oss-sec: by thread
578 messages
starting Apr 02 12 and
ending Jun 30 12
Date index |
Thread index |
Author index
- CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Henri Salo (Apr 03)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 04)
- Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
- Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
- CVEs assigned for Movable Type 4.36 and 5.05 security updates Henri Salo (Apr 02)
- Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kevin Grittner (Apr 02)
- Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Apr 03)
- Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried (Apr 03)
- CVE-request: Joomla 2012-04 398-20120307 399-20120308 Henri Salo (Apr 03)
- Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 Kurt Seifried (Apr 03)
- Fw: [vs] RPM issues Tomas Hoger (Apr 03)
- fix to CVE-2009-4307 akuster (Apr 03)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 03)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 03)
- Re: fix to CVE-2009-4307 Petr Matousek (Apr 11)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 11)
- Re: fix to CVE-2009-4307 Xi Wang (Jun 04)
- Re: fix to CVE-2009-4307 akuster (Apr 04)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 12)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 03)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 03)
- CVE request: privilege escalation in sectool Vincent Danen (Apr 03)
- Re: CVE request: privilege escalation in sectool Kurt Seifried (Apr 03)
- Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel (Apr 04)
- CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259 Stefan Cornelius (Apr 04)
- Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kurt Seifried (Apr 04)
- expat hash collision fix too predictable? Marcus Meissner (Apr 05)
- Re: expat hash collision fix too predictable? Andreas Ericsson (Apr 05)
- Re: expat hash collision fix too predictable? Kurt Seifried (Apr 05)
- CVE Request: slock-0.9 displays modal box after locking Kurt Seifried (Apr 05)
- Re: CVE Request: slock-0.9 displays modal box after locking Kurt Seifried (Apr 05)
- CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 06)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 10)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 10)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 11)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 11)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 11)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 10)
- Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 10)
- libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Solar Designer (Apr 07)
- CVE request: gajim - code execution and sql injection David Black (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)
- Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
- CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface Kurt Seifried (Apr 08)
- Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm (Apr 09)
- Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm (Apr 10)
- Dispute Taggator Plugin for WordPress taggator.php tagid Parameter SQL Injection Henri Salo (Apr 09)
- CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
- Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
- CVE id request for links2 Nico Golde (Apr 09)
- Re: CVE id request for links2 Huzaifa Sidhpurwala (Apr 09)
- Re: CVE id request for links2 Kurt Seifried (Apr 10)
- Re: CVE id request for links2 Nico Golde (Apr 11)
- Re: CVE id request for links2 Kurt Seifried (May 05)
- Re: CVE id request for links2 Nico Golde (Apr 11)
- gajim insecure file creation when using latex Nico Golde (Apr 09)
- Re: gajim insecure file creation when using latex Kurt Seifried (Apr 10)
- CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers (Apr 10)
- Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried (Apr 10)
- CVE Request: FlightGear and Simgear Multiple vulnerabilities Andres Gomez (Apr 10)
- Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities Kurt Seifried (Apr 10)
- CVE id request: wicd Nico Golde (Apr 11)
- Re: CVE id request: wicd Kurt Seifried (Apr 11)
- Re: CVE id request: wicd Sebastian Krahmer (Apr 15)
- Re: CVE id request: wicd Kurt Seifried (Apr 11)
- CVE Request for Drupal Contributed Advisories on 2012-04-11 Greg Knaddison (Apr 11)
- Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 Kurt Seifried (Apr 11)
- CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 12)
- CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Kurt Seifried (Apr 12)
- Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky (Apr 12)
- nginx security advisory: mp4 module vulnerability, CVE-2012-2089 Andrew Alexeev (Apr 12)
- CVE Request: Heap corruption in openjpeg Huzaifa Sidhpurwala (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Kurt Seifried (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky (Apr 13)
- CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius (Apr 13)
- Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried (Apr 13)
- CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
- Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)
- FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 15)
- Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 15)
- CVE Requests: Multiple security flaws in csound5 Huzaifa Sidhpurwala (Apr 15)
- Re: CVE Requests: Multiple security flaws in csound5 Kurt Seifried (Apr 16)
- Re: CVE Requests: Multiple security flaws in csound5 john ffitch (Apr 19)
- CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Henri Salo (Apr 16)
- Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Kurt Seifried (Apr 16)
- CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Henri Salo (Apr 16)
- Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Kurt Seifried (Apr 16)
- CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 18)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph (Apr 18)
- Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen (Apr 18)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp (Apr 27)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 28)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- CVE-request: OpenEMR 4.1.0 SQL-injection Henri Salo (Apr 16)
- Re: CVE-request: OpenEMR 4.1.0 SQL-injection Kurt Seifried (Apr 18)
- Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 17)
- Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Apr 17)
- Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 19)
- Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Apr 19)
- Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 19)
- <Possible follow-ups>
- Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 17)
- Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Apr 17)
- CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Henri Salo (Apr 17)
- Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Kurt Seifried (Apr 17)
- Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group (Apr 17)
- Stack-based buffer overflow in musl libc 0.8.7 and earlier Rich Felker (Apr 18)
- Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier Kurt Seifried (Apr 18)
- CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
- Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
- CVE Request for Drupal Contributed Advisories on 2012-04-18 Greg Knaddison (Apr 18)
- Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 Kurt Seifried (Apr 18)
- CVE request -- kernel: kvm: device assignment page leak Petr Matousek (Apr 19)
- Re: CVE request -- kernel: kvm: device assignment page leak Kurt Seifried (Apr 19)
- CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Jan Lieskovsky (Apr 19)
- CVE request: latex2man / texlive Matthias Weckbecker (Apr 19)
- Re: CVE request: latex2man / texlive Kurt Seifried (Apr 19)
- CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages Petr Matousek (Apr 19)
- CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
- Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 22)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Andrew Morton (Apr 20)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
- Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
- CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Eugene Teo (Apr 19)
- Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Kurt Seifried (Apr 19)
- OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 20)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
- R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
- <Possible follow-ups>
- R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
- R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
- R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
- CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 Stefan Cornelius (Apr 20)
- CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Jan Lieskovsky (Apr 20)
- Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Kurt Seifried (Apr 20)
- CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Jan Lieskovsky (Apr 22)
- Security vulnerabilities fixed in WordPress 3.3.2 Henri Salo (Apr 23)
- Re: Security vulnerabilities fixed in WordPress 3.3.2 cve-assign (Apr 23)
- Re: Re: Security vulnerabilities fixed in WordPress 3.3.2 Kurt Seifried (Apr 23)
- Re: Security vulnerabilities fixed in WordPress 3.3.2 cve-assign (Apr 23)
- Asterisk AST-2012-004 AST-2012-005 AST-2012-006 cve-assign (Apr 23)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
- CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel (Apr 24)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Kurt Seifried (Apr 24)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen (Apr 30)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel (May 02)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen (May 02)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel (May 02)
- Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Marc Deslauriers (Apr 30)
- CVE Request: use after free bug in "quota" handling in hugetlb code Marcus Meissner (Apr 24)
- Re: CVE Request: use after free bug in "quota" handling in hugetlb code Kurt Seifried (Apr 24)
- CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Jan Lieskovsky (Apr 24)
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- <Possible follow-ups>
- CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
- CERT Linux Triage Tools 1.0 Released INFO#208126 CERT(R) Coordination Center (Apr 25)
- CVE request: two flaws fixed in rubygem-mail 2.4.4 Vincent Danen (Apr 25)
- Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 Kurt Seifried (Apr 25)
- CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Jan Lieskovsky (Apr 26)
- CVE Request: programming error in crypt(3) Xin Li (Apr 26)
- Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
- Re: CVE Request: programming error in crypt(3) Eitan Adler (Apr 26)
- Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
- Re: CVE Request: programming error in crypt(3) Eitan Adler (Apr 26)
- Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
- Re: CVE Request: programming error in crypt(3) Xin Li (Apr 26)
- Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Apr 27)
- <Possible follow-ups>
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (May 04)
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (May 04)
- weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (Apr 27)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (Apr 28)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (Apr 30)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (May 01)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (May 01)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (May 02)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (Apr 30)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Kurt Seifried (Apr 28)
- Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (Apr 28)
- CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)
- Page disclosure/cve updated in wiki Henri Salo (Apr 29)
- CVE-request: SilverStripe before 2.4.4 Henri Salo (Apr 29)
- Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried (Apr 30)
- Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried (May 01)
- Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried (Apr 30)
- CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Hanno Böck (Apr 30)
- Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Kurt Seifried (May 01)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (May 01)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (May 02)
- CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Marcus Meissner (May 02)
- Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Kurt Seifried (May 02)
- temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles cve-assign (May 02)
- CVE Request for Drupal contributed modules Greg Knaddison (May 02)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (May 02)
- <Possible follow-ups>
- CVE Request for Drupal contributed modules Greg Knaddison (May 30)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Solar Designer (Jun 04)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 13)
- Re: CVE Request for Drupal contributed modules Henri Salo (Jun 14)
- Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 15)
- Re: CVE Request for Drupal contributed modules Steven M. Christey (Jun 27)
- Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
- CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 03)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Steve Beattie (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried (May 05)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Steve Beattie (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Ludwig Nussel (May 04)
- Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 04)
- Security issue in libav/ffmpeg Jamie Strandboge (May 03)
- CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Kurt Seifried (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Florian Weimer (May 04)
- Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 07)
- Debian/Ubuntu php_crypt_revamped.patch Solar Designer (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Solar Designer (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Daniel Kahn Gillmor (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Michael Gilbert (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried (May 05)
- Re: Debian/Ubuntu php_crypt_revamped.patch Solar Designer (May 04)
- Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried (May 04)
- CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Jan Lieskovsky (May 04)
- PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Solar Designer (May 04)
- Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Marcus Meissner (May 04)
- Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Tomas Hoger (May 09)
- [OSSA 2012-006] Horizon session fixation and reuse Russell Bryant (May 04)
- CVE request: A Pidgin remote crash Mark Doliner (May 06)
- Re: CVE request: A Pidgin remote crash Kurt Seifried (May 07)
- connman heads up / CVE requests Sebastian Krahmer (May 07)
- Re: connman heads up / CVE requests Jan Lieskovsky (May 07)
- Re: connman heads up / CVE requests Sebastian Krahmer (May 07)
- Re: connman heads up / CVE requests Kurt Seifried (May 07)
- Re: connman heads up / CVE requests Sebastian Krahmer (May 08)
- Re: connman heads up / CVE requests Sebastian Krahmer (May 07)
- Re: connman heads up / CVE requests Jan Lieskovsky (May 07)
- CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Timo Warns (May 07)
- Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Kurt Seifried (May 07)
- CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
- Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
- Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
- Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
- CVE request: mybb before 1.6.7 Hanno Böck (May 07)
- Re: CVE request: mybb before 1.6.7 Kurt Seifried (May 07)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
- Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
- CVE-request: MyBB before 1.6.1 Henri Salo (May 08)
- Re: CVE-request: MyBB before 1.6.1 Kurt Seifried (May 08)
- CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Alex Legler (May 08)
- Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Kurt Seifried (May 08)
- CVE request: Piwik before 1.7 Hanno Böck (May 08)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 08)
- Re: CVE request: Piwik before 1.7 Henri Salo (May 13)
- Re: CVE request: Piwik before 1.7 Hanno Böck (May 13)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 13)
