oss-sec: by author
RSS Feed
About List
All Lists
Previous period
550 messages
starting Jul 12 11 and
ending Sep 14 11
Date index |
Thread index |
Author index
Abhijeet Patil
[Announcement] ClubHack Magazine Issue 18-July2011 Released Abhijeet Patil (Jul 12)
CFP open for ClubHack2011 Abhijeet Patil (Jul 30)
akuster
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount akuster (Sep 23)
Alan Boudreault
Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Alan Boudreault (Jul 19)
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Alan Boudreault (Jul 20)
Alex Legler
CVE request: BusyBox unpack_Z_stream() buffer underflow Alex Legler (Aug 19)
CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
Andrea Barisani
[oCERT-2011-001] Chyrp input sanitization errors Andrea Barisani (Jul 13)
oCERT name change due to trademark claims Andrea Barisani (Jul 07)
Barry Greene
Re: The Bind incident Barry Greene (Jul 06)
Billy Rios
Re: libxml security fix from apple ... any information? Billy Rios (Jul 28)
Chris Evans
Re: vsftpd download backdoored Chris Evans (Jul 06)
Colin Percival
Re: LZW decompression issues Colin Percival (Sep 28)
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 04)
Daniele Bianco
Re: [oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)
[oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)
Daniel Veillard
Re: libxml security fix from apple ... any information? Daniel Veillard (Aug 04)
dann frazier
Re: CVE request: perf: may parse user-controlled config file dann frazier (Aug 11)
CVE request: perf: may parse user-controlled config file dann frazier (Aug 09)
Dan Rosenberg
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)
Re: [oCERT-2011-002] libavcodec insufficient boundary check Dan Rosenberg (Aug 10)
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 15)
CVE request (and disclosure): ax25d missing setuid return code check Dan Rosenberg (Aug 09)
CVE request: kernel: arbitrary kernel read in xtensa Dan Rosenberg (Jul 20)
Re: CVE requests: Two kernel issues Dan Rosenberg (Aug 09)
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 14)
dave bl
Re: CVE Request: foomatic-gui dave bl (Aug 04)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws dave bl (Sep 15)
Re: CVE Request: foomatic-gui dave bl (Aug 05)
David Hicks
CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities David Hicks (Aug 18)
David Jorm
Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() David Jorm (Aug 24)
dfncert
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 15)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
Djalal Harouni
CVE-2011-1764 Exim: DKIM Format String Djalal Harouni (Jul 15)
Eren Türkay
Re: CVE request (and disclosure): ax25d missing setuid return code check Eren Türkay (Aug 10)
D-Link DCS-2121 Semicolon Vulnerability Eren Türkay (Sep 09)
Erik de Castro Lopo
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
Eugene Teo
The Bind incident Eugene Teo (Jul 05)
CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 23)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 11)
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Eugene Teo (Sep 25)
CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Eugene Teo (Jul 05)
Re: CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Eugene Teo (Sep 14)
kernel: ext3/4: ext3/4_symlink lock oops Eugene Teo (Aug 14)
Re: CVE request: kernel: gro: Only reset frag0 when skb can be pulled Eugene Teo (Jul 28)
CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe() Eugene Teo (Jul 15)
Re: vsftpd download backdoored Eugene Teo (Jul 05)
Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 23)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 14)
Re: vsftpd download backdoored Eugene Teo (Jul 04)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Eugene Teo (Jul 29)
Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Eugene Teo (Aug 19)
Re: CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Eugene Teo (Jul 01)
Re: The Bind incident Eugene Teo (Jul 05)
CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() Eugene Teo (Jul 11)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
CVE-2011-1780, CVE-2011-1936, kernel/xen issues Eugene Teo (Jul 07)
CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize Eugene Teo (Jul 12)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Eugene Teo (Jul 20)
kernel: CVE-2011-2482/2519 Eugene Teo (Aug 29)
CVE request: kernel: change in how tcp seq numbers are generated Eugene Teo (Aug 23)
Re: The Bind incident Eugene Teo (Jul 07)
CVE request: kernel: ipv6: make fragment identifications less predictable Eugene Teo (Jul 20)
Re: CVE request -- kernel: perf: fix software event overflow Eugene Teo (Aug 15)
Re: CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Eugene Teo (Jul 01)
Even Rouault
Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Even Rouault (Jul 19)
Florian Weimer
Re: LZW decompression issues Florian Weimer (Sep 28)
Re: The Bind incident Florian Weimer (Jul 06)
Geoffrey Keating
