oss-sec: by thread
549 messages
starting Oct 02 12 and
ending Dec 31 12
Date index |
Thread index |
Author index
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
- Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Oct 02)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
- Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Oct 02)
- CVE-2012-3504: insecure temporary file usage in genkey perl script Vincent Danen (Oct 02)
- CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 02)
- Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
- Re: CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 03)
- Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
- Re: CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 03)
- Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
- CVE Request: QT CRIME vulnerability Seth Arnold (Oct 02)
- Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 02)
- Re: CVE Request: QT CRIME vulnerability cve-assign (Oct 08)
- Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 02)
- CVE Rejection: CVE-2012-5239 - Wireshark DRDA dissector infinite loop Huzaifa Sidhpurwala (Oct 03)
- CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Jan Lieskovsky (Oct 03)
- Re: cgit: heap buffer overflow Kurt Seifried (Oct 03)
- CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Petr Matousek (Oct 03)
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
- <Possible follow-ups>
- CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)
- Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
- CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
- Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
- CVE request for Drupal contributed modules Forest Monsen (Nov 28)
- Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 28)
- Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
- CVE Request: html2ps Marc Deslauriers (Oct 05)
- Re: CVE Request: html2ps Kurt Seifried (Oct 05)
- Re: CVE Request: html2ps Moritz Muehlenhoff (Oct 07)
- Re: CVE Request: html2ps Kurt Seifried (Oct 05)
- CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Jan Lieskovsky (Oct 05)
- Security contact for scan-view component of clang Tim Brown (Oct 05)
- CVE Request: Python keyring Marc Deslauriers (Oct 05)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
- Re: CVE Request: Python keyring Kurt Seifried (Oct 31)
- <Possible follow-ups>
- CVE Request: Python keyring Marc Deslauriers (Nov 16)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Matthias Weckbecker (Nov 22)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
- CVE request: LetoDMS, more issues Raphael Geissert (Oct 05)
- Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 30)
- Re: Re: CVE request: LetoDMS, more issues Kurt Seifried (Oct 31)
- Re: Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 31)
- Re: Re: CVE request: LetoDMS, more issues Kurt Seifried (Oct 31)
- Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 30)
- CVE request: piwigo XSS in password.php Raphael Geissert (Oct 05)
- Re: CVE request: piwigo XSS in password.php Kurt Seifried (Oct 18)
- CVE-request for piwigo issues (second request) Henri Salo (Oct 06)
- Re: CVE-request for piwigo issues (second request) Kurt Seifried (Oct 18)
- password hashing Solar Designer (Oct 06)
- Re: password hashing Josh Bressers (Oct 08)
- Re: password hashing Solar Designer (Oct 09)
- Re: password hashing Josh Bressers (Oct 10)
- Re: password hashing Solar Designer (Oct 09)
- Re: password hashing Josh Bressers (Oct 08)
- CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 07)
- Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 09)
- Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 09)
- Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 19)
- Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 09)
- Re: CVE request for Ushahidi Robbie MacKay (Oct 07)
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)
- [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation Timo Warns (Oct 08)
- Claws-mail security issue in message processing Jérôme Benoit (Oct 09)
- CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Jérôme Benoit (Oct 09)
- Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Kurt Seifried (Oct 09)
- Linux kernel stack memory content leak via UNAME26 Kees Cook (Oct 09)
- CVE Request: gitolite path traversal vulnerability Eitan Adler (Oct 09)
- Re: CVE Request: gitolite path traversal vulnerability Kurt Seifried (Oct 09)
- CVE request: sSMTP doesn't validate server certificates Laurent Bigonville (Oct 10)
- Re: CVE request: sSMTP doesn't validate server certificates Vincent Danen (Oct 11)
- Re: CVE request: sSMTP doesn't validate server certificates Kurt Seifried (Oct 11)
- Re: CVE request: sSMTP doesn't validate server certificates Vincent Danen (Oct 11)
- Fwd: IPv6 DOS vulnerabilities Marc Heuse (Oct 10)
- Re: Fwd: IPv6 DOS vulnerabilities Solar Designer (Oct 10)
- Re: Fwd: IPv6 DOS vulnerabilities cve-assign (Oct 10)
- CVE request: libsocialweb untrusted connection to flickr Vincent Danen (Oct 10)
- Re: CVE request: libsocialweb untrusted connection to flickr Kurt Seifried (Oct 10)
- Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Tim Brown (Oct 10)
- Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 10)
- Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
- Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
- Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
- Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 10)
- CVE-2012-5377 through CVE-2012-5383: Windows PATH issues affecting some open-source products cve-assign (Oct 11)
- CVE request: Zenphoto admin-news-articles.php date parameter XSS Henri Salo (Oct 11)
- Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS Kurt Seifried (Oct 11)
- CVE Request -- librdmacm (one issue) / ibacm (two issues) Jan Lieskovsky (Oct 11)
- Re: CVE Request -- librdmacm (one issue) / ibacm (two issues) Kurt Seifried (Oct 11)
- libproxy PAC downloading buffer overflows Tomas Hoger (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Tomas Hoger (Oct 16)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Security flaw in cups-pk-helper (CVE-2012-4510) Vincent Untz (Oct 12)
- CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen (Oct 12)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura (Oct 15)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 18)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim (Oct 17)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)
- Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
- SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 14)
- SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Oct 14)
- CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert (Oct 15)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff (Oct 18)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Tim Brown (Oct 20)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
- Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
- CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Matthias Weckbecker (Oct 17)
- CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 17)
- Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 17)
- Re: CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 30)
- Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 31)
- CVE id request: xlockmore vulnerability: local access Ignatios Souvatzis (Oct 17)
- Re: CVE id request: xlockmore vulnerability: local access Kurt Seifried (Oct 17)
- CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Oct 18)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Kurt Seifried (Oct 18)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Steven M. Christey (Nov 19)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Nov 20)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Matthias Weckbecker (Nov 22)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Attila Bogár (Nov 22)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Steven M. Christey (Nov 19)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert (Oct 18)
- Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Kurt Seifried (Oct 18)
- Re: Re: CVE for Virtualbox 0x8 DoS? halfdog (Oct 18)
- CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 19)
- Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() Kurt Seifried (Oct 19)
- F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 19)
- Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Gary Driggs (Oct 21)
- Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Tim Brown (Oct 21)
- Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Solar Designer (Oct 21)
- CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 20)
- Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 20)
- CVE request: XSS in piwik before 1.9 Hanno Böck (Oct 21)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Solar Designer (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
- Re: CVE request: XSS in piwik before 1.9 Stuart Henderson (Oct 24)
- Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)
- Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
- Wrong affected version in the CVE-2012-4511 Agostino Sarubbo (Oct 23)
- VLC 2.0.3 libpng_plugin CVE-2012-5470 cve-assign (Oct 24)
- CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure Petr Matousek (Oct 24)
- CVE request: awstats before 7.1 awredir.pl vulnerability Hanno Böck (Oct 25)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 25)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Vincent Danen (Oct 29)
- Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 25)
- Medium severity flaw with Perl 5 Tim Brown (Oct 26)
- Re: Medium severity flaw with Perl 5 Eitan Adler (Oct 27)
- Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Oct 26)
- Strange CVE situation (at least one ID should come of this) Josh Bressers (Oct 26)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Raphael Geissert (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Dec 03)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Solar Designer (Oct 26)
- CVE Request: cgit command injection Jason A. Donenfeld (Oct 27)
- Re: CVE Request: cgit command injection Kurt Seifried (Oct 27)
- CVE request: use-after-free in libunity-webapps Chris Coulson (Oct 28)
- Re: CVE request: use-after-free in libunity-webapps Kurt Seifried (Oct 29)
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- <Possible follow-ups>
- CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
- Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)
- CVE request: Drupal SA-CORE-2012-003 Moritz Muehlenhoff (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Greg Knaddison (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)
- Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
- VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Sean Amoss (Oct 29)
- RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Christey, Steven M. (Oct 30)
- CVE Request: Django Seth Arnold (Oct 29)
- Re: CVE Request: Django Moritz Mühlenhoff (Oct 29)
- Re: CVE Request: Django Kurt Seifried (Oct 29)
- Re: CVE Request: Django Moritz Mühlenhoff (Oct 29)
- CVE request: XSS is Google Web Toolkit (GWT) David Jorm (Oct 29)
- Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 29)
- Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 30)
- Medium risk security flaws in Konqueror Tim Brown (Oct 30)
- libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
- Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)
- CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Petr Matousek (Oct 31)
- Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Kurt Seifried (Oct 31)
- CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Vincent Danen (Nov 01)
- Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Marcus Meissner (Nov 02)
- Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Caolán McNamara (Nov 02)
- Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Marcus Meissner (Nov 02)
- libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Huzaifa Sidhpurwala (Nov 02)
- CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Jan Lieskovsky (Nov 02)
- Dokeos 2.1.1 XSS CVE-2012-5776 cve-assign (Nov 02)
- YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 05)
- RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Christey, Steven M. (Nov 05)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Jan Lieskovsky (Nov 06)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 06)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure cve-assign (Nov 16)
- Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 04)
- Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 05)
- Re: Request for linux-distros () vs openwall org membership Henri Salo (Nov 05)
- Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 05)
- Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership John Haxby (Nov 06)
- Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 05)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 09)
- Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 10)
- Re: Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 12)
- Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 14)
- Re: Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 12)
- Re: Request for linux-distros () vs openwall org membership Henri Salo (Nov 05)
- Re: operator new[] overflow checking in G++ Florian Weimer (Nov 05)
- TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 05)
- Re: TTY handling when executing code in different lower-privileged context (su, virt containers) vladz (Nov 06)
- <Possible follow-ups>
- Re: TTY handling when executing code in different lower-privileged context (su, virt containers) David Black (Nov 06)
- Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Marcus Meissner (Nov 06)
- gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers Huzaifa Sidhpurwala (Nov 05)
- CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Petr Matousek (Nov 06)
- CVE Request -- axis2, axis2c Seth Arnold (Nov 06)
- Re: CVE Request -- axis2, axis2c David Jorm (Nov 06)
- CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Jan Lieskovsky (Nov 07)
- Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix cve-assign (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 09)
- RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Christey, Steven M. (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
- Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)
- IcedTea-Web CVE-2012-4540 Tomas Hoger (Nov 07)
- [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 07)
- Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 08)
- Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Kurt Seifried (Nov 08)
- Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 08)
- CVE request --- acceptation of overlapping ipv6 fragments Petr Matousek (Nov 08)
- Re: CVE request --- acceptation of overlapping ipv6 fragments Kurt Seifried (Nov 09)
- [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 Russell Bryant (Nov 09)
- CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky (Nov 10)
- CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings Jan Lieskovsky (Nov 10)
- Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
- Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
- Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
- Re: Privilege escalation (lpadmin -> root) in cups Kurt Seifried (Nov 10)
- Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
- Re: Privilege escalation (lpadmin -> root) in cups Sean Amoss (Nov 13)
- Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
- CVE request: TYPO3-CORE-SA-2012-005 Florian Weimer (Nov 10)
- Re: CVE request: TYPO3-CORE-SA-2012-005 Kurt Seifried (Nov 10)
- CVE request -- vdsm: certificate generation upon node creation Petr Matousek (Nov 10)
- Re: CVE request -- vdsm: certificate generation upon node creation Kurt Seifried (Nov 10)
- CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 10)