- Re: CVE request: Piwik before 1.7 Nicob (May 13)
- Re: CVE request: Piwik before 1.7 Henri Salo (Jun 07)
- Re: CVE request: Piwik before 1.7 Henri Salo (May 13)
- Re: CVE request: Piwik before 1.7 Kurt Seifried (May 08)
- CVE request: XSS and SQL injection in serendipity before 1.7.1 Hanno Böck (May 08)
- Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 Kurt Seifried (May 08)
- CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port Stefan Cornelius (May 09)
- CVE-request: phpMyFAQ default password 1.3.2 Henri Salo (May 10)
- Re: CVE-request: phpMyFAQ default password 1.3.2 Kurt Seifried (May 10)
- CVE-request: galette sql injection Johan Cwiklinski (May 10)
- Re: CVE-request: galette sql injection Kurt Seifried (May 10)
- CVE Request for Drupal contributed modules - 2012-05-10 Greg Knaddison (May 10)
- Re: CVE Request for Drupal contributed modules - 2012-05-10 Kurt Seifried (May 10)
- CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Henri Salo (May 10)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 10)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff (May 11)
- Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 10)
- OpenSSL invalid TLS/DTLS record attack (CVE-2012-2333) Solar Designer (May 10)
- bug in OpenSSL's CVE-2012-0884 fix Solar Designer (May 10)
- CVE-2012-1597: XSS in eZ Publish Luc ABRIC (May 11)
- CVE request: sympa micah anderson (May 11)
- CVE request: sympa (try again) micah (May 11)
- ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor (May 11)
- Re: ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Solar Designer (May 12)
- Re: CVE request: sympa (try again) Kurt Seifried (May 11)
- Re: CVE request: sympa (try again) micah anderson (May 12)
- Re: CVE request: sympa (try again) Kurt Seifried (May 12)
- Re: CVE request: sympa (try again) micah anderson (May 15)
- Re: CVE request: sympa (try again) Kurt Seifried (May 15)
- Re: CVE request: sympa (try again) micah anderson (May 12)
- ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor (May 11)
- CVE request: mahara Moritz Muehlenhoff (May 11)
- Re: CVE request: mahara Kurt Seifried (May 11)
- CVE request: pam_shield Jonathan Niehof (May 11)
- Re: CVE request: pam_shield Kurt Seifried (May 11)
- CVE request: Bytemark Symbiosis Steve Kemp (May 14)
- Re: CVE request: Bytemark Symbiosis Kurt Seifried (May 14)
- socat security advisory Gerhard Rieger (May 14)
- Automatic binary hardening with Autoconf Solar Designer (May 14)
- Re: Automatic binary hardening with Autoconf Steve Grubb (May 15)
- Re: Automatic binary hardening with Autoconf Steve Grubb (May 15)
- Re: Automatic binary hardening with Autoconf Marcus Meissner (May 15)
- Re: Automatic binary hardening with Autoconf Sebastian Krahmer (May 15)
- Re: Automatic binary hardening with Autoconf Steve Grubb (May 15)
- Using FreeBSD Capsicum for program and library sandboxing Solar Designer (May 14)
- Re: Using FreeBSD Capsicum for program and library sandboxing Ben Laurie (May 15)
- CVE Request: gdk-pixbuf Integer overflow in XBM file loader Sean Amoss (May 15)
- Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader Kurt Seifried (May 15)
- CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Henri Salo (May 15)
- Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Kurt Seifried (May 15)
- Format string security flaw in pidgin-otr Ian Goldberg (May 16)
- CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
- Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
- Re: CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
- Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
- Re: CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
- Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
- Re: CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
- Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
- 100 bugs in Open Source C/C++ projects Eugene Teo (May 17)
- CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Petr Matousek (May 18)
- CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection Jan Lieskovsky (May 18)
- CVE Request -- kernel: incomplete fix for CVE-2011-4131 Petr Matousek (May 18)
- Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 Kurt Seifried (May 18)
- sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Solar Designer (May 18)
- Re: sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Jan Lieskovsky (May 18)
- CVE-2012-2759 WordPress Login With Ajax plugin re-enlistment XSS cve-assign (May 18)
- CVE-2012-2762 Serendipity include/functions_trackbacks.inc.php SQL injection cve-assign (May 18)
- CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert (May 18)
- Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried (May 18)
- Re: libupnp buffer overflows Henri Salo (May 19)
- RE: libupnp buffer overflows fabrice.fontaine (May 19)
- CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
- Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
- Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access YGN Ethical Hacker Group (May 20)
- Acuity CMS 2.6.x <= Arbitrary File Upload YGN Ethical Hacker Group (May 20)
- CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF) Tiago Natel de Moura (May 24)
- CVE request: PHP Phar - arbitrary code execution Felipe Pena (May 20)
- Re: CVE request: PHP Phar - arbitrary code execution Kurt Seifried (May 22)
- CVE Request: some drm overflow checks Marcus Meissner (May 20)
- Re: CVE Request: some drm overflow checks Kurt Seifried (May 22)
- CVE-2011-3102 / libxml2 Moritz Muehlenhoff (May 21)