Re: CVE request and info: freetype flaw to jailbreak iphone Geoffrey Keating (Jul 17)
halfdog
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 16)
Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 12)
Hanno Böck
CVE request: roundcube XSS before 0.5.4 Hanno Böck (Aug 18)
CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Hanno Böck (Sep 19)
HD Moore
Re: vsftpd download backdoored HD Moore (Jul 04)
Re: vsftpd download backdoored HD Moore (Jul 04)
Re: vsftpd download backdoored HD Moore (Jul 04)
Henri Doreau
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Henri Doreau (Sep 07)
Henri Salo
Re: CVE request: gri < 2.12.18 insecure temp file generation Henri Salo (Jul 28)
CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Aug 03)
Re: CVE request: silverstripe before 2.4.4 Henri Salo (Jul 24)
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Sep 24)
CVE-request: pithos symlink vulnerability CWE-61 Henri Salo (Aug 04)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Henri Salo (Sep 08)
CVE request: sNews 1.7.1 XSS in reorder Henri Salo (Jul 20)
CVE request: PunBB multiple XSS issues Henri Salo (Sep 18)
Fwd: Joomla! Security News Henri Salo (Jul 20)
CVE-request Tribiq CMS path disclosure HTB22857 Henri Salo (Jul 28)
CVE request: coppermine gallery < 1.4.26 Henri Salo (Aug 04)
Re: CVE Request: foomatic-gui Henri Salo (Aug 04)
CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Henri Salo (Aug 04)
CVE request: PyForum backdoor BMSA-2009-07 Henri Salo (Jul 24)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo (Sep 15)
CVE-request: KaiBB security vulnerabilities without CVE-IDs Henri Salo (Aug 04)
CVE request: Drupal Data-module multiple vulnerabilities Henri Salo (Jul 24)
Huzaifa Sidhpurwala
Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Huzaifa Sidhpurwala (Jul 05)
Re: CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Huzaifa Sidhpurwala (Jul 20)
Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala (Jul 19)
CVE Request: Multiple issues fixed in wireshark 1.6.2 Huzaifa Sidhpurwala (Sep 12)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Huzaifa Sidhpurwala (Jul 17)
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Huzaifa Sidhpurwala (Aug 14)
Re: CVE request: kernel: ipv6: make fragment identifications less predictable Huzaifa Sidhpurwala (Jul 20)
Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala (Jul 12)
Re: CVE Request: foomatic-gui Huzaifa Sidhpurwala (Aug 11)
Please reject CVE-2011-0705 Huzaifa Sidhpurwala (Jul 01)
Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala (Jul 28)
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Huzaifa Sidhpurwala (Jul 28)
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Huzaifa Sidhpurwala (Aug 02)
Re: CVE Request: ruby PRNG fixes Huzaifa Sidhpurwala (Jul 19)
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 21)
Jamie Strandboge
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jamie Strandboge (Jul 07)
CVE Request -- apt Jamie Strandboge (Sep 22)
Security issue in reseed Jamie Strandboge (Jul 06)
CVE Request: reseed Jamie Strandboge (Jul 06)
Re: CVE Request -- apt Jamie Strandboge (Sep 22)
Security issue in hammerhead Jamie Strandboge (Aug 26)
Jan Lieskovsky
CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Jan Lieskovsky (Sep 15)
CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue Jan Lieskovsky (Jul 29)
CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Jan Lieskovsky (Sep 11)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky (Jul 29)
CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Jan Lieskovsky (Jul 21)
CVE Request -- GLPI -- Properly blacklist some sensitive fields Jan Lieskovsky (Jul 25)
CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Jan Lieskovsky (Sep 29)
Re: CVE requests; issues fixed in MySQL 5.1.52 Jan Lieskovsky (Jul 20)
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 15)
Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky (Jul 18)
CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Jan Lieskovsky (Jul 26)
CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Jan Lieskovsky (Jul 25)
CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Jan Lieskovsky (Jul 19)
CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Jan Lieskovsky (Jul 19)
CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Jan Lieskovsky (Sep 22)
CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Jan Lieskovsky (Sep 08)
CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Jan Lieskovsky (Jul 28)
CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky (Jul 19)
CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 13)
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan Lieskovsky (Sep 07)
CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Jan Lieskovsky (Sep 09)
CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky (Jul 11)
Re: Squirrelmail CVE duplicates Jan Lieskovsky (Jul 25)
CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Jan Lieskovsky (Sep 08)
Jan-Oliver Wagner
Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan-Oliver Wagner (Sep 09)
Jeff Johnson
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 25)
Jeff Mitchell
Re: CVE Request: Ark path traversal Jeff Mitchell (Jul 26)
CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 31)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 28)
CVE Request: Ark path traversal Jeff Mitchell (Jul 25)
Jeffrey Czerniak
Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak (Jul 30)
Joerg Sonnenberger
Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
Johannes Schlüter
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Johannes Schlüter (Sep 26)
John Haxby
Re: Closed List John Haxby (Aug 30)
Closed List John Haxby (Aug 30)
John Lightsey
CVE request: two vulnerabilities in ktsuss 1.4 and earlier John Lightsey (Aug 13)
Jonathan Wiltshire
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
CVE request for bcfg2 (remote root) Jonathan Wiltshire (Sep 01)
CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
Jon Oberheide
Re: CVE request (and disclosure): ax25d missing setuid return code check Jon Oberheide (Aug 11)
Josh Bressers
Re: CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution Josh Bressers (Aug 30)
Re: CVE Request? etherape remote crash (denial of service) Josh Bressers (Sep 22)
Re: CVE Request: foomatic-gui Josh Bressers (Aug 04)
Re: CVE request: stunnel 4.4x heap overflow flaw Josh Bressers (Aug 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Josh Bressers (Jul 20)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Josh Bressers (Sep 14)
Re: CVE request: coppermine gallery < 1.4.26 Josh Bressers (Aug 19)
Re: CVE Request: reseed Josh Bressers (Jul 12)
CVE Assignment - evolution CVE-2011-3201 Josh Bressers (Aug 26)
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
Re: CVE request: perf: may parse user-controlled config file Josh Bressers (Aug 09)
Re: CVE requests; issues fixed in MySQL 5.1.52 Josh Bressers (Jul 12)
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Josh Bressers (Sep 30)
Re: CVE request: PyForum backdoor BMSA-2009-07 Josh Bressers (Jul 26)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers (Aug 09)
Re: cve request: xpdf: insecure tempfile usage in zxpdf script Josh Bressers (Aug 09)
Re: CVE request: kernel: arbitrary kernel read in xtensa Josh Bressers (Jul 20)
Re: CVE-request: KaiBB security vulnerabilities without CVE-IDs Josh Bressers (Aug 19)
Re: CVE request: sNews 1.7.1 XSS in reorder Josh Bressers (Jul 20)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Josh Bressers (Aug 19)
Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Josh Bressers (Jul 26)
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Josh Bressers (Sep 09)
Re: CVE Request: Missing input sanitation in various X GLX calls Josh Bressers (Sep 23)
Re: CVE request: plone privilege escalation flaw Josh Bressers (Jul 12)
Re: D-Link DCS-2121 Semicolon Vulnerability Josh Bressers (Sep 14)
Re: CVE requests: Typo3 Josh Bressers (Sep 30)
Re: vsftpd download backdoored Josh Bressers (Jul 11)
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Josh Bressers (Jul 20)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Aug 17)
Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Josh Bressers (Sep 22)
Re: CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability Josh Bressers (Aug 19)
Re: CVE Request: samba, cifs-utils Josh Bressers (Sep 30)
Re: CVE Request: Ark path traversal Josh Bressers (Jul 26)
Re: CVE request: hplip: insecure tmp file handling Josh Bressers (Jul 26)
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
CVE assignment php NULL pointer dereference - CVE-2011-3182 Josh Bressers (Aug 22)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Josh Bressers (Sep 09)
Re: CVE id request: masqmail Josh Bressers (Sep 09)
Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 20)
CVE assignment - PHP salt flaw CVE-2011-3189 Josh Bressers (Aug 23)
Re: CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Josh Bressers (Sep 30)
Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
Re: CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities Josh Bressers (Aug 19)
Re: CVE id request: (e)glibc Josh Bressers (Jul 20)
Re: CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Josh Bressers (Sep 23)
Re: CVE Request: foomatic-gui Josh Bressers (Aug 03)
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Josh Bressers (Aug 30)
Re: CVE request - dhcp clients Josh Bressers (Jul 26)
Re: Re: lightdm issues Josh Bressers (Sep 09)
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Josh Bressers (Sep 14)
Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Josh Bressers (Jul 26)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Jul 29)
Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)
Re: CVE request: improper permissions on ~/.qtnx/*.nxml Josh Bressers (Aug 12)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers (Aug 12)
Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers (Jul 12)
Re: CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting Josh Bressers (Aug 22)
