oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

591 messages starting Oct 05 11 and ending Nov 02 11
Date index | Thread index | Author index

akuster

Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images akuster (Oct 05)

Alex Legler

Re: non-Linux advance notification list Alex Legler (Nov 28)

Andrea Barisani

Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Andrea Barisani (Dec 29)
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 28)

Anthon Pang

Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)

Armin Burgmeier

Re: CVE request: 3 flaws in libobby and libnet6 Armin Burgmeier (Oct 30)

Aurelien Jarno

CVE Request: FreeBSD kernel Aurelien Jarno (Oct 19)

Ben Hawkes

CVE Request: nginx resolver heap overflow Ben Hawkes (Nov 17)

Benjamin Renaut

Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut (Oct 28)

Billy Brumley

CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys Billy Brumley (Dec 01)

Colin Percival

Re: CVE Request: FreeBSD kernel Colin Percival (Oct 24)

Colin Watson

Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Colin Watson (Nov 27)

cve-assign

Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws cve-assign (Oct 19)
Re: More CVEs? (was Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) cve-assign (Dec 30)

Dan Rosenberg

Re: CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 27)
Re: Re: CVE request for Calibre Dan Rosenberg (Nov 03)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 26)
CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)

David Black

Re: CVE request for Django-piston and Tastypie David Black (Nov 01)
CVE request for Django-piston and Tastypie David Black (Nov 01)

David Hicks

Re: /proc/interrupts PoC: spy-interrupts David Hicks (Nov 08)

David Holland

Re: caml-light insecure temporary files David Holland (Nov 08)
caml-light insecure temporary files David Holland (Nov 06)

David Jorm

CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609 David Jorm (Dec 01)
CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information David Jorm (Nov 16)
DOM based XSS in the JBoss AS 7 administration console - CVE-2011-3606 David Jorm (Dec 01)
CVE Request for Apache ActiveMQ DoS David Jorm (Dec 24)
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm (Nov 28)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm (Dec 29)

dishix

CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)

Eitan Adler

Re: CVE Request: FreeBSD kernel Eitan Adler (Oct 24)
Re: caml-light insecure temporary files Eitan Adler (Nov 06)

Elio Maldonado

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Elio Maldonado (Oct 24)

Ethan Blanton

libpurple vulnerability disclosure and fix Ethan Blanton (Oct 01)

Eugene Teo

Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Eugene Teo (Nov 21)
kernel: hfs: add sanity check for file name length Eugene Teo (Nov 20)
Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Eugene Teo (Oct 24)
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
Re: Wrong MLIST link in CVE-2011-3783 Eugene Teo (Oct 16)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Eugene Teo (Nov 23)
CVE request: kernel: crypto: ghash: null pointer deref if no key is set Eugene Teo (Oct 27)
CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Eugene Teo (Dec 15)
CVE request: kernel: oom: fix integer overflow of points in oom_badness Eugene Teo (Oct 31)
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
kernel; CVE-2011-2942 and CVE-2011-3209 Eugene Teo (Oct 24)
CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0 Eugene Teo (Nov 20)

Florian Weimer

Re: CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 26)
Re: caml-light insecure temporary files Florian Weimer (Nov 06)
CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 25)
PR attack against XML Encryption Florian Weimer (Oct 20)
Re: PR attack against XML Encryption Florian Weimer (Oct 21)

Guido Berhoerster

Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 02)

Hanno Böck

CVE request: drupal before 7.5 access bypass Hanno Böck (Nov 20)
CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck (Oct 18)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Hanno Böck (Oct 20)
CVE request: ejabberd before 2.1.9 Hanno Böck (Nov 19)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 30)
CVE request: serendipity freetag plugin before 3.30 and probably others Hanno Böck (Oct 08)
Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
CVE request: mediawiki before 1.17.1 Hanno Böck (Nov 29)
CVE request: joomla 1.5 before 1.5.25 password change vulnerability Hanno Böck (Nov 20)
CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
CVE request: piwik before 1.6 Hanno Böck (Oct 19)
CVE request: vanilla forums cookie theft, plugin access control Hanno Böck (Oct 09)
CVE request: CSRF and file inclusion in usebb before 1.0.12 Hanno Böck (Oct 09)
CVE request: fluxbb before 1.4.7 Hanno Böck (Oct 10)
CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Hanno Böck (Nov 20)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Hanno Böck (Nov 13)
More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
CVE request: simple machines forum before 2.0.1 and 1.1.15 Hanno Böck (Oct 09)
CVE request: ResourceSpace before 4.2.2833 insufficient access check Hanno Böck (Nov 13)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Hanno Böck (Dec 04)
CVE request: XSS in phorum before 5.2.18 Hanno Böck (Oct 10)
CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Nov 03)

