oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

648 messages starting Apr 08 13 and ending Jun 05 13
Date index | Thread index | Author index

Adam D. Barratt

Re: cve request: util-linux Adam D. Barratt (Apr 08)

Agostino Sarubbo

CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Agostino Sarubbo (Apr 22)
CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Agostino Sarubbo (Apr 17)
Re: CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Agostino Sarubbo (May 16)
CVE request: resin: Cross site scripting Agostino Sarubbo (Jun 11)
CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Agostino Sarubbo (May 21)
CVE request: monkeyd Denial of Service Agostino Sarubbo (May 31)

Alan Coopersmith

Re: upstream source code authenticity checking Alan Coopersmith (Apr 21)
CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Alan Coopersmith (Jun 11)
Re: upstream source code authenticity checking Alan Coopersmith (May 02)
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries Alan Coopersmith (May 23)

Alexander Bergmann

Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)

Alexander Cherepanov

Re: CVE request: WordPress 3.5.1 denial of service vulnerability Alexander Cherepanov (Jun 12)

Alexandre Rebert

Re: 1.2k bug reports for Debian, some may be security Alexandre Rebert (Jun 27)

Alistair Crooks

Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
Re: upstream source code authenticity checking Alistair Crooks (Apr 25)
Re: upstream source code authenticity checking Alistair Crooks (Apr 21)
Re: upstream source code authenticity checking Alistair Crooks (Apr 26)
Re: upstream source code authenticity checking Alistair Crooks (May 02)
Re: upstream source code authenticity checking Alistair Crooks (Apr 21)
Re: upstream source code authenticity checking Alistair Crooks (Apr 24)
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Alistair Crooks (Apr 25)

Allan McRae

Re: upstream source code authenticity checking Allan McRae (Apr 24)
Re: upstream source code authenticity checking Allan McRae (Apr 21)
Request for linux-distros list membership Allan McRae (Apr 20)
Re: upstream source code authenticity checking Allan McRae (Apr 21)
Re: Request for linux-distros list membership Allan McRae (Apr 20)

Alyssa Milburn

Multiple vulnerabilities in BOINC Alyssa Milburn (Apr 28)

Anant Shrivastava

CVE for XSS in EasyPHPCalender script Anant Shrivastava (Apr 12)

Andi Kleen

Re: CVE Request: More perf security fixes Andi Kleen (Jun 05)
Re: CVE Request: More perf security fixes Andi Kleen (Jun 04)

Andrés Gómez Ramírez

Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
Flightgear remote format string Andrés Gómez Ramírez (Apr 30)
Re: Flightgear remote format string Andrés Gómez Ramírez (May 02)
Re: Flightgear remote format string Andrés Gómez Ramírez (May 01)

Andrew Alexeev

nginx security advisory (CVE-2013-2070) Andrew Alexeev (May 13)
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Andrew Alexeev (Apr 29)
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Andrew Alexeev (Apr 26)
nginx security advisory (CVE-2013-2028) Andrew Alexeev (May 07)

Andrew Nacin

Re: CVE request: WordPress 3.5.1 denial of service vulnerability Andrew Nacin (Jun 12)

Andy Lutomirski

Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 15)
Re: Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 16)
Multiple Linux setuid output redirection vulnerabilities Andy Lutomirski (Apr 28)
Summary of security bugs (now fixed) in user namespaces Andy Lutomirski (Apr 13)

Athmane Madjoudj

Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj (Apr 09)
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj (Apr 09)

Bastien ROUCARIES

New vulnerabilty in imagemagick Bastien ROUCARIES (Apr 07)

Breno Silva

Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 09)
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 09)
Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva (Apr 08)

Brian C. Lane

CVE-2013-2069 livecd-tools: improper handling of passwords Brian C. Lane (May 23)

Brian Martin

re: Summary of security bugs (now fixed) in user namespaces Brian Martin (Apr 15)

chevalier 3as

CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as (May 11)
Re: CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as (May 11)

Christey, Steven M.

RE: Flightgear remote format string Christey, Steven M. (May 02)
RE: OS command injection vulnerability in Chicken Scheme Christey, Steven M. (Apr 29)
RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M. (Jun 14)
RE: CVE request: Debian's package "mysql-server" leaks credential information Christey, Steven M. (Jun 09)
RE: Confused with Drupal CVEs Christey, Steven M. (Apr 04)

Corey Bryant

Re: Re: Security vulnerability tools Corey Bryant (Apr 01)
Re: Re: Security vulnerability tools Corey Bryant (Apr 01)

cve-assign

Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
Re: Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 22)
Re: CVE request: monkeyd Denial of Service cve-assign (May 31)
Re: CVE request - Linux kernel: tracing NULL pointer dereference cve-assign (Apr 28)
CVE assignments for Wireshark 1.8.7 and 1.6.15 cve-assign (May 20)
Re: CVE request: Linux kernel: cifs: NULL pointer dereference cve-assign (Apr 28)
CVE-2013-3221 can also relate to Microsoft SQL Server and IBM DB2 cve-assign (Apr 24)
Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes cve-assign (May 20)