Re: CVE id request: shttpd/mongoose/yassl embedded webserver Josh Bressers (Aug 03)
Re: CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Josh Bressers (Sep 09)
Re: CVE-request: pithos symlink vulnerability CWE-61 Josh Bressers (Aug 19)
Re: CVE request: libqt4: two memory issues Josh Bressers (Aug 24)
Re: CVE Request -- apt Josh Bressers (Sep 23)
Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Josh Bressers (Jul 15)
Re: CVE Request: ffmpeg/libav Josh Bressers (Sep 30)
Re: CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Sep 30)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Josh Bressers (Jul 29)
Re: CVE request: heap overflow in perl while decoding Unicode string Josh Bressers (Aug 19)
Re: CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Josh Bressers (Jul 29)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
Re: CVE request: zabbix XSS flaw Josh Bressers (Aug 09)
Re: Security issue in hammerhead Josh Bressers (Aug 30)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Josh Bressers (Jul 22)
Re: CVE-request Tribiq CMS path disclosure HTB22857 Josh Bressers (Jul 29)
Re: CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Josh Bressers (Sep 09)
Re: CVE Request: X.org ProcRenderGlyps input sanitation issue Josh Bressers (Sep 23)
Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields Josh Bressers (Jul 26)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
Re: CVE id request: apache mod-auth-external Josh Bressers (Jul 12)
Re: Fwd: Joomla! Security News Josh Bressers (Jul 20)
Re: CVE request: Linux kernel af_packet information leak Josh Bressers (Aug 03)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Josh Bressers (Sep 27)
Re: CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Josh Bressers (Sep 09)
Re: libreoffice/openoffice.org CVE id request Josh Bressers (Jul 12)
Re: CVE request for OpenTTD Josh Bressers (Sep 06)
Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities Josh Bressers (Aug 19)
Re: CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Aug 19)
Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 12)
Re: CVE request: PunBB multiple XSS issues Josh Bressers (Sep 22)
Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection Josh Bressers (Aug 12)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Josh Bressers (Sep 14)
Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting Josh Bressers (Sep 14)
Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities Josh Bressers (Jul 22)
Re: CVE request: roundcube XSS before 0.5.4 Josh Bressers (Aug 19)
Re: CVE request: Pidgin crash Josh Bressers (Aug 22)
Re: CVE Request: foo2zjs Josh Bressers (Jul 12)
Re: CVE request (and disclosure): ax25d missing setuid return code check Josh Bressers (Aug 12)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
Re: CVE request: two vulnerabilities in ktsuss 1.4 and earlier Josh Bressers (Aug 16)
Re: CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting Josh Bressers (Aug 30)
Re: CVE request: Drupal Data-module multiple vulnerabilities Josh Bressers (Jul 26)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Josh Bressers (Jul 12)
Re: CVE request for bcfg2 (remote root) Josh Bressers (Sep 06)
Re: CVE request: heap-based buffer overflow in ldns Josh Bressers (Sep 30)
Kees Cook
CVE request: kernel: gro: Only reset frag0 when skb can be pulled Kees Cook (Jul 28)
closed-list membership transition Kees Cook (Sep 16)
Re: closed-list membership transition Kees Cook (Sep 16)
multiple flaws in minissdpd Kees Cook (Jul 28)
Ludwig Nussel
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 13)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Ludwig Nussel (Jul 18)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 11)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 14)
CVE Request: ruby PRNG fixes Ludwig Nussel (Jul 11)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 12)
Re: closed-list membership transition Ludwig Nussel (Sep 19)
Re: CVE requests; issues fixed in MySQL 5.1.52 Ludwig Nussel (Jul 04)
Lukas Fleischer
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)
Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
Maksymilian Arciemowicz
Re: php ZipArchive::addGlob() crashes on invalid flags Maksymilian Arciemowicz (Jul 01)
Marc Deslauriers
CVE Request: foomatic-gui Marc Deslauriers (Aug 03)
CVE Request: samba, cifs-utils Marc Deslauriers (Sep 27)
CVE Request: foo2zjs Marc Deslauriers (Jul 06)
CVE Request: ffmpeg/libav Marc Deslauriers (Sep 27)
Re: CVE Request: ffmpeg/libav Marc Deslauriers (Sep 30)
Marcus Meissner
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Marcus Meissner (Aug 12)
CVE Request: Missing input sanitation in various X GLX calls Marcus Meissner (Sep 22)
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 07)
libxml security fix from apple ... any information? Marcus Meissner (Jul 28)
CVE Request? etherape remote crash (denial of service) Marcus Meissner (Sep 19)