- Re: CVE-2011-3102 / libxml2 Jan Lieskovsky (May 22)
- CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)
- Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo (May 22)
- Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options maximilian attems (May 22)
- CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod (May 23)
- <Possible follow-ups>
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein (May 22)
- Moodle security notifications public Michael de Raadt (May 22)
- CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Kurt Seifried (May 23)
- Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky (May 23)
- CVE request: cobbler command injection David Black (May 23)
- Re: CVE request: cobbler command injection Kurt Seifried (May 23)
- CVE Request -- kernel: huge pages: memory leak on mmap failure Petr Matousek (May 23)
- Re: CVE Request -- kernel: huge pages: memory leak on mmap failure Kurt Seifried (May 23)
- CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin (May 23)
- Re: CVE request: Multiple vulnerabilities in LogAnalyzer Kurt Seifried (May 23)
- <Possible follow-ups>
- CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin (May 23)
- CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Jan Lieskovsky (May 23)
- Re: CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Kurt Seifried (May 23)
- CVE request: haproxy trash buffer overflow flaw Vincent Danen (May 23)
- Re: CVE request: haproxy trash buffer overflow flaw Kurt Seifried (May 23)
- CVE Request: powerdns does not clear supplementary groups David Black (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas (May 24)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
- Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
- CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation Dwayne C. Litzenberger (May 24)
- CVE-2011-2906 should have been rejected (kernel non-security issue) Vincent Danen (May 24)
- Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue Jan Lieskovsky (May 28)
- Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 28)
- Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 29)
- Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Caolán McNamara (May 29)
- linux-distros unsubscriptions Mark J Cox (May 29)
- Re: linux-distros unsubscriptions Solar Designer (May 29)
- CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)
- Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried (May 29)
- Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations John Haxby (May 29)
- Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried (May 29)
- CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
- Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
- Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)
- CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Florian Weimer (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 31)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 07)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 07)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 08)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 31)
- Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Stefan Behte (Jun 02)
- Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed Jan Lieskovsky (May 30)
- ScriptFu Server Buffer Overflow in GIMP <= 2.6 Joseph Sheridan (May 30)
- SQL Injection Vulnerability in Ruby on Rails (CVE-2012-2661) Aaron Patterson (May 31)
- Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) Aaron Patterson (May 31)
- CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Jan Lieskovsky (Jun 04)
- memory allocator upstream patches Xi Wang (Jun 04)
- Re: memory allocator upstream patches Jan Lieskovsky (Jun 07)
- Re: memory allocator upstream patches Kurt Seifried (Jun 07)
- BIND: Handling of zero length rdata can cause named to terminate unexpectedly Solar Designer (Jun 05)
- CVE request: openldap does not honor TLSCipherSuite configuration option Vincent Danen (Jun 05)
- Re: CVE request: openldap does not honor TLSCipherSuite configuration option Kurt Seifried (Jun 05)
- Re: CVE request: openldap does not honor TLSCipherSuite configuration option Henri Salo (Jun 05)
- CVE request: rack-cache caches sensitive headers (Set-Cookie) Matthias Weckbecker (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Kurt Seifried (Jun 06)
- Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky (Jun 06)
- Arbitrary File Upload/Execution in Collabtive Mark Hoopes (Jun 06)
- Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried (Jun 06)
- Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried (Jun 06)
- Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried (Jun 06)
- CVE-Request: hyper-v daemon Sebastian Krahmer (Jun 06)
- Re: CVE-Request: hyper-v daemon Kurt Seifried (Jun 06)
- Re: CVE-Request: hyper-v daemon Kurt Seifried (Jun 06)
- Re: CVE-Request: hyper-v daemon Greg KH (Jun 06)
- Re: CVE-Request: hyper-v daemon Marcus Meissner (Jun 07)
- Re: CVE-Request: hyper-v daemon Greg KH (Jun 07)
- Re: CVE-Request: hyper-v daemon Marcus Meissner (Jun 07)
- Re: CVE-Request: hyper-v daemon Marcus Meissner (Jun 07)
- Re: CVE-Request: hyper-v daemon Kurt Seifried (Jun 06)
- CVE request: Mojarra allows deployed web applications to read FacesContext from other applications David Jorm (Jun 06)
- Some notes on CVE's and group privilege dropping Kurt Seifried (Jun 06)
- WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)
- <Possible follow-ups>
- Re: WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)