- Gajim fails to handle invalid certificates y33t (Nov 11)
- Re: Gajim fails to handle invalid certificates Kurt Seiifried (Nov 13)
- Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 14)
- Re: Gajim fails to handle invalid certificates Kurt Seifried (Nov 14)
- Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 23)
- Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 14)
- Re: Gajim fails to handle invalid certificates Kurt Seiifried (Nov 13)
- VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855 cve-assign (Nov 12)
- Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability Xen . org security team (Nov 13)
- Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability Xen . org security team (Nov 13)
- Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability Xen . org security team (Nov 13)
- Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability Xen . org security team (Nov 13)
- Xen Security Advisory 25 (CVE-2012-4544,CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Nov 13)
- Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability Xen . org security team (Nov 13)
- CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
- CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
- Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 cve-assign (Nov 15)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
- Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
- Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
- [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
- Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
- Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky (Nov 14)
- Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz (Nov 14)
- Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky (Nov 14)
- Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
- CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky (Nov 14)
- Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Nov 14)
- Re: Linux kernel handling of IPv6 temporary addresses Greg KH (Nov 14)
- Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Dec 04)
- Re: Linux kernel handling of IPv6 temporary addresses Ludwig Nussel (Dec 05)
- Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Dec 04)
- Re: Linux kernel handling of IPv6 temporary addresses Greg KH (Nov 14)
- Re: Vulnerabilities in Oki CUPS printer drivers Kurt Seifried (Nov 14)
- Re: Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster (Nov 14)
- HT Editor 2.0.20 buffer overflows CVE-2012-5867 cve-assign (Nov 14)
- Fwd: [ANNOUNCE] CGIT v0.9.1 Released Jason A. Donenfeld (Nov 14)
- CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Jan Lieskovsky (Nov 15)
- CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 15)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Kurt Seifried (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
- Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
- Moodle security notifications public Michael de Raadt (Nov 18)
- Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Guido Berhoerster (Nov 19)
- Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Kurt Seifried (Nov 19)
- libssh 0.5.3 release fixes multiple security issues Vincent Danen (Nov 20)
- lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler (Nov 21)
- CVE Request: Gimp memory corruption vulnerability Andrés Gómez Ramírez (Nov 21)
- Re: CVE Request: Gimp memory corruption vulnerability Kurt Seifried (Nov 26)
- CVE Request -- android-tools (server): Insecure temporary file used for logging Jan Lieskovsky (Nov 23)
- Re: CVE Request -- android-tools (server): Insecure temporary file used for logging Kurt Seifried (Nov 23)
- CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Jan Lieskovsky (Nov 23)
- Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Kurt Seifried (Nov 23)
- [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 23)
- Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Jan Lieskovsky (Nov 27)
- Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 27)
- Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Steven M. Christey (Nov 27)
- Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 27)
- Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Jan Lieskovsky (Nov 27)
- CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)
- CVE Request: slowloris for tomcat David Jorm (Nov 25)
- Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 25)
- Re: Security issue in icecast Moritz Naumann (Nov 26)
- CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Jan Lieskovsky (Nov 26)
- CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
- Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)
- Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
- Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)
- Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
- Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
- tor DoS via SENDME cells Vincent Danen (Nov 26)
- Re: tor DoS via SENDME cells Kurt Seifried (Nov 26)
- CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Jan Lieskovsky (Nov 26)
- CVE request: libproxy issue Matthias Weckbecker (Nov 27)
- Re: CVE request: libproxy issue Tomas Hoger (Nov 27)
- Re: CVE request: libproxy issue Kurt Seifried (Nov 27)
- Re: CVE request: libproxy issue Tomas Hoger (Nov 27)
- CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Sebastian Krahmer (Nov 28)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
- rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- Re: rssh: incorrect filtering of command line options Derek Martin (Nov 27)
- Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
- libtiff: Stack based buffer overflow when handling DOTRANGE tags Huzaifa Sidhpurwala (Nov 27)
- [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571) Thierry Carrez (Nov 28)
- [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563) Thierry Carrez (Nov 28)
- CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky (Nov 29)
- Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried (Nov 29)
- CVE request for Ushahidi security vulnerability 2012-008 Robbie Mackay (Nov 29)
- Re: CVE request for Ushahidi security vulnerability 2012-008 Kurt Seifried (Dec 03)
- CVE Request: owncloud Jamie Strandboge (Nov 30)
- Re: CVE Request: owncloud Kurt Seifried (Nov 30)
- Re: [security] [oss-security] CVE Request: owncloud Lukas Reschke (Nov 30)
- <Possible follow-ups>
- CVE request: ownCloud Lukas Reschke (Dec 21)
- Re: CVE request: ownCloud Kurt Seifried (Dec 21)
- Re: CVE Request: owncloud Kurt Seifried (Nov 30)
- CVE request: TSK misrepresents "." files on FAT filesystems Timo Warns (Dec 01)
- Re: CVE request: TSK misrepresents "." files on FAT filesystems Kurt Seifried (Dec 03)
- Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 01)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 03)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Steven M. Christey (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 02)
- Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
- CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 03)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 03)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Moritz Muehlenhoff (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
- Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 03)
- CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Jan Lieskovsky (Dec 03)
- Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability Xen . org security team (Dec 03)
- Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak Xen . org security team (Dec 03)
- Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs Xen . org security team (Dec 03)
- Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values Xen . org security team (Dec 03)
- Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Xen . org security team (Dec 03)
- Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Steven M. Christey (Dec 13)
- Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory Xen . org security team (Dec 03)
- Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand() Xen . org security team (Dec 03)
- CVE-2012-5468: bogofilter-SA-2012-01 Matthias Andree (Dec 03)
- CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Jan Lieskovsky (Dec 04)
- Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Kurt Seifried (Dec 04)
- CVE request: Mysql/Mariadb insecure salt-usage Huzaifa Sidhpurwala (Dec 04)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Kurt Seifried (Dec 06)
- Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)
- CVE-2012-6302 Soapbox 0.3.1 sandbox bypass cve-assign (Dec 10)
- CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows cve-assign (Dec 10)
- CVE-2012-6306 HCView Write Access Violation with GIF file cve-assign (Dec 10)
- CVE-2012-6307 JPEGsnoop Write Access Violation with JPEG file cve-assign (Dec 10)
- CVE-2012-6309 Arctic Torrent crash with .torrent file cve-assign (Dec 10)
- TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 10)
- Re: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 29)
- CVE request: opus codec before 1.0.2 Hanno Böck (Dec 11)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
- Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
- Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
- CVE request: perl-modules Jamie Strandboge (Dec 11)
- Re: CVE request: perl-modules Kurt Seifried (Dec 11)
- <Possible follow-ups>
- Re: CVE request: perl-modules cve-assign (Dec 12)
- [OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625) Thierry Carrez (Dec 11)
- CVE request: thttpd: Denial of Service (App. crash, local) Matthias Weckbecker (Dec 12)
- Re: CVE request: thttpd: Denial of Service (App. crash, local) Henri Salo (Dec 12)
- Re: CVE request: thttpd: Denial of Service (App. crash, local) Kurt Seifried (Dec 14)
- Due to Nagios (core) 3.4.3 history.cgi crash (fulldisclosure/2012/Dec/107 post) Jan Lieskovsky (Dec 12)
- Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Frank Lanitz (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Eitan Adler (Dec 12)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Colomban Wendling (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Matthew Brush (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
- Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
- Robust XML validation Florian Weimer (Dec 12)
- Re: Robust XML validation Timo Warns (Dec 13)
- Re: Robust XML validation Tim (Dec 13)
- Re: Robust XML validation Timo Warns (Dec 13)
- Re: Robust XML validation Florian Weimer (Dec 14)
- Re: Robust XML validation Tim (Dec 13)
- Re: Robust XML validation Timo Warns (Dec 13)
