oss-sec: by thread
711 messages
starting Mar 31 14 and
ending Jun 30 14
Date index |
Thread index |
Author index
- Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 cve-assign (Mar 31)
- CVE Request: Shaarli: Several XSS in index.php Salvatore Bonaccorso (Mar 31)
- Re: CVE Request: Shaarli: Several XSS in index.php cve-assign (Apr 01)
- CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" Murray McAllister (Apr 01)
- Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" cve-assign (Apr 03)
- cups-browsed remote exploit Sebastian Krahmer (Apr 01)
- Re: cups-browsed remote exploit cve-assign (Apr 02)
- Re: Re: cups-browsed remote exploit Jamie Strandboge (Apr 25)
- Re: Re: cups-browsed remote exploit Tomas Hoger (Jun 19)
- Re: cups-browsed remote exploit cve-assign (Jun 19)
- Re: Re: cups-browsed remote exploit Jamie Strandboge (Apr 25)
- Re: cups-browsed remote exploit cve-assign (Apr 02)
- Re: Re: CVE request: Linux Kernel, two security issues Petr Matousek (Apr 01)
- Re: CVE request: Linux Kernel, two security issues cve-assign (Apr 01)
- Re: CVE request: MediaWiki 1.22.5 login csrf cve-assign (Apr 01)
- Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala (Apr 02)
- Xen Security Advisory 89 (CVE-2014-2599) - HVMOP_set_mem_access is not preemptible Xen . org security team (Apr 02)
- Xen Security Advisory 90 (CVE-2014-2580) - Linux netback crash trying to disable due to malformed packet Xen . org security team (Apr 02)
- Re: KAuth security issues cve-assign (Apr 02)
- Lots of CVEs ahead in TLS implementations Hanno Böck (Apr 04)
- Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression Salvatore Bonaccorso (Apr 05)
- CVE request: redmine open redirector Florian Weimer (Apr 06)
- Re: CVE request: redmine open redirector cve-assign (Apr 10)
- CVE request: Icecast world readable log/logdir Agostino Sarubbo (Apr 06)
- Re: CVE request: Icecast world readable log/logdir Tim Heckman (Apr 06)
- Re: CVE request: Icecast world readable log/logdir Agostino Sarubbo (Apr 07)
- Re: CVE request: Icecast world readable log/logdir Kurt Seifried (Apr 08)
- Re: CVE request: Icecast world readable log/logdir Agostino Sarubbo (Apr 07)
- Re: CVE request: Icecast world readable log/logdir Ben Corman (Apr 08)
- Re: CVE request: Icecast world readable log/logdir Tim Heckman (Apr 06)
- CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table Petr Matousek (Apr 07)
- OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Tomas Hoger (Apr 07)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Reed Loden (Apr 07)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Alex Gaynor (Apr 07)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 07)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 07)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Kurt Seifried (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Solar Designer (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 25)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers (Apr 09)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 mancha (Apr 09)
- <Possible follow-ups>
- RE: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Bobby Broughton (Apr 08)
- Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Reed Loden (Apr 07)
- Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 10)
- Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
- jbigkit security flaw Huzaifa Sidhpurwala (Apr 08)
- CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler P J P (Apr 08)
- [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157) Tristan Cacqueray (Apr 08)
- Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)
- Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
- Two security flaws with json-c Huzaifa Sidhpurwala (Apr 08)
- Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172) Florian Weimer (Apr 09)
- Session IP check bypass in Roundcube 1.0 Felix Eckhofer (Apr 09)
- Re: Session IP check bypass in Roundcube 1.0 cve-assign (Apr 10)
- Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
- Re: Heartbleed, clients and Android Nick Kralevich (Apr 09)
- Re: Heartbleed, clients and Android Eric Lacombe (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
- Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
- CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Apr 09)
- Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Apr 10)
- pam_cifscreds stack overflow Sebastian Krahmer (Apr 09)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: Re: pam_cifscreds stack overflow Kurt Seifried (Apr 10)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Re: pam_cifscreds stack overflow Sebastian Krahmer (Apr 13)
- Re: pam_cifscreds stack overflow cve-assign (Apr 10)
- Request for linux-distros list membership Anthony Liguori (Apr 09)
- Re: Request for linux-distros list membership Kurt Seifried (Apr 09)
- Re: Request for linux-distros list membership Anthony Liguori (Apr 09)
- Re: Request for linux-distros list membership Anthony Liguori (Apr 09)