Dag-Erling Smørgrav

Re: upstream source code authenticity checking Dag-Erling Smørgrav (Apr 26)
Advisory dates Dag-Erling Smørgrav (Apr 24)
Re: Advisory dates Dag-Erling Smørgrav (Apr 25)
Re: upstream source code authenticity checking Dag-Erling Smørgrav (Apr 26)

Damien Regad

Re: Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)
Multiple CVE requests for MantisBT Damien Regad (Apr 04)
Re: Multiple CVE requests for MantisBT Damien Regad (Apr 08)

Dan Carpenter

Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter (Apr 08)

Daniel Kahn Gillmor

Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Daniel Kahn Gillmor (Apr 17)
general Krb5 DNS vulnerabilities (e.g. krb5 web auth)? [was: Re: [oss-security] CVE request: rpc-gssd is vulnerable to DNS spoofing] Daniel Kahn Gillmor (Jun 28)
Re: upstream source code authenticity checking Daniel Kahn Gillmor (Apr 25)
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Daniel Kahn Gillmor (Jun 05)
partial signed message verification in MUAs [was: Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data] Daniel Kahn Gillmor (Apr 18)
OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Daniel Kahn Gillmor (May 02)
Re: CVE request: Debian's package "mysql-server" leaks credential information Daniel Kahn Gillmor (Jun 08)
Re: upstream source code authenticity checking Daniel Kahn Gillmor (Apr 30)
Re: upstream source code authenticity checking Daniel Kahn Gillmor (May 04)
Re: CVE-2013-2097: zPanel themes remote command execution as root Daniel Kahn Gillmor (May 16)

Dan Rosenberg

CVE request: Multiple issues in GNU ZRTPCPP Dan Rosenberg (Jun 29)

Dave Walker

Re: Thoughts on a vuln/CVE? Dave Walker (Jun 18)

David Jorm

Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm (Apr 30)

Derek Wright

Re: [security] [oss-security] CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Derek Wright (Jun 04)

Doraemon Sk8ers

Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers (Apr 16)
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers (May 10)
Fwd: Multiple Vulnerabilities in Simple HRM system v2.3 and below Doraemon Sk8ers (Apr 16)

Eric H. Christensen

Re: upstream source code authenticity checking Eric H. Christensen (Apr 24)
Re: upstream source code authenticity checking Eric H. Christensen (Apr 29)

Eric S. Raymond

Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 07)
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond (May 02)

Eugene Teo

Re: CVE Request: linux kernel perf out-of-bounds access Eugene Teo (May 14)

Felipe Pena

Broken authentication on Monkey HTTPD Auth plugin Felipe Pena (Jun 07)
CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Felipe Pena (Jun 14)
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)
CVE request: Monkey HTTPD - DoS due bug on Range header handling Felipe Pena (Jun 07)
CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena (Jun 14)
CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena (Jun 14)

Felix Gröbert

Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert (Apr 27)

Florian Weimer

Re: CVE request: Debian's package "mysql-server" leaks credential information Florian Weimer (Jun 10)
Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
Re: CVE-2013-1900 looks like an OpenSSL bug Florian Weimer (Apr 12)
CVE request: gnome-shell crash, screen unlock on resume Florian Weimer (Jun 18)
Re: nginx security advisory (CVE-2013-2028) Florian Weimer (May 07)
Re: Summary of security bugs (now fixed) in user namespaces Florian Weimer (Apr 16)
Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Apr 03)
CVE-2013-1900 looks like an OpenSSL bug Florian Weimer (Apr 12)
Re: Thoughts on a vuln/CVE? Florian Weimer (Jun 18)
Re: upstream source code authenticity checking Florian Weimer (Apr 26)

Forest Monsen

CVE request for a Drupal contributed module Forest Monsen (May 15)
CVE Request for Drupal contributed module Forest Monsen (May 01)
Drupal contrib CVE Forest Monsen (May 29)
CVE request for Drupal contrib module Forest Monsen (Jun 12)
CVE request for Drupal contributed modules Forest Monsen (May 29)
CVE request for Drupal contributed module Forest Monsen (Jun 06)
CVE request for Drupal contributed modules Forest Monsen (Apr 03)
CVE request for Drupal contributed module Forest Monsen (Jun 19)
CVE request for Drupal contributed modules Forest Monsen (Apr 17)

Garth Mollett

Re: KDE Paste Applet Garth Mollett (Jun 26)

Geoff Keating

Re: Any info on dovecot CVE-2010-0535? Geoff Keating (Apr 08)

George Theall

Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability George Theall (May 14)
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)

Gerhard Rieger

socat security advisory 4 - CVE-2013-3571 Gerhard Rieger (May 26)

Gilles Chehade

Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 18)
Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade (May 19)