CVE Request: X.org ProcRenderGlyps input sanitation issue Marcus Meissner (Sep 22)
CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 06)
Mark Doliner
CVE request: Pidgin crash Mark Doliner (Aug 20)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
Mark J Cox
CVE assignment Apache httpd multiple-range DoS ("Apache Killer") - CVE-2011-3192 Mark J Cox (Aug 24)
Markus Friedl
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)
Matthias Andree
Re: vsftpd download backdoored Matthias Andree (Jul 05)
Matthias Weckbecker
CVE-request(?): squid: buffer overflow in Gopher reply parser Matthias Weckbecker (Aug 29)
CVE request: libqt4: two memory issues Matthias Weckbecker (Aug 22)
Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker (Aug 22)
CVE request: hplip: insecure tmp file handling Matthias Weckbecker (Jul 26)
Michael Gilbert
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 22)
cve request: xpdf: insecure tempfile usage in zxpdf script Michael Gilbert (Aug 03)
cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 18)
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Aug 03)
Michael Tokarev
CVE Request: qemu -runas does not clear supplementary groups Michael Tokarev (Jul 12)
Mike O'Connor
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Mike O'Connor (Jul 12)
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Mike O'Connor (Aug 04)
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor (Jul 21)
Re: The Bind incident Mike O'Connor (Jul 06)
miniupnp
Re: multiple flaws in minissdpd miniupnp (Jul 29)
Moritz Muehlenhoff
CVE requests: Typo3 Moritz Muehlenhoff (Sep 26)
Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff (Sep 29)
Re: CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Moritz Muehlenhoff (Sep 08)
CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Moritz Muehlenhoff (Sep 13)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Moritz Muehlenhoff (Sep 13)
Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff (Jul 26)
Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff (Jul 29)
Squirrelmail CVE duplicates Moritz Muehlenhoff (Jul 24)
CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 09)
Re: CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 10)
CVE request: Linux kernel af_packet information leak Moritz Muehlenhoff (Aug 03)
Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)
Moritz Mühlenhoff
Re: CVE request: Pidgin crash Moritz Mühlenhoff (Aug 22)
Re: Squirrelmail CVE duplicates Moritz Mühlenhoff (Jul 25)
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff (Jul 26)
Nico Golde
CVE id request: shttpd/mongoose/yassl embedded webserver Nico Golde (Aug 03)
CVE id request: (e)glibc Nico Golde (Jul 18)
CVE id request: apache mod-auth-external Nico Golde (Jul 12)
CVE id request: masqmail Nico Golde (Sep 07)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Nico Golde (Sep 08)
libreoffice/openoffice.org CVE id request Nico Golde (Jul 06)
Nicolas Grégoire
Is there a maintainer for librsvg ? Nicolas Grégoire (Sep 15)
nicolas vigier
Re: rpm/librpm/rpm-python memory corruption pre-verification nicolas vigier (Sep 29)
Oracle Security Alerts
Re: Closed list Oracle Security Alerts (Jul 01)
Papers, Call For
CFP SecurityByte India Papers, Call For (Jul 26)
Petr Matousek
CVE request -- kernel: perf: fix software event overflow Petr Matousek (Aug 15)
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Petr Matousek (Sep 07)
Re: CVE request: kernel: change in how tcp seq numbers are generated Petr Matousek (Aug 23)
CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Petr Matousek (Sep 14)
kernel: xen: CVE-2011-2901 Petr Matousek (Aug 30)
CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Petr Matousek (Jul 01)
CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Petr Matousek (Sep 08)
CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Petr Matousek (Sep 14)
CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Petr Matousek (Jul 15)
Pierre Joye
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 26)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
pinto.elia () gmail com
R: Re: [oss-security] vsftpd download backdoored pinto.elia () gmail com (Jul 04)
Ralf Baechle
Re: CVE request (and disclosure): ax25d missing setuid return code check Ralf Baechle (Aug 11)
Rasmus Lerdorf
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Rasmus Lerdorf (Sep 25)
Robert Ancell
Re: lightdm issues Robert Ancell (Aug 26)
Sebastian Krahmer
lightdm issues Sebastian Krahmer (Aug 24)
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer (Aug 26)
Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
CVE Request: hplip/foomatic-filters Sebastian Krahmer (Jul 13)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Jul 24)
lxc + fscaps Sebastian Krahmer (Aug 23)
Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
Sergey Chernyshev
Start(up) API project security Sergey Chernyshev (Aug 18)
Solar Designer
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Aug 26)