- Re: Request for linux-distros list membership Kurt Seifried (Apr 09)
- Re: Request for linux-distros list membership Solar Designer (Apr 09)
- Re: Request for linux-distros list membership Anthony Liguori (Apr 10)
- Re: Request for linux-distros list membership Max Spevack (Apr 10)
- Re: Request for linux-distros list membership Tyler Hicks (Apr 10)
- Re: Request for linux-distros list membership Seth Arnold (Apr 10)
- Re: Request for linux-distros list membership Anthony Liguori (Apr 18)
- Re: Request for linux-distros list membership rf (Apr 18)
- Re: Request for linux-distros list membership Kurt Seifried (Apr 18)
- Re: Request for linux-distros list membership rf (Apr 19)
- Re: Request for linux-distros list membership Solar Designer (Apr 24)
- Re: Request for linux-distros list membership Solar Designer (Apr 24)
- Re: Request for linux-distros list membership Anthony Liguori (Apr 25)
- Re: Request for linux-distros list membership Solar Designer (Apr 25)
- Re: Request for linux-distros list membership rf (Apr 25)
- Re: Request for linux-distros list membership Matt Wilson (Apr 09)
- Re: Request for linux-distros list membership Kurt Seifried (Apr 09)
- [OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167) Tristan Cacqueray (Apr 09)
- Cauterizing OpenSSL's heartbleed (the aftermath) mancha (Apr 09)
- Re: Cauterizing OpenSSL's heartbleed (the aftermath) Seth Arnold (Apr 09)
- Re: Cauterizing OpenSSL's heartbleed (the aftermath) Yves-Alexis Perez (Apr 09)
- Re: Cauterizing OpenSSL's heartbleed (the aftermath) mancha (Apr 11)
- Re: Cauterizing OpenSSL's heartbleed (the aftermath) Seth Arnold (Apr 09)
- CVE-2013-7353 CVE-2013-7354 libpng integer overflows cve-assign (Apr 10)
- [OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162) Tristan Cacqueray (Apr 10)
- [OSSA 2014-013] Keystone DoS through V3 API authentication chaining (CVE-2014-2828) Tristan Cacqueray (Apr 10)
- REJECT of CVE-2014-2750 (an extra CVE ID for Prosody) cve-assign (Apr 10)
- CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function Petr Matousek (Apr 11)
- Use-after-free race condition,in OpenSSL's read buffer Scotty Bauer (Apr 12)
- Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer (Apr 12)
- Re: Use-after-free race condition,in OpenSSL's read buffer mancha (Apr 13)
- Re: Use-after-free race condition,in OpenSSL's read buffer cve-assign (Apr 14)
- Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer (Apr 12)
- two more interesting notes on heartbleed Kurt Seifried (Apr 13)
- CVE request: cross-site scripting issue fixed in CUPS 1.7.2 Murray McAllister (Apr 13)
- Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2 cve-assign (Apr 15)
- Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 14)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)
- Re: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 20)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 20)
- Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)
- CVE Request: rsync denial of service Marc Deslauriers (Apr 14)
- Re: CVE Request: rsync denial of service cve-assign (Apr 15)
- TrueCrypt audit report Kurt Seifried (Apr 14)
- Re: TrueCrypt audit report cve-assign (Apr 17)
- CVE request - node-connect: methodOverride middleware reflected cross-site scripting Kurt Seifried (Apr 15)
- CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART P J P (Apr 15)
- CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target P J P (Apr 15)
- Remote Command Injection in Ruby Gem sfpagent 0.4.14 Larry W. Cashdollar (Apr 15)
- Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14 cve-assign (Apr 18)
- CVE request: insecure temporary file handling in clang's scan-build utility Murray McAllister (Apr 15)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Apr 20)
- Message not available
- Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Jun 16)
- Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)
- Re: libmms heap-based buffer overflow fix cve-assign (Apr 18)
- Re: CVE Request - XXS in phpMyID (openid_error) cve-assign (Apr 18)
- Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska (Apr 17)
- Re: CVE ids for CyaSSL 2.9.4? cve-assign (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)
- Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)
- Re: CVE Request for Drupal Core cve-assign (Apr 21)
- Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) cve-assign (Apr 21)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 22)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks cve-assign (Apr 23)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 23)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Eric W. Biederman (Apr 23)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 28)
- Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks cve-assign (Apr 23)
- Re: Ubuntu 14.04: security problem in the lock screen Dave Walker (Apr 26)
- Re: Ubuntu 14.04: security problem in the lock screen Marc Deslauriers (Apr 29)
- Re: Ubuntu 14.04: security problem in the lock screen cve-assign (May 03)
- Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar (Apr 30)
- Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin cve-assign (May 04)
- Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar (May 05)
- Re: Upcoming security release of fish 2.1.1 David Adam (Apr 28)
- Re: Upcoming security release of fish 2.1.1 cve-assign (May 06)
- Re: Upcoming security release of fish 2.1.1 cve-assign (May 23)
- Re: Upcoming security release of fish 2.1.1 cve-assign (May 06)
- Re: CVE Request: indicator-datetime issue cve-assign (Apr 29)
- Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze cve-assign (May 01)
- Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert (May 25)
- Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Guillem Jover (May 25)
- Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert (May 25)
- Re: CVE Request - XSS in FOG open imaging system cve-assign (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
- Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
- Re: Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare Daniel J Walsh (May 01)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare John Haxby (Apr 30)
- Re: local privilege escalation due to capng_lock as used in seunshare cve-assign (May 07)
- Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
- Re: CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 30)
- Re: CVE request: possible miniupnpc buffer overflow Moritz Muehlenhoff (Jun 06)
- Re: CVE request: possible miniupnpc buffer overflow cve-assign (Jun 06)
- Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution cve-assign (Apr 30)
- Re: CVE request: Python Bottle JSON content-type not restrictive enough cve-assign (May 01)
- Re: CVE request: SKS non-persistent XSS cve-assign (May 04)
- Re: akpop3d review Jim Hull (May 02)
- Re: akpop3d review cve-assign (May 04)
- Re: Erlang OTP's httpc module Denial of Service cve-assign (May 04)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- Re: Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 08)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
- <Possible follow-ups>
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Theo de Raadt (May 02)
- Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Leon Weber (Jun 05)
- Re: ldns-keygen creates private key world readable cve-assign (May 04)
- Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Shawn (May 05)
- Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley (May 12)
- Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley (May 12)
- Re: *Possible* ssh vulnerability Andrey Korolyov (May 05)
- Re: *Possible* ssh vulnerability Mark Lee (May 05)
- Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities cve-assign (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Timoth D. Morgan (May 08)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 12)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 02)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 06)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (Jun 09)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 09)
- Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 06)
- Re: Postfix bounces arbitrary content cve-assign (May 06)
- Re: Postfix bounces arbitrary content Vincent Danen (May 07)
- Re: Unsafe Query Risk in Active Record Jordi Massaguer (May 13)
- Re: CVE Request - Predictable temporary filenames in GNU Emacs cve-assign (May 07)
- Re: A note on DBus and the Hash DOS Hanno Böck (May 07)
- Re: A note on DBus and the Hash DOS Kurt Seifried (May 07)
- Re: CVE Request - Local File inclusion in Cobbler cve-assign (May 08)
- Re: CVE request: python-lxml clean_html() input sanitization flaw cve-assign (May 09)
- Re: CVE request: Denial of Service attacks against Dovecot v1.1+ cve-assign (May 09)
- Re: CVE Request: seunshare and setexeccon issues Solar Designer (May 12)
- Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
- Re: CVE Request: seunshare and setexeccon issues Solar Designer (May 12)
- Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
- Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
- Re: CVE request: various NodeJS module vulnerabilities cve-assign (May 14)
- Re: CVE request: Qemu: usb: fix up post load checks cve-assign (May 13)
- Re: A number of EncFS issues cve-assign (May 13)
- Re: CVE request: Pyplate multiple vulnerabilities cve-assign (May 23)
- Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated cve-assign (May 14)
- Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 cve-assign (May 14)
- Re: OpenFiler - Arbitrary Code Execution & Stored XSS cve-assign (May 18)
- Re: OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi (May 19)
- Re: libgadu vulnerability: possible memory corruption cve-assign (May 18)
- Re: CVE request: X2Go Server privilege escalation cve-assign (May 19)
- Re: Re: CVE request: X2Go Server privilege escalation Chris Reffett (May 19)
- Re: CVE requests / advisory: TeamPass <= 2.1.19 cve-assign (May 19)