Greg KH

Re: CVE Request: Linux - ext4 support Greg KH (Jun 17)
Re: CVE Request: Linux - ext4 support Greg KH (Jun 17)
Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
Re: CVE Request: linux kernel perf out-of-bounds access Greg KH (May 14)
Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Greg KH (May 06)
Re: Linux kernel format string flaws Greg KH (Jun 06)

gremlin

Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 10)
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin (Jun 08)

Hanno Böck

Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Hanno Böck (May 01)
Re: WP-Super-Cache XSS and Remote Code Exec Hanno Böck (Apr 24)

Henri Salo

Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo (Apr 17)
CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo (May 16)
Re: CVE request: WordPress advanced-xml-reader XXE Henri Salo (Jun 05)
Confused with Drupal CVEs Henri Salo (Apr 04)
Re: CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo (May 18)
Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
Re: CVE request: Debian's package "mysql-server" leaks credential information Henri Salo (Jun 10)
CVE request: WordPress plugin uk-cookie CSRF Henri Salo (Jun 06)
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo (May 18)
CVE request: Gallery multiple XSS vulnerabilities Henri Salo (May 13)
Re: plone, rrdtool, zenoss bugs Henri Salo (May 19)
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo (May 16)
CVE request: WordPress plugin mail-on-update CSRF Henri Salo (May 16)
Joomla URL change Henri Salo (Jun 05)
CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Henri Salo (Jun 04)
Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo (Apr 24)
CVE request: WordPress 3.5.1 denial of service vulnerability Henri Salo (Jun 11)
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
Re: plone, rrdtool, zenoss bugs Henri Salo (May 24)
CVE request: WordPress advanced-xml-reader XXE Henri Salo (May 05)

Huzaifa Sidhpurwala

Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Huzaifa Sidhpurwala (May 22)
Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled Huzaifa Sidhpurwala (Apr 18)
Fwd: Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala (May 01)

Jan Lieskovsky

CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Jan Lieskovsky (May 20)
[NOTIFICATION] strongSwan-5.0.4 correcting ECDSA flaw (CVE-2013-2944) Jan Lieskovsky (Apr 30)
CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file Jan Lieskovsky (Apr 18)
CVE Request -- python-suds: Insecure temporary directory use when initializing file-based URL cache Jan Lieskovsky (Jun 27)
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 03)
CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks Jan Lieskovsky (Jun 04)
[CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate Jan Lieskovsky (Jun 19)
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 07)
Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky (Apr 24)
Re: CVE Request: cgit directory traversal Jan Lieskovsky (May 27)
CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Jan Lieskovsky (May 22)
CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Jan Lieskovsky (Jun 28)
CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Jan Lieskovsky (Jun 21)
CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Jan Lieskovsky (May 29)
CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky (Apr 03)
CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky (May 15)
[CVE assignment notification] CVE-2013-1950 libtirpc: Invalid pointer free leads to rpcbind daemon crash (A different vulnerability than CVE-2003-0028) Jan Lieskovsky (Apr 22)
CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Jan Lieskovsky (May 15)
CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky (Jun 24)
CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky (May 02)
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky (Apr 09)
[Notification] CVE-2013-2765 mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used Jan Lieskovsky (May 28)
CVE Request -- autojump: autojump profile will load random stuff from a directory called custom_install Jan Lieskovsky (Apr 25)
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Jan Lieskovsky (May 22)

Jason A. Donenfeld

Re: CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
CVE Request: Man in the middle on Gentoo Portage binary package installer Jason A. Donenfeld (May 15)
chroots & uid sharing Jason A. Donenfeld (Jun 06)
Re: chroots & uid sharing Jason A. Donenfeld (Jun 06)
Re: CVE Request: cgit directory traversal Jason A. Donenfeld (May 27)
CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld (May 18)
Re: CVE Request: cgit directory traversal Jason A. Donenfeld (May 27)
CVE Request: cgit directory traversal Jason A. Donenfeld (May 25)

Jeff Flanigan

Re: Zimbra XSS in aspell.php, CVE request Jeff Flanigan (Apr 09)

Jeff Mitchell

Re: KDE Paste Applet Jeff Mitchell (May 31)

Jeremy Stanley

[OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (May 23)
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
Re: upstream source code authenticity checking Jeremy Stanley (Apr 21)
Re: [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley (Jun 03)
[OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161) Jeremy Stanley (Jun 13)

John Lightsey

Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey (Jun 14)
CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey (May 04)
CVE request: MovableType before 5.2.6 John Lightsey (Jun 13)
CVE Request: Storable::thaw called on cookie data in multiple CPAN modules John Lightsey (May 12)

Jonathan Salwan

Re: CVE Request: Linux - ext4 support Jonathan Salwan (Jun 17)
CVE Request: Linux - ext4 support Jonathan Salwan (Jun 17)
CVE Request: Linux Kernel - Leak information in cdrom driver. Jonathan Salwan (Jun 06)

Josh Bressers

Re: upstream source code authenticity checking Josh Bressers (Apr 25)