Henrik Nordström

Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Henrik Nordström (Nov 01)

Henri Salo

Jara 1.6 SQL injection and XSS Henri Salo (Oct 30)
Fwd: DSA 2338-1 moodle security update Henri Salo (Nov 07)
Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Oct 16)
CVE-request for three 2009 Joomla issues (second part) Henri Salo (Dec 25)
CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Henri Salo (Nov 22)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
CVE-request for three 2009 Joomla issues Henri Salo (Dec 24)
CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Henri Salo (Dec 25)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Henri Salo (Nov 30)
Re: CVE request: piwik before 1.6 Henri Salo (Oct 27)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 05)
CVE-request WordPress pretty-link plugin 1.5.2 XSS Henri Salo (Dec 08)
Re: Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
Re: CVE request: fluxbb before 1.4.7 Henri Salo (Oct 13)
Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Henri Salo (Nov 21)
Re: Jara 1.6 SQL injection and XSS Henri Salo (Oct 31)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 08)
Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Henri Salo (Dec 24)
C|Net Download.Com is now bundling Nmap with malware! Henri Salo (Dec 06)
CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo (Dec 30)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
CVE-request: Joomla 20111001 Core - Information Disclosure Henri Salo (Oct 18)
CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Henri Salo (Dec 18)
CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Henri Salo (Nov 21)
Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo (Nov 22)
CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo (Nov 21)
CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Henri Salo (Dec 22)

Huzaifa Sidhpurwala

OpenIPMI: IPMI event daemon creates PID file with world writeable permissions Huzaifa Sidhpurwala (Dec 12)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
libcap/capsh: does not chdir after chroot Huzaifa Sidhpurwala (Nov 01)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 21)
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 25)
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 26)
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 07)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)
Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set Huzaifa Sidhpurwala (Oct 27)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 23)
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 04)

Jamie Strandboge

CVE request: jenkins Jamie Strandboge (Nov 23)
Security issue in OpenStack (nova) Jamie Strandboge (Oct 03)
Re: RE: [Icecast-dev] Security issue in icecast Jamie Strandboge (Dec 15)
CVE Request: Security issue in backuppc Jamie Strandboge (Oct 27)
CVE request: nova Jamie Strandboge (Oct 25)
Security issue in icecast Jamie Strandboge (Dec 15)

Jan Lieskovsky

CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Jan Lieskovsky (Nov 10)
CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Jan Lieskovsky (Oct 31)
CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Jan Lieskovsky (Nov 07)
CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Jan Lieskovsky (Oct 04)
CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Jan Lieskovsky (Oct 03)
CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Jan Lieskovsky (Dec 09)
CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images] Jan Lieskovsky (Oct 10)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Jan Lieskovsky (Nov 04)
CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Jan Lieskovsky (Nov 15)
CVE Request -- yaws -- Directory traversal flaw Jan Lieskovsky (Nov 25)
CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Jan Lieskovsky (Oct 26)
Re: PR attack against XML Encryption Jan Lieskovsky (Oct 20)
CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Jan Lieskovsky (Nov 09)
CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Jan Lieskovsky (Oct 27)
CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
CVE Request -- pam_yubico -- Authentication bypass via NULL password Jan Lieskovsky (Nov 07)
CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky (Dec 22)
Re: CVE Request: colord sql injections Jan Lieskovsky (Nov 25)
Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue] Jan Lieskovsky (Nov 23)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky (Dec 22)
Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Jan Lieskovsky (Oct 05)
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky (Nov 28)
CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Jan Lieskovsky (Nov 18)
CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Jan Lieskovsky (Nov 18)
CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky (Nov 27)
CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Jan Lieskovsky (Nov 03)
CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Jan Lieskovsky (Nov 23)
CVE-2011-3979 being duplicate of CVE-2011-3352 Jan Lieskovsky (Oct 04)
CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Jan Lieskovsky (Nov 21)

