey
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl
Re: CVE Request -- logrotate -- nine issues Dan Rosenberg
Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky
Re: CVE Request -- logrotate -- nine issues Pavel Labushev

Saturday, 05 March

kernel: modules_disabled policy Vasiliy Kulikov
Re: kernel: modules_disabled policy Kees Cook
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: Vendor-sec hosting and future of closed lists S.P.Zeidler
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Kees Cook
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: Vendor-sec hosting and future of closed lists Greg KH

Sunday, 06 March

Re: Vendor-sec hosting and future of closed lists Matthieu Herrb
Re: Vendor-sec hosting and future of closed lists S.P.Zeidler
Re: CVE Request -- logrotate -- nine issues Pavel Labushev
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Pavel Labushev
Re: kernel: modules_disabled policy Steve Grubb
Re: Vendor-sec hosting and future of closed lists Eugene Teo
CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Eugene Teo

Monday, 07 March

cgit convert_query_hexchar infinite loop (CVE-2011-1027) Tomas Hoger
Re: Vendor-sec hosting and future of closed lists Andrea Barisani
Re: CVE Request -- logrotate -- nine issues Jan Kaluža
Re: CVE Request -- logrotate -- nine issues Paul Martin
Re: CVE Request -- logrotate -- nine issues Steve Grubb
Re: Vendor-sec hosting and future of closed lists Willy Tarreau
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Josh Bressers
Re: CVE Request -- logrotate -- nine issues Josh Bressers
Re: CVE Request -- logrotate -- nine issues Josh Bressers
Re: CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Josh Bressers
ldd can execute an app unexpectedly Steve Grubb
Re: ldd can execute an app unexpectedly Dmitry V. Levin
Re: ldd can execute an app unexpectedly Steve Grubb
Re: ldd can execute an app unexpectedly Tim Brown
CVE request: kernel: dccp: fix oops on Reset after close Eugene Teo
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel

Tuesday, 08 March

Buffer overflows in fsck may become security issues Ludwig Nussel
Re: ldd can execute an app unexpectedly Tomas Hoger
glibc locale escaping issue Tomas Hoger
CVE request, php's shm Pierre Joye
Re: ldd can execute an app unexpectedly Steve Grubb
Re: CVE request, php's shm Josh Bressers
Re: CVE request, php's shm Tomas Hoger
KDE SSL name check issue Tomas Hoger
Re: Vendor-sec hosting and future of closed lists Josh Bressers
Vendor-sec hosting and future of closed lists R P Herrold
Re: Vendor-sec hosting and future of closed lists akuster
CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Petr Matousek
Re: Vendor-sec hosting and future of closed lists Andrea Barisani
Re: CVE request: kernel: dccp: fix oops on Reset after close Josh Bressers
Re: KDE SSL name check issue Josh Bressers
Re: glibc locale escaping issue Josh Bressers
Re: glibc locale escaping issue Steven M. Christey
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson
Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Eugene Teo

Wednesday, 09 March

CVE request: buffer overflow in unixODBC's SQLDriverConnect() Felipe Pena
CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek
nss-pam-ldapd security advisory (CVE-2011-0438) Arthur de Jong

Thursday, 10 March

Re: CVE Request -- logrotate -- nine issues Josh Bressers
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl
Re: CVE request: buffer overflow in unixODBC's SQLDriverConnect() Josh Bressers
Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl
CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler Eugene Teo

Friday, 11 March

CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Jan Lieskovsky
Re: CVE Request -- logrotate -- nine issues Solar Designer
Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Vasiliy Kulikov
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel
Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Josh Bressers
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen
Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Matthew Nicholson

Saturday, 12 March

announcing libwipe Andrew Clausen
Untrusted fs and invalid filenames Vasiliy Kulikov

Sunday, 13 March

CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
CVE request: PHP substr_replace() use-after-free Felipe Pena
Re: CVE request: PHP substr_replace() use-after-free Eugene Teo
Please REJECT CVE-2008-2956 Michael Gilbert
Re: announcing libwipe Kees Cook
Re: CVE request: PHP substr_replace() use-after-free Oden Eriksson
CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability YGN Ethical Hacker Group
CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
Re: CVE request: PHP substr_replace() use-after-free Felipe Pena
Re: Untrusted fs and invalid filenames Steve Grubb
Re: Untrusted fs and invalid filenames Eitan Adler
Re: announcing libwipe Pierre Joye
Re: Please REJECT CVE-2008-2956 Eugene Teo