Kees Cook

CVE-2013-2850: Linux kernel iSCSI target heap overflow Kees Cook (Jun 01)
Linux kernel format string flaws Kees Cook (Jun 06)

Konrad Rzeszutek Wilk

xen/blkback: Check device permissions before allowing OP_DISCARD Konrad Rzeszutek Wilk (Jun 05)

Kurt Seifried

Re: CVE request: WordPress plugin uk-cookie CSRF Kurt Seifried (Jun 13)
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Kurt Seifried (Apr 08)
Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried (Jun 08)
Re: CVE request: Gallery multiple XSS vulnerabilities Kurt Seifried (May 14)
Re: CVE Request: httplib2 ssl cert incorrect error handling Kurt Seifried (May 01)
Re: 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 26)
Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 04)
Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules Kurt Seifried (May 14)
Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Apr 03)
Re: CVE Request: Linux - ext4 support Kurt Seifried (Jun 17)
Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Kurt Seifried (Apr 25)
Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
Re: CVE request for Drupal contrib module Kurt Seifried (Jun 13)
Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 12)
Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried (May 02)
Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried (Apr 09)
Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Kurt Seifried (May 04)
CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Kurt Seifried (Apr 18)
Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Kurt Seifried (Jun 13)
Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (Apr 29)
Re: CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file Kurt Seifried (Apr 18)
Re: upstream source code authenticity checking Kurt Seifried (Apr 25)
Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried (Jun 14)
Re: Drupal contrib CVE Kurt Seifried (May 29)
Re: upstream source code authenticity checking Kurt Seifried (Apr 25)
Re: CVE request for GLPI Kurt Seifried (Jun 30)
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jun 26)
Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10 Kurt Seifried (Apr 17)
Re: New vulnerabilty in imagemagick Kurt Seifried (Apr 08)
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
CVE-2013-2029: Nagios RPM nagios.upgrade_to_v3.sh Kurt Seifried (Apr 30)
Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Kurt Seifried (May 10)
Re: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Kurt Seifried (May 18)
Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Kurt Seifried (Apr 03)
Re: Advisory dates Kurt Seifried (Apr 24)
CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Kurt Seifried (Jun 21)
Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user Kurt Seifried (Jun 05)
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried (Jun 30)
Re: CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks Kurt Seifried (Jun 04)
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Kurt Seifried (May 24)
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Kurt Seifried (Jun 14)
Re: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Kurt Seifried (May 15)
Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
When does resource consumption become a security vulnerability? Kurt Seifried (May 08)
Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
CVE-2013-2013 - OpenStack keystone password disclosure on command line Kurt Seifried (Apr 25)
Re: CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Kurt Seifried (Jun 04)
Re: Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys Kurt Seifried (Jun 25)
Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Jun 19)
Re: upstream source code authenticity checking Kurt Seifried (May 02)
CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried (May 15)
Re: Flightgear remote format string Kurt Seifried (May 01)
Re: CVE request: Linux kernel: ext4: hang during mount(8) Kurt Seifried (Apr 26)
Re: CVE Request for XSS vulnerability in Ushahidi Web Kurt Seifried (Apr 29)
Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Kurt Seifried (May 15)
Re: upstream source code authenticity checking Kurt Seifried (Apr 26)
Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Kurt Seifried (Apr 22)
Re: CVE Request -- autojump: autojump profile will load random stuff from a directory called custom_install Kurt Seifried (Apr 25)
Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried (Apr 05)
Re: CVE Request: kdelibs Kurt Seifried (May 10)
Re: Flightgear remote format string Kurt Seifried (Apr 30)
Re: CVE request: resin: Cross site scripting Kurt Seifried (Jun 13)
Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 30)
Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Kurt Seifried (Apr 29)
Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
Re: plone, rrdtool, zenoss bugs Kurt Seifried (Apr 18)
CVE-2013-1949 Social Media Widget remote file inclusion Kurt Seifried (Apr 13)
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (May 04)
Re: CVE request for Drupal contributed modules Kurt Seifried (May 29)
Re: autotrace: stack-based buffer overflow in bmp parser Kurt Seifried (Apr 16)
Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried (Jun 30)
Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Kurt Seifried (Jun 14)
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Kurt Seifried (May 10)
Re: Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
Re: CVE request: rpc-gssd is vulnerable to DNS spoofing Kurt Seifried (Apr 04)
Re: chroots & uid sharing Kurt Seifried (Jun 06)
Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Kurt Seifried (Jun 24)
Re: CVE Request: kernel info leak in tkill/tgkill Kurt Seifried (Jun 04)
Re: CVE request: MovableType before 5.2.6 Kurt Seifried (Jun 14)
Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Kurt Seifried (Apr 09)
Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling Kurt Seifried (Jun 10)
Re: Re: CVE Request: Dolibarr - Multiple Vulnerabilities Kurt Seifried (May 14)
Re: CVE Request: More perf security fixes Kurt Seifried (Jun 05)
Re: CVE Request: VLC Buffer Overflow in ASF Demuxer Kurt Seifried (Apr 16)
Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