Jason A. Donenfeld

Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 06)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
CVE request for Calibre Jason A. Donenfeld (Nov 01)
Re: CVE request for Calibre Jason A. Donenfeld (Nov 01)

Jeff Mitchell

Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Disputing CVE-2011-4122 Jeff Mitchell (Dec 07)
KDE Security Advisory 20111003-1 published Jeff Mitchell (Oct 03)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 26)

jmm

Re: Fwd: DSA 2338-1 moodle security update jmm (Nov 07)

John Haxby

Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)

John Lightsey

Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)

Joost Hoogendoorn

Re: non-Linux advance notification list Joost Hoogendoorn (Nov 26)

Josh Bressers

Re: CVE request: XSS in phorum before 5.2.18 Josh Bressers (Oct 18)
Re: CVE request: fluxbb before 1.4.7 Josh Bressers (Oct 18)
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Josh Bressers (Oct 04)
Re: Request for CVE Identifier for perl code injection vulnerability in Digest->new() Josh Bressers (Oct 04)
Re: CVE request: serendipity freetag plugin before 3.30 and probably others Josh Bressers (Oct 10)
Re: CVE request: double-free vulnerability in logsurfer Josh Bressers (Oct 18)
Re: CVE Request: pam Josh Bressers (Oct 18)
Re: CVE request: simple machines forum before 2.0.1 and 1.1.15 Josh Bressers (Oct 10)
Re: CVE-request: Joomla 20111001 Core - Information Disclosure Josh Bressers (Oct 18)
Re: CVE Request: mplayer RDT parsing integer underlow Josh Bressers (Oct 20)
Re: MySQL executable comment execution on MySQL slave server (from 2009) Josh Bressers (Oct 18)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Josh Bressers (Oct 20)
Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Josh Bressers (Oct 04)
Re: CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Josh Bressers (Oct 18)
Re: CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities Josh Bressers (Oct 04)
Re: CVE request: vanilla forums cookie theft, plugin access control Josh Bressers (Oct 10)
Re: Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Josh Bressers (Oct 05)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Josh Bressers (Oct 18)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Josh Bressers (Oct 25)
Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers (Oct 18)
Re: CVE requests: Tahoe-LAFS and atop Josh Bressers (Oct 10)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Josh Bressers (Oct 20)
Re: CVE request: mplayer SAMI subtitle parsing buffer overflow Josh Bressers (Oct 18)
Re: libpurple vulnerability disclosure and fix Josh Bressers (Oct 04)
Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Josh Bressers (Oct 05)
Re: CVE Request: apt Josh Bressers (Oct 20)
Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Josh Bressers (Oct 10)
Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)
Re: CVE request: CSRF and file inclusion in usebb before 1.0.12 Josh Bressers (Oct 10)
Re: Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Josh Bressers (Oct 05)

Julien Cristau

Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)

Juliusz Chroboczek

Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Juliusz Chroboczek (Oct 06)