Re: LZW decompression issues Solar Designer (Sep 29)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: Closed list Solar Designer (Jul 22)
Re: Closed list Solar Designer (Jul 29)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: CVE request: openssl timing attack Solar Designer (Jul 05)
Re: libxml security fix from apple ... any information? Solar Designer (Jul 30)
Re: CVE request: multiple libraries getenv() misuse Solar Designer (Jul 26)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: CFP SecurityByte India Solar Designer (Jul 26)
Re: vsftpd download backdoored Solar Designer (Jul 04)
Re: vsftpd download backdoored Solar Designer (Jul 04)
vsftpd download backdoored Solar Designer (Jul 03)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 11)
Re: Closed List Solar Designer (Aug 30)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: vsftpd download backdoored Solar Designer (Jul 04)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
Re: vsftpd download backdoored Solar Designer (Jul 04)
Re: closed-list membership transition Solar Designer (Sep 16)
Re: Closed list Solar Designer (Jul 21)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 06)
Re: The Bind incident Solar Designer (Jul 05)
FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
Re: vsftpd download backdoored Solar Designer (Jul 04)
Re: CVE request: openssl timing attack Solar Designer (Jul 09)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Aug 03)
Re: closed-list membership transition Solar Designer (Sep 19)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
Re: *BSD security contacts Solar Designer (Jul 21)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Sep 05)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 24)
Re: vsftpd download backdoored Solar Designer (Jul 04)
iputils ping6 -s buffer overflow Solar Designer (Jul 26)
Re: CVE request: openssl timing attack Solar Designer (Jul 03)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 08)
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? Solar Designer (Jul 26)
Re: CVE request (and disclosure): ax25d missing setuid return code check Solar Designer (Aug 11)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 18)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
*BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Solar Designer (Jul 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
Re: CFP open for ClubHack2011 Solar Designer (Jul 30)
Stas Malyshev
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
Stefan Behte
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Stefan Behte (Jul 18)
Stefan Fritsch
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Stefan Fritsch (Jul 16)
Steffen Joeris
Re: Closed list Steffen Joeris (Jul 21)
Steve Grubb
Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 09)
Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 10)
Steve Kemp
Re: Closed list Steve Kemp (Jul 21)
Steven M. Christey
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Steven M. Christey (Sep 15)
Re: CVE request: gri < 2.12.18 insecure temp file generation Steven M. Christey (Jul 28)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey (Aug 31)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
Re: [oCERT-2011-001] Chyrp input sanitization errors Steven M. Christey (Jul 13)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Steven M. Christey (Jul 27)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Steven M. Christey (Aug 15)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Steven M. Christey (Jul 13)
Tavis Ormandy
Re: LZW decompression issues Tavis Ormandy (Sep 29)
Re: LZW decompression issues Tavis Ormandy (Sep 28)
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
rpm/librpm/rpm-python memory corruption pre-verification Tavis Ormandy (Sep 27)
Thijs Kinkhorst
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Thijs Kinkhorst (Sep 13)
CVE Request: BackupPC 3.2.1 fixes cross site scripting Thijs Kinkhorst (Sep 13)
Thomas Biege
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Aug 02)
CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 10)
Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
CVE request: GIF loader buffer overflow when initializing decompression tables Thomas Biege (Aug 02)
Re: CFP open for ClubHack2011 Thomas Biege (Aug 01)
CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Jul 14)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 11)
Thomas Goirand
Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 12)
Thomas Osterried
Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 18)
Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 11)
Tim Brown
Re: CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Tim Brown (Jul 25)
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 07)
Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 09)
Timo Warns
CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Timo Warns (Aug 19)
Tim Waugh
Re: CVE Request: foomatic-gui Tim Waugh (Aug 03)
Re: CVE Request: foomatic-gui Tim Waugh (Aug 05)