Re: browser document.cookie DoS vulnerability Kurt Seifried (Apr 08)
A note on CVE assignment timelines Kurt Seifried (Apr 16)
Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
Re: CVE request: password exposure in kdelibs when showing "internal server error" messages Kurt Seifried (May 10)
Re: upstream source code authenticity checking Kurt Seifried (Apr 26)
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 22)
Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried (May 18)
Re: CVE request: GLPI, multiple issues Kurt Seifried (Jun 30)
Re: CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Kurt Seifried (Jun 28)
Re: Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Kurt Seifried (May 20)
Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
Re: memcached remote seg fault Kurt Seifried (Apr 29)
Re: CVE request: gnome-shell crash, screen unlock on resume Kurt Seifried (Jun 18)
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Kurt Seifried (Jun 20)
Re: CVE Request: tg3 VPD firmware -> driver injection Kurt Seifried (Apr 05)
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Kurt Seifried (Jun 12)
Re: CVE Request: cgit directory traversal Kurt Seifried (May 27)
Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried (Apr 29)
Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() Kurt Seifried (Jun 05)
Re: CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Kurt Seifried (Jun 13)
Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Kurt Seifried (May 06)
Re: Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 08)
Re: Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Kurt Seifried (May 01)
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried (May 15)
Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)
Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried (Jun 30)
Re: CVE request for Drupal contributed modules Kurt Seifried (Apr 18)
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried (Apr 29)
Re: Multiple CVE requests for MantisBT Kurt Seifried (Apr 05)
WP-Super-Cache 1.3.1 Remote Code Exec - properly fixed? Kurt Seifried (Apr 24)
Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Kurt Seifried (Apr 12)
Re: CVE request: WordPress plugin mail-on-update CSRF Kurt Seifried (May 18)
CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Kurt Seifried (Apr 23)
Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried (Apr 16)
Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried (May 18)
Re: plone, rrdtool, zenoss bugs Kurt Seifried (May 24)
Re: CVE request: znc: null pointer dereference in webadmin Kurt Seifried (May 30)
Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried (Apr 29)
Re: CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Kurt Seifried (Apr 03)
Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried (May 04)
Re: 1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 30)
Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried (May 31)
Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried (Apr 17)
Re: CVE Request for Drupal contributed module Kurt Seifried (May 01)
Thoughts on a vuln/CVE? Kurt Seifried (Jun 17)
1.2k bug reports for Debian, some may be security Kurt Seifried (Jun 26)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Kurt Seifried (Apr 05)
Re: CVE request for Drupal contributed module Kurt Seifried (Jun 06)
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
Re: CVE request for a Drupal contributed module Kurt Seifried (May 15)
Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Kurt Seifried (Jun 20)
Re: KDE Paste Applet Kurt Seifried (May 29)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jun 26)
Re: Remote command injection md2pdf ruby gem Kurt Seifried (Apr 13)
Re: CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Kurt Seifried (Apr 16)
Re: KDE Paste Applet Kurt Seifried (Jun 25)
Re: CVE request: Multiple issues in GNU ZRTPCPP Kurt Seifried (Jun 30)
Re: Remote command Injection in Creme Fraiche 0.6 Ruby Gem Kurt Seifried (May 14)
Re: CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) Kurt Seifried (May 29)
Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried (May 18)
Re: CVE request -- Linux kernel: veth: double-free in case of congestion Kurt Seifried (Apr 29)
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried (Apr 03)
Re-emergence of CVE-2008-4796 in Nagios current Kurt Seifried (Apr 30)
Re: CVE request: MediaWiki chunked uploads vulnerability Kurt Seifried (May 24)
Re: xen/blkback: Check device permissions before allowing OP_DISCARD Kurt Seifried (Jun 05)
CVE-2013-2060 OpenShift Origin: Potential remote command execution vulnerability in download cart url Kurt Seifried (May 06)
W3 Total Cache 0.9.2.8 Remote Code Exec Kurt Seifried (Apr 24)
Re: CVE Request: libimobiledevice insecure /tmp use Kurt Seifried (Jun 04)
Re: CVE Request: pwgen Kurt Seifried (May 24)
Re: CVE Request: Linux Kernel - Leak information in cdrom driver. Kurt Seifried (Jun 10)
memcached remote seg fault Kurt Seifried (Apr 29)
Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried (Apr 18)
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried (Jun 30)
Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried (Apr 18)
More zPanel security flaws? Trying to sort them out Kurt Seifried (May 18)
Re: CVE Request: linux kernel perf out-of-bounds access Kurt Seifried (May 15)
Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried (Jun 08)
WP-Super-Cache XSS and Remote Code Exec Kurt Seifried (Apr 24)
Re: CVE request for Drupal contributed module Kurt Seifried (Jun 20)
Re: CVE for XSS in EasyPHPCalender script Kurt Seifried (Apr 16)
Re: Multiple vulnerabilities in BOINC Kurt Seifried (Apr 29)
Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Kurt Seifried (May 29)
Re: Thoughts on a vuln/CVE? Kurt Seifried (Jun 18)
Re: CVE Request -- python-suds: Insecure temporary directory use when initializing file-based URL cache Kurt Seifried (Jun 27)
Re: CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried (May 16)
Re: CVE Request: SPIP privilege escalation Kurt Seifried (May 27)

larry Cashdollar

Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)
Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar (Jun 08)