Kurt Seifried

Re: CVE request: Proc::ProcessTable perl module Kurt Seifried (Nov 30)
Re: Security issue in icecast Kurt Seifried (Dec 15)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 03)
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Kurt Seifried (Nov 22)
Re: CVE Request: icu out of bounds access Kurt Seifried (Dec 09)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
Re: CVE request for wireshark flaws Kurt Seifried (Nov 01)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Kurt Seifried (Dec 09)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 06)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Kurt Seifried (Nov 15)
Re: CVE assignment from previous years Kurt Seifried (Dec 19)
Re: potential OpenPAM vulnerability Kurt Seifried (Nov 08)
Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Kurt Seifried (Nov 29)
Fwd: Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 11)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
Re: CVE-2011-4862 is not BSD-specific Kurt Seifried (Dec 25)
Re: Fwd: DSA 2338-1 moodle security update Kurt Seifried (Nov 13)
Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check Kurt Seifried (Nov 14)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Kurt Seifried (Oct 25)
Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Kurt Seifried (Nov 21)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 29)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 23)
Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
Re: CVE Request -- kernel: send(m)msg: user pointer dereferences Kurt Seifried (Dec 08)
Re: CVE request: nova Kurt Seifried (Oct 25)
Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness Kurt Seifried (Oct 31)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Kurt Seifried (Nov 21)
Re: kernel: hfs: add sanity check for file name length Kurt Seifried (Nov 21)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
Re: CVE Request -- yaws -- Directory traversal flaw Kurt Seifried (Nov 25)
Re: CVE-request WordPress pretty-link plugin 1.5.2 XSS Kurt Seifried (Dec 08)
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Kurt Seifried (Nov 13)
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 20)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried (Dec 29)
acpid - possible issue in socket handling Kurt Seifried (Dec 06)
Re: CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Kurt Seifried (Nov 20)
Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
Re: CVE request: Mahara Kurt Seifried (Nov 04)
Re: CVE request: glibc: timezone integer overflow Kurt Seifried (Dec 07)
Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Kurt Seifried (Nov 30)
Re: CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Kurt Seifried (Nov 09)
Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried (Dec 15)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 27)
Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
Re: closed-list Kurt Seifried (Dec 27)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 13)
Re: CVE-request for three 2009 Joomla issues (second part) Kurt Seifried (Dec 25)
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Kurt Seifried (Nov 28)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 11)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
Re: CVE Request: colord sql injections Kurt Seifried (Nov 25)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
CVE for HTML-Template-Pro 0.9506 XSS Kurt Seifried (Dec 18)
Re: Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Kurt Seifried (Nov 22)
Re: CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Kurt Seifried (Nov 28)
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
Re: mpack 1.6 allows eavesdropping on mails sent by other users Kurt Seifried (Dec 31)
Re: CVE request: ejabberd before 2.1.9 Kurt Seifried (Nov 19)
Re: kernel: kvm: pit timer with no irqchip crashes the system Kurt Seifried (Dec 21)
Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 10)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
Re: CVE request: kernel: multiple issues in ROSE Kurt Seifried (Dec 27)
Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Kurt Seifried (Dec 19)
Re: caml-light insecure temporary files Kurt Seifried (Nov 06)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
Re: CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Kurt Seifried (Nov 23)
Re: CVE request: acpid Kurt Seifried (Dec 06)
Re: CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Kurt Seifried (Nov 21)
Re: CVE Request: openssh 5.8p2 Kurt Seifried (Nov 21)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
Re: CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Kurt Seifried (Oct 26)
Re: CVE-request: Elxis CMS two XSS-vulnerabilities Kurt Seifried (Dec 31)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried (Dec 06)
Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Kurt Seifried (Dec 23)
Re: CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Kurt Seifried (Oct 27)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Kurt Seifried (Nov 21)
Re: Fwd: Bug script install slackware Kurt Seifried (Nov 28)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 08)
Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Kurt Seifried (Oct 28)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Kurt Seifried (Oct 26)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE-request for three 2009 Joomla issues Kurt Seifried (Dec 25)
Re: CVE request: jenkins Kurt Seifried (Nov 23)
Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried (Oct 28)
Re: CVE request: Pidgin crash Kurt Seifried (Dec 09)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 18)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Kurt Seifried (Oct 31)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 11)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Kurt Seifried (Nov 03)
Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Kurt Seifried (Nov 21)
Arch Linux Shaman issue Kurt Seifried (Nov 14)
Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 25)
Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
Re: CVE Request -- kernel: tight loop and no preemption can cause system stall Kurt Seifried (Dec 21)
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
Re: CVE request: zabbix persistent XSS flaw Kurt Seifried (Dec 16)
Re: CVE assignment from previous years Kurt Seifried (Dec 20)
Re: CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Kurt Seifried (Dec 25)
CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl Kurt Seifried (Dec 19)
Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)
Re: CVE request: 3 flaws in libobby and libnet6 Kurt Seifried (Oct 31)
Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Kurt Seifried (Dec 15)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Kurt Seifried (Nov 03)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried (Nov 04)
Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Kurt Seifried (Dec 24)
Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kurt Seifried (Dec 22)
CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts Kurt Seifried (Nov 28)
Re: CVE Request for Apache ActiveMQ DoS Kurt Seifried (Dec 25)
Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Kurt Seifried (Oct 26)
Re: CVE Request -- pam_yubico -- Authentication bypass via NULL password Kurt Seifried (Nov 07)
Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Kurt Seifried (Dec 07)
Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability Kurt Seifried (Nov 20)
Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Kurt Seifried (Nov 09)
Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information Kurt Seifried (Nov 16)
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
plib ulSetError() buffer overflow - CVE-2011-4620 Kurt Seifried (Dec 21)
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 21)
TYPO3 typo3-core-sa-2011-004 Kurt Seifried (Dec 16)
Re: Re: CVE request: Android: vold stack buffer overflow Kurt Seifried (Nov 08)
Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Kurt Seifried (Nov 21)
Re: CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Kurt Seifried (Nov 07)
Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Kurt Seifried (Dec 12)
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Kurt Seifried (Nov 18)
Re: CVE request: mediawiki before 1.17.1 Kurt Seifried (Nov 29)
Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
Re: CVE Request: ffmpeg Kurt Seifried (Dec 06)
Re: CVE request -- kernel: kvm: device assignment DoS Kurt Seifried (Nov 24)
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
Re: Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 02)
Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Kurt Seifried (Nov 15)
Re: CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Kurt Seifried (Nov 18)
MySQL executable comment execution on MySQL slave server (from 2009) Kurt Seifried (Oct 18)
Re: CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Kurt Seifried (Nov 10)
Re: CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Kurt Seifried (Nov 14)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE request: rocksndiamonds world-writable working/config directory Kurt Seifried (Dec 12)
Fwd: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Kurt Seifried (Nov 21)
Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 14)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried (Nov 28)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 04)
Re: Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 21)
Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Kurt Seifried (Nov 04)