- CVE-2012-5617: gksu-polkit privileged code execution with unprivileged credentials Vincent Danen (Dec 12)
- Remote file inclusion by office applications Timo Warns (Dec 13)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
- Re: Remote file inclusion by office applications Timo Warns (Dec 13)
- Re: Remote file inclusion by office applications Daniel Kahn Gillmor (Dec 13)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
- Re: Remote file inclusion by office applications Tim Brown (Dec 13)
- Re: Remote file inclusion by office applications Florian Weimer (Dec 14)
- Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
- pacemaker strcmp Simon . (Dec 13)
- Re: pacemaker strcmp Kurt Seifried (Dec 14)
- CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues cve-assign (Dec 13)
- CVE for tog-pegasus Hash DoS issue from 2011 Kurt Seifried (Dec 13)
- CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Vincent Danen (Dec 17)
- Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Kurt Seifried (Dec 17)
- CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Jan Lieskovsky (Dec 17)
- Django 1.3.5, Django 1.4.3, and Django 1.5 beta 2 Security Update Kurt Seifried (Dec 17)
- CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire (Dec 17)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
- Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Kurt Seifried (Dec 19)
- Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
- Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
- CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky (Dec 18)
- [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 19)
- Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 20)
- CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 19)
- Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 29)
- Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Kurt Seifried (Dec 29)
- Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 29)
- CVE request for Drupal core, and contributed modules Forest Monsen (Dec 19)
- Re: CVE request for Drupal core, and contributed modules Kurt Seifried (Dec 19)
- CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Vincent Danen (Dec 19)
- Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Kurt Seifried (Dec 19)
- Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari (Dec 20)
- Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 21)
- Re: Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 29)
- Re: Isearch insecure temporary files Henri Salo (Dec 30)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 30)
- Re: Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 21)
- CVE Request: grep Seth Arnold (Dec 21)
- Re: CVE Request: grep Paul Eggert (Dec 21)
- Re: CVE Request: grep Kurt Seifried (Dec 21)
- About CVE-2012-5645 Marko Lindqvist (Dec 21)
- Re: About CVE-2012-5645 Kurt Seifried (Dec 29)
- Re: About CVE-2012-5645 Marko Lindqvist (Dec 30)
- Re: About CVE-2012-5645 Kurt Seifried (Dec 30)
- Re: About CVE-2012-5645 Marko Lindqvist (Dec 30)
- Re: About CVE-2012-5645 Kurt Seifried (Dec 29)
- CVE Request - Multiple security fixes in freetype - 2.4.11 Huzaifa Sidhpurwala (Dec 24)
- Re: CVE Request - Multiple security fixes in freetype - 2.4.11 Kurt Seifried (Dec 24)
- CVE request: Jenkins Moritz Muehlenhoff (Dec 27)
- Re: CVE request: Jenkins Kurt Seifried (Dec 27)
- CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 28)
- Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 28)
- Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
- Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
- Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 29)
- Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
- Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 28)
- Inkscape reads .eps files from /tmp instead of the current directory Salvatore Bonaccorso (Dec 29)
- Re: Inkscape reads .eps files from /tmp instead of the current directory Kurt Seifried (Dec 29)
- CVE request: MoinMoin Wiki (remote code execution vulnerability) Tilmann Haak (Dec 29)
- Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Kurt Seifried (Dec 29)
- CVE request: MoinMoin Wiki (XSS in rss link) Tilmann Haak (Dec 29)
- Re: CVE request: MoinMoin Wiki (XSS in rss link) Kurt Seifried (Dec 29)
- CVE request: MoinMoin Wiki (path traversal vulnerability) Tilmann Haak (Dec 29)
- Re: CVE request: MoinMoin Wiki (path traversal vulnerability) Kurt Seifried (Dec 29)
- 2012 close out/cleanup Kurt Seifried (Dec 29)
- CVE request (maybe): magento before 1.7.0.2 Hanno Böck (Dec 31)
- Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Henri Salo (Dec 31)
- Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Moritz Naumann (Dec 31)
- Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Hanno Böck (Dec 31)
- Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Emanuele (Dec 31)
- Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Moritz Naumann (Dec 31)
- Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Mustapha Rabiu (Dec 31)
- Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Kurt Seifried (Dec 31)
- CVE Request: Charybdis and ircd-ratbox remote crash flaw Huzaifa Sidhpurwala (Dec 31)
- Re: CVE Request: Charybdis and ircd-ratbox remote crash flaw Kurt Seifried (Dec 31)
- Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Dec 31)