Re: CVE Request: foomatic-gui Tim Waugh (Aug 04)
Tim Zingelman
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
Re: LZW decompression issues Tim Zingelman (Sep 29)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 18)
Re: *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Tim Zingelman (Jul 21)
Tomas Hoger
SSL renegotiation DoS CVE-2011-1473 Tomas Hoger (Jul 08)
Re: LZW decompression issues Tomas Hoger (Sep 29)
Re: CVE request: BusyBox unpack_Z_stream() buffer underflow Tomas Hoger (Aug 19)
CVE request - dhcp clients Tomas Hoger (Jul 25)
Re: LZW decompression issues Tomas Hoger (Sep 28)
New IcedTea and IcedTea-Web releases Tomas Hoger (Jul 20)
Re: Closed list Tomas Hoger (Jul 29)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)
Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 19)
Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Jul 28)
Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
Re: CVE request: openssl timing attack Tomas Hoger (Jul 06)
Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Aug 01)
Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 24)
Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 24)
Re: Closed list Tomas Hoger (Jul 04)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tomas Hoger (Jul 19)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Tomas Hoger (Aug 12)
LZW decompression issues Tomas Hoger (Aug 10)
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 03)
Re: CVE request: openssl timing attack Tomas Hoger (Jul 04)
Re: Re: php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
Vasiliy Kulikov
Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov (Sep 21)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Vasiliy Kulikov (Jul 25)
Vincent Danen
CVE request: heap overflow in tcptrack < 1.4.2 Vincent Danen (Aug 09)
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Vincent Danen (Aug 30)
CVE-2011-2524: libsoup's SoupServer directory traversal flaw Vincent Danen (Jul 28)
Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 19)
CVE request: heap-based buffer overflow in ldns Vincent Danen (Sep 24)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen (Jul 15)
two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Vincent Danen (Jul 25)
CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation Vincent Danen (Jul 18)
CVE request: plone privilege escalation flaw Vincent Danen (Jul 04)
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 26)
CVE-2011-2907: authentication bypass in torque Vincent Danen (Aug 10)
CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Vincent Danen (Jul 27)
CVE request and info: freetype flaw to jailbreak iphone Vincent Danen (Jul 16)
CVE request: improper permissions on ~/.qtnx/*.nxml Vincent Danen (Aug 11)
Re: CVE Request: Missing input sanitation in various X GLX calls Vincent Danen (Sep 23)
Re: CVE Request: qemu -runas does not clear supplementary groups Vincent Danen (Jul 12)
CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 24)
CVE request: heap overflow in perl while decoding Unicode string Vincent Danen (Aug 18)
CVE request: zabbix XSS flaw Vincent Danen (Aug 09)
CVE request: stunnel 4.4x heap overflow flaw Vincent Danen (Aug 19)
CVE request: ruby on rails flaws (4) Vincent Danen (Aug 17)
CVE mistake in libsoup release notes Vincent Danen (Jul 29)
William Cohen
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (Jul 12)
yersinia
Re: rpm/librpm/rpm-python memory corruption pre-verification yersinia (Sep 28)
YGN Ethical Hacker Group
CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution YGN Ethical Hacker Group (Aug 26)
CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 21)
CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability YGN Ethical Hacker Group (Aug 17)
CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities YGN Ethical Hacker Group (Aug 17)
CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection YGN Ethical Hacker Group (Aug 11)
CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Sep 25)
CVE Request: Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 30)
CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting YGN Ethical Hacker Group (Aug 26)
CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Aug 17)
CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting YGN Ethical Hacker Group (Aug 22)
Yves-Alexis Perez
Re: Is there a maintainer for librsvg ? Yves-Alexis Perez (Sep 15)
Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 25)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 29)
Re: Re: lightdm issues Yves-Alexis Perez (Sep 07)
Re: closed-list membership transition Yves-Alexis Perez (Sep 16)
Re: CVE request: perf: may parse user-controlled config file Yves-Alexis Perez (Aug 09)
Re: CVE requests: Two kernel issues Yves-Alexis Perez (Aug 12)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
Zeev Suraski
RE: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Zeev Suraski (Sep 25)
Zooko O'Whielacronx
unauthorized deletion of file in Tahoe-LAFS Zooko O'Whielacronx (Sep 14)