Kyle Creyts

Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kyle Creyts (Dec 22)

Ludwig Nussel

Re: CVE Request: colord sql injections Ludwig Nussel (Nov 25)
CVE Request: icu out of bounds access Ludwig Nussel (Dec 09)
CVE Request: colord sql injections Ludwig Nussel (Nov 25)

Marc Deslauriers

CVE Request: apt Marc Deslauriers (Oct 19)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
CVE Request: pam Marc Deslauriers (Oct 18)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
CVE Request: ffmpeg Marc Deslauriers (Dec 04)

Marcus Meissner

Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Marcus Meissner (Nov 06)
CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner (Oct 28)
CVE Request: openssh 5.8p2 Marcus Meissner (Nov 21)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
CVE request: kernel/AppArmor local denial of service Marcus Meissner (Oct 17)
CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Marcus Meissner (Oct 26)
Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)

Mark Doliner

CVE request: Pidgin crash Mark Doliner (Dec 09)

Matthias Weckbecker

CVE request: glibc: timezone integer overflow Matthias Weckbecker (Dec 05)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Matthias Weckbecker (Oct 18)

Matthieu Herrb

Fwd: X.Org security advisory: xserver locking code issues Matthieu Herrb (Oct 18)

Michael Gilbert

Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)

Michael Harrison

Re: non-Linux advance notification list Michael Harrison (Nov 28)
Re: non-Linux advance notification list Michael Harrison (Nov 27)
CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Michael Harrison (Oct 10)

Moritz Muehlenhoff

CVE request: Proc::ProcessTable perl module Moritz Muehlenhoff (Nov 30)
CVE request: Mahara Moritz Muehlenhoff (Nov 04)
CVE request: acpid Moritz Muehlenhoff (Dec 06)
CVE requests: Tahoe-LAFS and atop Moritz Muehlenhoff (Oct 09)
Re: CVE Request: FreeBSD kernel Moritz Muehlenhoff (Oct 20)
CVE request: simplesamlphp / Typo3 Moritz Muehlenhoff (Dec 23)
Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
Re: CVE Request: mplayer RDT parsing integer underlow Moritz Muehlenhoff (Oct 20)