- Re: CVE request for buffer overrun in CHICKEN Scheme cve-assign (May 19)
- Re: CVE request, multiple vulnerabilities in openwsman cve-assign (May 21)
- Re: CVE request for vulnerability in OpenStack Heat cve-assign (May 20)
- Re: CVE request: xbmc cve-assign (May 20)
- Re: CVE request: dovecot denial of service Seth Arnold (May 20)
- Re: CVE request: dovecot denial of service Marc Deslauriers (May 20)
- Re: CVE request: dovecot denial of service Yves-Alexis Perez (May 20)
- Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Seth Arnold (Jun 17)
- Re: Security release for mod_wsgi (version 3.5) Matthew Daley (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Solar Designer (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
- CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Murray McAllister (Jun 18)
- Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 17)
- Re: Persistent XSS in Mayan EDMS - document management system cve-assign (May 21)
- Re: CVE request: another path traversal in dpkg-source during unpack cve-assign (May 29)
- Re: CVE Request: userCake <= 2.0.2 CSRF vulnerability cve-assign (May 26)
- Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign (May 28)
- Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign (Jun 03)
- Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried (Jun 04)
- Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried (Jun 04)
- Re: Fwd: [exim-announce] Exim 4.82.1 Security Release Phil Pennock (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Greg KH (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Greg KH (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
- Re: CVE request: Linux kernel DoS with syscall auditing cve-assign (May 29)
- Re: Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb (May 29)
- Re: CVE request: Linux kernel DoS with syscall auditing P J P (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Kurt Seifried (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 30)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi (May 29)
- Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords cve-assign (May 30)
- Re: Linux Foundation OpenSSL audit mancha (Jun 02)
- Re: GnuTLS and libtasn1 security fixes Florian Weimer (May 30)
- Re: GnuTLS and libtasn1 security fixes Kristian Fiskerstrand (Jun 01)
- Re: GnuTLS and libtasn1 security fixes mancha (Jun 01)
- Re: GnuTLS and libtasn1 security fixes Tomas Hoger (Jun 03)
- Re: CVE ID request: typo3 Henri Salo (Jun 01)
- Re: CVE ID request: typo3 cve-assign (Jun 02)
- Re: CVE ID request: typo3 cve-assign (Jun 02)
- Re: sendmail close-on-exec issue -- CVE assigned? cve-assign (Jun 03)
- Re: Request for linux-distros subscription Kurt Seifried (Jun 03)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
- Re: Request for linux-distros subscription Solar Designer (Jun 03)
- Re: Request for linux-distros subscription Greg KH (Jun 03)
- Re: Request for linux-distros subscription Alan Coopersmith (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Re: Request for linux-distros subscription Raphael Geissert (Jun 04)
- Re: Request for linux-distros subscription Kurt Seifried (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Greg KH (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Russ Allbery (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Greg KH (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Greg KH (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection cve-assign (Jun 04)
- Re: Bug in bash <= 4.3 [security feature bypassed] Steve Grubb (Jun 03)
- Re: Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran (Jun 04)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton (Jun 05)
- Re: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Simon McVittie (Jun 06)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists (Jun 05)
- Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
- Re: Operating system distribution security contact lists Solar Designer (Jun 03)
- Re: Operating system distribution security contact lists Lisa Bradley (Jun 04)
- Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Solar Designer (Jun 03)
- Re: CVE request: PulseAudio crash due to empty UDP packet cve-assign (Jun 04)
- Re: CVE request: PulseAudio crash due to empty UDP packet Alexander E. Patrakov (Jun 04)
- Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Murray McAllister (Jun 04)
- Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Matthew Daley (Jun 09)
- Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords cve-assign (Jun 13)
- Re: [CVE request] Local privilege escalation in libfep cve-assign (Jun 06)
- Re: OpenSSL seven security fixes Solar Designer (Jun 05)
- Re: OpenSSL seven security fixes Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 05)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 07)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) mancha (Jun 07)
- Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
- Re: Request for CVE: Bytemark Symbiosis cve-assign (Jun 11)