Monday, 14 March

CVE requests - kernel: tpm infoleaks Eugene Teo
Re: announcing libwipe Andrew Clausen
Re: announcing libwipe Andrew Clausen
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel
Re: Untrusted fs and invalid filenames Stephan Mueller
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: Untrusted fs and invalid filenames Dan Rosenberg
Re: Untrusted fs and invalid filenames Stephan Mueller
Re: Untrusted fs and invalid filenames Ludwig Nussel
Re: Untrusted fs and invalid filenames Steve Grubb
Re: Untrusted fs and invalid filenames Steve Grubb
CVE request: format-string vulnerability in PHP Phar extension Felipe Pena
Re: CVE request: format-string vulnerability in PHP Phar extension Felipe Pena
CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: Untrusted fs and invalid filenames Vasiliy Kulikov
CVE request for python-feedparser Vincent Danen
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King
Re: CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability Josh Bressers
Re: CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability Josh Bressers
Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability Josh Bressers
Re: CVE requests - kernel: tpm infoleaks Josh Bressers
Re: CVE request: format-string vulnerability in PHP Phar extension Josh Bressers
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers
Re: CVE Request -- logrotate -- nine issues Josh Bressers
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey
Re: CVE requests - kernel: tpm infoleaks Eugene Teo
Re: Vendor-sec hosting and future of closed lists Mike O'Connor
Re: Vendor-sec hosting and future of closed lists Mike O'Connor

Tuesday, 15 March

Re: Vendor-sec hosting and future of closed lists Eugene Teo
gksu-polkit Sebastian Krahmer
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: 2 acpid flaws Ludwig Nussel
Re: gksu-polkit Josh Bressers
CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Timo Warns
Re: Vendor-sec hosting and future of closed lists Mike O'Connor
Re: CVE request for python-feedparser Josh Bressers
Re: 2 acpid flaws Josh Bressers
Re: CVE requests - kernel: tpm infoleaks Josh Bressers
Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Josh Bressers
Re: Vendor-sec hosting and future of closed lists Art Manion
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers
RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT)
Re: Vendor-sec hosting and future of closed lists Eugene Teo

Wednesday, 16 March

RE: Vendor-sec hosting and future of closed lists Mark J Cox
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Ludwig Nussel
Re: Vendor-sec hosting and future of closed lists Andrea Barisani
Re: CVE request for python-feedparser Jonathan Wiltshire
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse
RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT)
Re: Vendor-sec hosting and future of closed lists Eugene Teo
Re: Vendor-sec hosting and future of closed lists Mike O'Connor

Thursday, 17 March

CVE Request: xen DoS Ludwig Nussel
Re: CVE Request: xen DoS Eugene Teo
CVE request for Asterisk flaws Vincent Danen
The risks of cleaning /tmp Dan Rosenberg
Re: The risks of cleaning /tmp Nelson Elhage

Friday, 18 March

CVE request: kernel: AudioScience HPI driver Dan Rosenberg
Re: CVE request: kernel: AudioScience HPI driver Eugene Teo
Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
CVE Request: Joomla! 1.5.21 <= SQL Injection Vulnerability YGN Ethical Hacker Group
CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group
CVE Request: MyBB 1.6 <= SQL Injection YGN Ethical Hacker Group
CVE Request: MyBB 1.6 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
CVE Request: TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities YGN Ethical Hacker Group
CVE Request: 2Wire Broadband Router Session Hijacking Vulnerability YGN Ethical Hacker Group
CVE Request: PHP Support Ticket 2.2 <= Multiple Vulnerabilities YGN Ethical Hacker Group
CVE Request: HP System Management Homepage(SMH) | Open URL Redirection YGN Ethical Hacker Group
CVE Request: XOOPS 2.5.0 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
Re: CVE request: PHP substr_replace() use-after-free Vincent Danen
CVE request: kernel: netfilter & econet infoleaks Vasiliy Kulikov
Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen
Re: MaraDNS 1.4.06 and 1.3.07.11 released Raphael Geissert
Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen
Re: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Mike O'Connor