Moritz Mühlenhoff

Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Moritz Mühlenhoff (Oct 20)
Re: CVE request: simplesamlphp / Typo3 Moritz Mühlenhoff (Dec 23)

MustLive

Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 10)
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)

Nick Kralevich

Re: Re: CVE request: Android: vold stack buffer overflow Nick Kralevich (Nov 10)

Nico Golde

Re: CVE id request: python-virtualenv Nico Golde (Dec 19)
CVE id request: ffmpeg Nico Golde (Nov 30)
CVE id request: python-virtualenv Nico Golde (Dec 19)

Patrick J. Volkerding

Re: Fwd: Bug script install slackware Patrick J. Volkerding (Nov 29)
linux-distros Slackware membership Patrick J. Volkerding (Nov 28)

Paul

cve request: bat_socket_read memory corruption Paul (Dec 10)
Re: cve request: bat_socket_read memory corruption Paul (Dec 10)

Petr Lautrbach

Re: CVE Request -- Multiple security issues in various versions of AWStats Petr Lautrbach (Oct 10)

Petr Matousek

kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
CVE Request -- kernel: nfs4_getfacl decoding kernel oops Petr Matousek (Nov 11)
CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 26)
CVE Request -- kernel: send(m)msg: user pointer dereferences Petr Matousek (Dec 08)
qemu: CVE-2011-3346 Petr Matousek (Oct 20)
CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl Petr Matousek (Dec 22)
Please REJECT CVE-2011-1161 Petr Matousek (Oct 11)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Petr Matousek (Nov 11)
CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Petr Matousek (Nov 21)
CVE Request -- kernel: tight loop and no preemption can cause system stall Petr Matousek (Dec 21)
CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Petr Matousek (Oct 26)
Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
Re: kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
Re: Re: Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
CVE request -- kernel: kvm: device assignment DoS Petr Matousek (Nov 24)
Re: CVE request: kernel/AppArmor local denial of service Petr Matousek (Oct 17)
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Petr Matousek (Nov 21)
CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Petr Matousek (Oct 21)

psy

XSSer v1.6 -beta- aka "Grey Swarm!" released. psy (Nov 30)

Ramon de C Valle

Request for CVE Identifier for perl code injection vulnerability in Digest->new() Ramon de C Valle (Oct 03)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Ramon de C Valle (Oct 28)
Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Ramon de C Valle (Oct 05)
Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Ramon de C Valle (Oct 05)
Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)

Raphael Bastos

Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)
Fwd: Bug script install slackware Raphael Bastos (Nov 28)
Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)

Reed Loden

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Reed Loden (Oct 24)

Rémi Denis-Courmont

[CVE REQUEST] VLC media player: NULL dereference in HTTP server Rémi Denis-Courmont (Oct 06)

Reuben Hawkins

Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)

Robert Ancell

Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)

Robert Relyea

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Robert Relyea (Oct 24)

Robert Święcki

Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)

Rob Keith

Re: CVE Request -- yaws -- Directory traversal flaw Rob Keith (Nov 25)

Sean Amoss

CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Sean Amoss (Oct 09)
CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Sean Amoss (Oct 28)

Sebastian Krahmer

potential OpenPAM vulnerability Sebastian Krahmer (Nov 08)
CVE Request: slapd off by one Sebastian Krahmer (Oct 26)
Re: Disputing CVE-2011-4122 Sebastian Krahmer (Dec 28)

Sebastian Pipping

Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)
mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)

Secunia Research

RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Secunia Research (Dec 01)