Larry W. Cashdollar

Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Larry W. Cashdollar (Apr 08)
Re: Re: Security vulnerability tools Larry W. Cashdollar (Apr 01)
Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Larry W. Cashdollar (May 17)
Remote command Injection in Creme Fraiche 0.6 Ruby Gem Larry W. Cashdollar (May 14)
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Larry W. Cashdollar (Jun 10)
Remote command injection md2pdf ruby gem Larry W. Cashdollar (Apr 12)

Lloyd Dewolf

Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf (Jun 03)

Luciano Bello

CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)
CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello (May 12)

Lukas Reschke

ownCloud Security Advisory oC-SA-2013-028 Lukas Reschke (Jun 07)
ownCloud Security Advisories oC-SA-0{19-27} Lukas Reschke (May 14)
ownCloud Security Advisories (2013-017, 2013-018) Lukas Reschke (Apr 21)
Re: CVE-2013-1942 jPlayer 2.2.19 XSS Lukas Reschke (Apr 20)
ownCloud Security Advisories (2013-011, 2013-012) Lukas Reschke (Apr 03)

mancha

tty-hijacking & CVE-2005-4890 - redux mancha (May 20)

Marc Deslauriers

CVE Request: linux kernel perf out-of-bounds access Marc Deslauriers (May 14)
CVE Request: httplib2 ssl cert incorrect error handling Marc Deslauriers (May 01)
CVE Request: libimobiledevice insecure /tmp use Marc Deslauriers (May 31)

Marcus Meissner

CVE Request: More perf security fixes Marcus Meissner (Jun 04)
Re: CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 05)
CVE Request: kernel info leak in tkill/tgkill Marcus Meissner (Jun 02)
CVE Request: tg3 VPD firmware -> driver injection Marcus Meissner (Apr 05)
CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner (Apr 03)
Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Marcus Meissner (May 06)
CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Marcus Meissner (Apr 05)
Re: upstream source code authenticity checking Marcus Meissner (Apr 26)
Re: upstream source code authenticity checking Marcus Meissner (Apr 21)

Mathias Krause

Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 14)
Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 23)

Matthew Wilkes

Re: plone, rrdtool, zenoss bugs Matthew Wilkes (May 24)

Matthias Weckbecker

Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)

Mehrenberger, Xavier

CVE request for GLPI Mehrenberger, Xavier (Jun 27)

Michael de Raadt

Moodle security notifications public Michael de Raadt (May 20)

Michael Gilbert

Any info on dovecot CVE-2010-0535? Michael Gilbert (Apr 07)
cve request: util-linux Michael Gilbert (Apr 07)
Re: Re-emergence of CVE-2008-4796 in Nagios current Michael Gilbert (May 03)
Re: CVE Request: linux kernel perf out-of-bounds access Michael Gilbert (May 14)

Michael Samuel

Re: CVE Request: pwgen Michael Samuel (May 27)
Re: KDE Paste Applet Michael Samuel (Jun 25)
Re: KDE Paste Applet Michael Samuel (Jun 12)
KDE Paste Applet Michael Samuel (May 28)
Re: CVE Request: pwgen Michael Samuel (Jun 05)
Re: KDE Paste Applet Michael Samuel (May 30)

Michael Scherer

Re: Zimbra XSS in aspell.php, CVE request Michael Scherer (Apr 05)
Zimbra XSS in aspell.php, CVE request Michael Scherer (Apr 05)

Michael Still

[OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096) Michael Still (May 16)

Michael S. Tsirkin

Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Michael S. Tsirkin (Apr 29)

Michael Tokarev

Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev (Apr 09)
Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev (Apr 09)

Mike

Re: Postfix incorrect permissions on configurations. Request. Mike (Apr 09)

Miller, Mark M (EB SW Cloud - R&D - Corvallis)

RE: [Openstack] [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Miller, Mark M (EB SW Cloud - R&D - Corvallis) (May 09)

Moritz Muehlenhoff

Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 17)
Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff (Jun 18)

Murray McAllister

autotrace: stack-based buffer overflow in bmp parser Murray McAllister (Apr 16)

MustLive

Vulnerabilities in multiple plugins for WordPress with jPlayer MustLive (Apr 22)
Vulnerabilities in multiple themes for WordPress with jPlayer MustLive (Apr 24)
Vulnerabilities in jPlayer MustLive (Apr 21)

nicolas vigier

Re: upstream source code authenticity checking nicolas vigier (Apr 25)
Re: upstream source code authenticity checking nicolas vigier (Apr 25)