- Re: Re: WHMCS 5.0.2> SQLi CVE Request Kurt Seifried (Jun 11)
- CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 David Hicks (Jun 09)
- Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 Kurt Seifried (Jun 11)
- Security vulnerability in MySQL/MariaDB sql/password.c Sergei Golubchik (Jun 09)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 18)
- Re: MySQL CVEs Kurt Seifried (Jun 19)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 27)
- Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 18)
- CVE request -- libguestfs: virt-edit doesn't preserve file permissions Petr Matousek (Jun 11)
- Re: CVE request -- libguestfs: virt-edit doesn't preserve file permissions Kurt Seifried (Jun 11)
- CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Petr Matousek (Jun 11)
- Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation Xen . org security team (Jun 12)
- Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS Xen . org security team (Jun 12)
- Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Xen . org security team (Jun 12)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 14)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Giles Coochey (Jun 15)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 15)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) John Haxby (Jun 15)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Marcus Meissner (Jun 20)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 24)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Giles Coochey (Jun 15)
- Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 14)
- Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694) Aaron Patterson (Jun 12)
- Ruby on Rails SQL Injection (CVE-2012-2695) Aaron Patterson (Jun 12)
- CVE request: XSS in uselang http parameter (mediawiki) Vincent Danen (Jun 13)
- Re: CVE request: XSS in uselang http parameter (mediawiki) Kurt Seifried (Jun 13)
- CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Huzaifa Sidhpurwala (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Yves-Alexis Perez (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried (Jun 14)
- CVE-2012-3345: symlink attack in ioquake3 >= r1773, < r2253 Simon McVittie (Jun 14)
- CVE request: java hashdos vulnerability Hanno Böck (Jun 15)
- Re: CVE request: java hashdos vulnerability Kurt Seifried (Jun 16)
- CVE request: phplist before 2.10.18 XSS and sql injection Hanno Böck (Jun 15)
- Re: CVE request: phplist before 2.10.18 XSS and sql injection Kurt Seifried (Jun 16)
- CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Jan Lieskovsky (Jun 18)
- Joomla! Security News 2012-06-19 Henri Salo (Jun 19)
- Re: Joomla! Security News 2012-06-19 Kurt Seifried (Jun 19)
- mod_security CVE request Kurt Seifried (Jun 21)
- Re: mod_security CVE request Kurt Seifried (Jun 21)
- CVE request: CSRF in eXtplorer Luciano Bello (Jun 23)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 27)
- Re: CVE request: CSRF in eXtplorer Luciano Bello (Jun 26)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)
- CVE request: Full path disclosure in DokuWiki Felipe Pena (Jun 24)
- Re: CVE request: Full path disclosure in DokuWiki Kurt Seifried (Jun 24)
- Xen vulnerability disclosure process, recent timeline Solar Designer (Jun 25)
- CVE Request: viewvc Ludwig Nussel (Jun 25)
- Re: CVE Request: viewvc Kurt Seifried (Jun 25)
- CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
- Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried (Jun 25)
- XXE in Zend Nicolas Grégoire (Jun 26)
- Re: XXE in Zend Nicolas Grégoire (Jun 26)
- Re: XXE in Zend Kurt Seifried (Jun 27)
- CVE-2012-2639 reject request (duplicate of CVE-2011-4940) Jan Lieskovsky (Jun 26)
- CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Jan Lieskovsky (Jun 27)
- please verify unusual x.509 constraints are handled Tavis Ormandy (Jun 27)
- Re: please verify unusual x.509 constraints are handled Ludwig Nussel (Jun 27)
- CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried (Jun 27)
- Re: CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried (Jun 27)
- CVE request: arbitrary code exec in bcfg2 Vincent Danen (Jun 27)
- Re: CVE request: arbitrary code exec in bcfg2 Kurt Seifried (Jun 27)
- PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 27)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Pierre Joye (Jun 27)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 28)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Oden Eriksson (Jun 28)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 28)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Matthias Weckbecker (Jun 27)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Johannes Schlüter (Jun 28)
- Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Stuart Henderson (Jun 28)
- RE: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Zeev Suraski (Jun 28)
- Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 28)
- Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Rasmus Lerdorf (Jun 28)
- Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Stuart Henderson (Jun 28)
- Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Pierre Joye (Jun 27)
- accountsservice local file disclosure flaw (CVE-2012-2737) Vincent Danen (Jun 28)
- Irfanview Plugins JLS Decompression Joseph Sheridan (Jun 29)
- GIMP FIT File Format DoS Joseph Sheridan (Jun 29)
- RE: GIMP FIT File Format DoS Morris, Patrick (Jun 29)
- Re: RE: GIMP FIT File Format DoS Benji (Jun 30)
- RE: GIMP FIT File Format DoS Morris, Patrick (Jun 29)