Solar Designer

Re: rpm/librpm/rpm-python memory corruption pre-verification Solar Designer (Oct 01)
radvd 1.8.2 released with security fixes Solar Designer (Oct 06)
Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
Re: non-Linux advance notification list Solar Designer (Nov 26)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 14)
CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
OpenBSD bcrypt error return Solar Designer (Nov 14)
hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 15)
linux-distros list setup update Solar Designer (Nov 17)
Re: Disputing CVE-2011-4122 Solar Designer (Dec 27)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
Re: Request for linux-distros list membership Solar Designer (Oct 04)
Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
Re: closed-list Solar Designer (Dec 29)
Re: Fwd: Bug script install slackware Solar Designer (Nov 29)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
non-Linux advance notification list Solar Designer (Nov 17)
weird crypt-sha* in DragonFly BSD Solar Designer (Nov 14)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
*BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 14)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
Re: Disputing CVE-2011-4122 Solar Designer (Dec 23)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 04)
Re: non-Linux advance notification list Solar Designer (Dec 08)
Re: linux-distros list setup update Solar Designer (Dec 13)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
Re: non-Linux advance notification list Solar Designer (Nov 26)
Re: Closed list Solar Designer (Dec 29)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Oct 26)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 31)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 29)
Re: OpenBSD bcrypt error return Solar Designer (Nov 14)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Nov 04)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Solar Designer (Nov 30)
Re: linux-distros Slackware membership Solar Designer (Nov 28)
Re: Fwd: Bug script install slackware Solar Designer (Nov 28)
Re: closed-list membership transition Solar Designer (Nov 19)
Re: non-Linux advance notification list Solar Designer (Nov 27)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
Re: non-Linux advance notification list Solar Designer (Nov 27)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Nov 15)

Stefan Bühler

CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Stefan Bühler (Nov 29)

Steve Grubb

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)

Steven M. Christey

Re: Re: CVE request for Calibre Steven M. Christey (Nov 04)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Steven M. Christey (Nov 22)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Steven M. Christey (Nov 14)
Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Steven M. Christey (Oct 27)
Re: Wrong MLIST link in CVE-2011-3783 Steven M. Christey (Oct 17)
Re: CVE assignment from previous years Steven M. Christey (Dec 20)

Tavis Ormandy

Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)

The Fungi

Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c The Fungi (Nov 16)

Thomas Biege

Re: kiwi shell meta char injection Thomas Biege (Nov 02)
kiwi shell meta char injection Thomas Biege (Nov 02)

Thomas.Rucker

RE: [Icecast-dev] Security issue in icecast Thomas.Rucker (Dec 15)

Timo Sirainen

Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Timo Sirainen (Nov 18)

Timo Warns

Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)

Tim Sammut

CVE Request: mplayer RDT parsing integer underlow Tim Sammut (Oct 18)
CVE request: mplayer SAMI subtitle parsing buffer overflow Tim Sammut (Oct 13)
CVE assignment from previous years Tim Sammut (Dec 19)

Tim Zingelman

Re: non-Linux advance notification list Tim Zingelman (Nov 18)

Tomas Hoger

Re: CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability Tomas Hoger (Oct 05)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger (Dec 30)

Tyler Hicks

Request for linux-distros list membership Tyler Hicks (Oct 04)

Vasiliy Kulikov

CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Vasiliy Kulikov (Nov 08)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
/proc/$PID/sched PoC: spy-gksu Vasiliy Kulikov (Nov 05)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
/proc/interrupts PoC: spy-interrupts Vasiliy Kulikov (Nov 07)
Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
Re: CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)

Vincent Danen

CVE request: rocksndiamonds world-writable working/config directory Vincent Danen (Dec 12)
CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Vincent Danen (Oct 24)
CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Vincent Danen (Nov 08)
Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
CVE request: zabbix persistent XSS flaw Vincent Danen (Dec 16)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Vincent Danen (Nov 15)
CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Vincent Danen (Dec 12)
CVE request for wireshark flaws Vincent Danen (Nov 01)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Vincent Danen (Oct 19)
CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Vincent Danen (Dec 07)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Vincent Danen (Oct 07)

vladz

Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Nov 06)
Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Oct 28)
CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz (Dec 15)

YGN Ethical Hacker Group

CVE Request: vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Oct 04)
CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability YGN Ethical Hacker Group (Oct 05)
CVE Request: vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Oct 05)
CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group (Oct 02)

Yves-Alexis Perez

Re: PR attack against XML Encryption Yves-Alexis Perez (Oct 20)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
Re: CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Yves-Alexis Perez (Oct 28)
Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)

Previous period

Next period