Oden Eriksson

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)

Pavel Labushev

Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Pavel Labushev (May 20)

Peter Bex

CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 08)
Re: OS command injection vulnerability in Chicken Scheme Peter Bex (Apr 29)
Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex (May 09)
OS command injection vulnerability in Chicken Scheme Peter Bex (Apr 21)

Peter Zijlstra

Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)
Re: CVE Request: More perf security fixes Peter Zijlstra (Jun 05)

Petr Matousek

CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability Petr Matousek (Apr 16)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
CVE request -- Linux kernel: veth: double-free in case of congestion Petr Matousek (Apr 29)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: [PATCH] perf: fix hypervisor branch sampling permission check Petr Matousek (Jun 06)
Re: Re: CVE Request: More perf security fixes Petr Matousek (Jun 05)
Re: CVE Request: linux kernel perf out-of-bounds access Petr Matousek (May 14)
Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct Petr Matousek (May 10)
Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Petr Matousek (Apr 28)
Re: Re: Linux kernel: more net info leak fixes for v3.9 Petr Matousek (Apr 23)
CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Petr Matousek (Jun 20)
CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Petr Matousek (May 16)
Re: CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Petr Matousek (May 16)
Re: CVE Request: More perf security fixes Petr Matousek (Jun 06)

P J P

Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P (Jun 05)
CVE request - Linux kernel: tracing NULL pointer dereference P J P (Apr 15)
CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct P J P (May 10)
CVE request: Linux kernel: ext4: hang during mount(8) P J P (Apr 26)
CVE request: Linux kernel: chipidea: allow disabling streaming in host mode P J P (May 03)
CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) P J P (May 29)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user P J P (Jun 05)
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P (Jun 05)
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 09)
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P (Apr 08)
CVE request: Linux kernel: cifs: NULL pointer dereference P J P (Apr 15)

Raphael Geissert

CVE request: znc: null pointer dereference in webadmin Raphael Geissert (May 30)
Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert (Jun 10)
Re: CVE Request: linux kernel perf out-of-bounds access Raphael Geissert (May 14)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Raphael Geissert (Jun 26)
CVE request: GLPI, multiple issues Raphael Geissert (Jun 27)
Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
CVE request: libraw: multiple issues Raphael Geissert (May 28)
Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)

Richard W.M. Jones

Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Richard W.M. Jones (May 29)

Robbie Mackay

CVE Request for XSS vulnerability in Ushahidi Web Robbie Mackay (Apr 23)
Re: upstream source code authenticity checking Robbie MacKay (May 01)

Robert Collins

Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Robert Collins (Jun 03)

Russ Allbery

Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 18)
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Russ Allbery (Jun 05)
Re: upstream source code authenticity checking Russ Allbery (May 02)
Re: upstream source code authenticity checking Russ Allbery (May 02)
Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery (May 16)
Re: Thoughts on a vuln/CVE? Russ Allbery (Jun 17)
Re: 1.2k bug reports for Debian, some may be security Russ Allbery (Jun 26)

Russ Thompson

Postfix incorrect permissions on configurations. Request. Russ Thompson (Apr 09)
Re: Postfix incorrect permissions on configurations. Request. Russ Thompson (Apr 09)

Salvatore Bonaccorso

CVE Request: VLC Buffer Overflow in ASF Demuxer Salvatore Bonaccorso (Apr 14)
CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Salvatore Bonaccorso (Apr 09)
CVE Request: WebAuth: Authentication credential disclosure Salvatore Bonaccorso (May 16)
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso (May 03)
CVE Request: SPIP privilege escalation Salvatore Bonaccorso (May 25)
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso (Apr 29)

sd

Re: CVE Request: linux kernel perf out-of-bounds access sd (May 14)

Sebastian Krahmer

Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer (Apr 03)

Seth Arnold

Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)
CVE Request: kdelibs Seth Arnold (May 10)
Re: chroots & uid sharing Seth Arnold (Jun 06)
CVE Request: pwgen Seth Arnold (May 24)
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold (Jun 14)

Shawn

Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Shawn (Apr 27)

Simon McVittie

Re: OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Simon McVittie (May 02)
CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Simon McVittie (Apr 24)
CVE-2013-1431: telepathy-gabble: TLS bypass via use of legacy Jabber Simon McVittie (May 30)
CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound Simon McVittie (Jun 13)
Re: Thoughts on a vuln/CVE? Simon McVittie (Jun 18)

Solar Designer

Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
PostgreSQL security update Solar Designer (Apr 04)
Re: nginx security advisory (CVE-2013-2028) Solar Designer (May 22)
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer (Jun 12)
Re: Request for linux-distros list membership Solar Designer (Apr 20)
upstream source code authenticity checking Solar Designer (Apr 20)
Re: CVE-2013-1900 looks like an OpenSSL bug Solar Designer (Apr 12)
distros vs. linux-distros lists Solar Designer (Apr 28)
Re: PostgreSQL security update Solar Designer (Apr 04)
Re: CVE Request: pwgen Solar Designer (May 27)
Re: Request for linux-distros list membership Solar Designer (Apr 21)
distros list news Solar Designer (Apr 19)