Saturday, 19 March

RE: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Menkhus, Mark (GSE Security HP SSRT)

Sunday, 20 March

CVE request: MPM-ITK module for Apache HTTPD Stefan Fritsch
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov
CVE request: kernel: heap corruption in IrDA Dan Rosenberg
CVE request: kernel: multiple issues in ROSE Dan Rosenberg
Re: CVE request: kernel: a collection of world-writable debugfs bugs Dan Rosenberg
Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo
Re: CVE request: kernel: multiple issues in ROSE Eugene Teo
Re: CVE request: kernel: heap corruption in IrDA Eugene Teo

Monday, 21 March

Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov
CVE Request (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky
Re: CVE UnRequest (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky
Local memory disclosure (was: libpurple CVE UnRequest) Steven M. Christey
Re: CVE request: kernel: a collection ofworld-writable debugfs bugs dan . j . rosenberg
Re: Local memory disclosure (was: libpurple CVE UnRequest) Steve Grubb
Re: Re: CVE request for python-feedparser Josh Bressers
Re: CVE request for Asterisk flaws Josh Bressers
Re: CVE request: MPM-ITK module for Apache HTTPD Josh Bressers
Re: CVE request: MPM-ITK module for Apache HTTPD Steinar H. Gunderson
Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike
Re: CVE request: kernel: heap corruption in IrDA Dan Rosenberg
Possible security fixes in 5.05? Raphael Geissert

Tuesday, 22 March

Re: CVE request: kernel: heap corruption in IrDA Eugene Teo
CVE requests - kernel: irda/decnet issues Eugene Teo
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger
Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
CVE Request: libpng memory leak Ludwig Nussel
Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. Steven M. Christey
Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike
Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike
Re: CVE requests - kernel: irda/decnet issues Josh Bressers
Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg
Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes
Re: Linux kernel proactive security hardening Solar Designer
Re: Linux kernel signal spoofing vulnerability (CVE request) Eugene Teo
oss-security is on twitter Eugene Teo

Wednesday, 23 March

CVE Request: perl: regex causes assertion fail Ludwig Nussel
CVE Request -- Asterisk Security Vulnerability Matthew Nicholson
Re: CVE Request -- Asterisk Security Vulnerability Steven M. Christey
CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability YGN Ethical Hacker Group
CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group
CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability YGN Ethical Hacker Group
CVE request: kernel: two OSS fixes Dan Rosenberg
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel
RE: oss-security is on twitter Menkhus, Mark (GSE Security HP SSRT)
Re: oss-security is on twitter Eugene Teo

Thursday, 24 March

CVE request: roundcube < 0.5.1 CSRF Hanno Böck
Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky
CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Jan Lieskovsky
Re: CVE request: VLC bookmark buffer overflow Henri Salo
CVE-2011-0728: Loggerhead 1.18.1 security release William Grant
Re: CVE request: kernel: two OSS fixes Eugene Teo

Friday, 25 March

CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Jan Lieskovsky
CVE Request -- Nagios -- XSS in the network status map CGI script Jan Lieskovsky

Sunday, 27 March

CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse Eugene Teo

Monday, 28 March

Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Steven M. Christey
Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Steven M. Christey
Re: CVE Request -- Nagios -- XSS in the network status map CGI script Steven M. Christey
Re: CVE Request: perl: regex causes assertion fail Steven M. Christey
Re: CVE Request: libpng memory leak Steven M. Christey
Re: CVE request: VLC bookmark buffer overflow Steven M. Christey

Tuesday, 29 March

CVE requests : Liferay 6.0.6 Nicolas Grégoire
CVE request: cmsmadesimple before 1.9.1 Hanno Böck
CVE Request: rsyslogd memory leaks Ludwig Nussel
Re: Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes

Wednesday, 30 March

tiff CVE-2011-0192 patch broken Ludwig Nussel
CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Jan Lieskovsky
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Steven M. Christey
Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes pan
Re: CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability Josh Bressers
Re: CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability Josh Bressers
Re: CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability Josh Bressers
Re: CVE request: cmsmadesimple before 1.9.1 Josh Bressers

Thursday, 31 March

Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Raimo Niskanen
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Sverker Eriksson
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Patrick J. Volkerding
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Rickard Green

Previous period

Next period