Stefan Bühler

browser document.cookie DoS vulnerability Stefan Bühler (Apr 03)

Stephane Eranian

Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
Re: CVE Request: More perf security fixes Stephane Eranian (Jun 05)
Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
Re: CVE Request: More perf security fixes Stephane Eranian (Jun 06)
[PATCH] perf: fix hypervisor branch sampling permission check Stephane Eranian (Jun 06)

Steven Ciaburri

Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Steven Ciaburri (Jun 30)
CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri (Jun 30)
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri (Jun 30)

Steven M. Christey

Re-evaluating expat/libxml2 CVE assignments Steven M. Christey (Apr 12)
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Steven M. Christey (Jun 27)
Re: 1.2k bug reports for Debian, some may be security Steven M. Christey (Jun 27)

Stuart Henderson

Re: upstream source code authenticity checking Stuart Henderson (Apr 22)

Tavis Ormandy

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)

The Doctor

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)

Thierry Carrez

Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Thierry Carrez (Apr 24)
[OSSA 2013-015] Authentication bypass when using LDAP backend (CVE-2013-2157) Thierry Carrez (Jun 13)
[OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Thierry Carrez (May 09)
Re: CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Thierry Carrez (Apr 23)
[OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030) Thierry Carrez (May 09)
[OSSA 2013-017] Issues in Keystone middleware memcache signing/encryption feature (CVE-2013-2166, CVE-2013-2167) Thierry Carrez (Jun 19)
[OSSA 2013-014] Missing expiration check in Keystone PKI tokens validation (CVE-2013-2104) Thierry Carrez (May 28)

Thijs Kinkhorst

CVE request: MediaWiki chunked uploads vulnerability Thijs Kinkhorst (May 22)
CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Thijs Kinkhorst (Apr 16)

Thomas Biege

debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Thomas Biege (Apr 17)

Thomas Pollet

plone, rrdtool, zenoss bugs Thomas Pollet (Apr 18)

Thomas Waldmann

Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Thomas Waldmann (May 12)

Tim

Re: Thoughts on a vuln/CVE? Tim (Jun 18)

Timo Sirainen

Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Timo Sirainen (May 22)

Tomas Hoger

Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 23)
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger (May 20)
GnuTLS 2.x Lucky13 fix regression CVE-2013-2116 Tomas Hoger (May 29)

Tom Maher

Re: chroots & uid sharing Tom Maher (Jun 07)

TYPO3 Security Team

Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core TYPO3 Security Team (Jun 16)

Vincent Danen

CVE request: rpc-gssd is vulnerable to DNS spoofing Vincent Danen (Apr 03)
CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen (Jun 11)
CVE request: password exposure in kdelibs when showing "internal server error" messages Vincent Danen (May 10)
CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Vincent Danen (May 06)
CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Jun 26)
Re: CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen (May 13)
Re: Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen (May 14)
CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen (Jun 05)

Vitezslav Cizek

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)

vladz

CVE request: Debian's package "mysql-server" leaks credential information vladz (Jun 08)
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) vladz (Jun 10)

Willy Tarreau

CVE-2013-1912 : haproxy may crash on TCP content inspection rules Willy Tarreau (Apr 02)
CVE-2013-2175 : haproxy may crash when using header occurrences relative to the tail Willy Tarreau (Jun 17)

Xen . org security team

Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team (Apr 18)
Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV Xen . org security team (Jun 03)
Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team (Apr 18)
Xen Security Advisory 52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs Xen . org security team (Jun 03)
Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team (Jun 26)
Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible Xen . org security team (May 02)
Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 07)
Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 14)
Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team (Jun 21)
Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes Xen . org security team (Jun 26)
Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations Xen . org security team (Apr 04)
Xen Security Advisory 53 (CVE-2013-2077) - Hypervisor crash due to missing exception recovery on XRSTOR Xen . org security team (Jun 03)
Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests Xen . org security team (Apr 18)
Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions Xen . org security team (May 06)
Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance Xen . org security team (Apr 18)
Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team (Jun 20)
Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification Xen . org security team (Apr 15)
Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend Xen . org security team (May 17)
Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges Xen . org security team (May 02)

yersinia

Re: upstream source code authenticity checking yersinia (Apr 26)

Yves-Alexis Perez

Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Yves-Alexis Perez (Jun 12)
Re: Thoughts on a vuln/CVE? Yves-Alexis Perez (Jun 17)
Re: [LightDM] light-locker 0.1.0 released Yves-Alexis Perez (Jun 25)
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Yves-Alexis Perez (Jun 14)

Zate

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)

唐鳳

Re: CVE-2013-2145: perl Module::Signature code execution vulnerability 唐鳳 (Jun 05)

Previous period

Next period