- Re: CVE-2014-0085 / Zookeeper David Jorm (Jun 09)
- Re: transparency on message moderation Josh Bressers (Jun 08)
- Re: transparency on message moderation rea (Jun 08)
- Re: transparency on message moderation Solar Designer (Jun 17)
- Re: transparency on message moderation Henri Salo (Jun 17)
- Re: transparency on message moderation Solar Designer (Jun 17)
- Re: transparency on message moderation rea (Jun 08)
- Re: CVE request: Linux kernel / target information leak cve-assign (Jun 11)
- Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski (Jun 17)
- Re: Re: CVE-2014-4014: Linux kernel user namespace bug Sven Kieske (Jun 18)
- Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski (Jun 23)
- Re: Re: CVE-2014-4014: Linux kernel user namespace bug Sven Kieske (Jun 18)
- Re: glibc - CVE for library bug that requires application participation cve-assign (Jun 12)
- Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes cve-assign (Jun 12)
- Re: [OpenAFS-GK] Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes Jeffrey Altman (Jun 13)
- Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing cve-assign (Jun 12)
- Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el cve-assign (Jun 12)
- Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign (Jun 13)
- Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign (Jun 17)
- Re: CVE request: multiple /tmp races in ppc64-diag cve-assign (Jun 16)
- Re: CVE request: multiple /tmp races in ppc64-diag Vincent Danen (Jun 18)
- Re: CVE Request for KIO/kmail Henri Salo (Jun 15)
- Re: CVE Request for KIO/kmail cve-assign (Jun 15)
- Re: CVE Request for KIO/kmail Richard Moore (Jun 15)
- Re: CVE Request for KIO/kmail cve-assign (Jun 15)
- Re: Re: CVE Request for KIO/kmail Yves-Alexis Perez (Jun 15)
- Re: Re: CVE Request for KIO/kmail Richard Moore (Jun 15)
- Re: CVE Request for KIO/kmail cve-assign (Jun 15)
- Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE Arun Babu Neelicattu (Jun 27)
- Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Jun 17)
- Re: CVE Request: iodine: authentication bypass by client cve-assign (Jun 17)
- <Possible follow-ups>
- Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla (Jun 17)
- Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Ian Campbell (Jun 17)
- Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla (Jun 17)
- Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Steven Haigh (Jun 17)
- Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Ian Campbell (Jun 17)
- Re: docker VMM breakout David Jorm (Jun 18)
- Re: docker VMM breakout Yves-Alexis Perez (Jun 18)
- Re: docker VMM breakout Sven Kieske (Jun 18)
- Re: docker VMM breakout Daniel J Walsh (Jun 18)
- Re: docker VMM breakout gremlin (Jun 18)
- Re: docker VMM breakout Serge Hallyn (Jun 19)
- Re: docker VMM breakout Daniel J Walsh (Jun 20)
- Re: CVE Request: Parameter Injection in jCryption 3.0 cve-assign (Jun 18)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw David Faure (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
- Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
- Re: TMP flaw in rackspace jclouds? Alex Gaynor (Jun 18)
- Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 18)
- Re: Re: TMP flaw in rackspace jclouds? Kurt Seifried (Jun 18)
- Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 19)
- Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 19)
- Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 20)
- Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 20)
- Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 23)
- Re: TMP flaw in rackspace jclouds? cve-assign (Jun 25)
- Re: CVE request: Another Linux syscall auditing bug Steve Grubb (Jun 19)
- Re: CVE request: Another Linux syscall auditing bug cve-assign (Jun 20)
- Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Salvatore Bonaccorso (Jun 19)
- Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister (Jun 19)
- Re: XSS vulnerability in apt-cacher-ng cve-assign (Jun 22)
- Re: CVE request: XSS in coppermine gallery before 1.5.28 cve-assign (Jun 23)
- Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 23)
- Re: CVE request: piwigo before 2.6.3 sql injection Hanno Böck (Jun 24)
- Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 24)
- Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 25)
- Re: CVE request: piwigo before 2.6.3 sql injection Hanno Böck (Jun 24)
- Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF cve-assign (Jun 23)
- Re: CVE ID Request for Python CGIHTTPServer File Disclosure cve-assign (Jun 25)
- Re: Ansible CVE requests cve-assign (Jun 26)
- Re: Re: Ansible CVE requests Florian Weimer (Jun 26)
- Re: CVE request: GnuPG-1 mancha (Jun 23)
- Re: CVE request: GnuPG-1 Werner Koch (Jun 24)
- Re: CVE request: GnuPG-1 Olivier Levillain (Jun 24)
- Re: CVE request: GnuPG-1 cve-assign (Jun 24)
- Re: CVE Request: Linux kernel ALSA core control API vulnerabilities Marcus Meissner (Jun 24)
- Re: CVE Request: Linux kernel ALSA core control API vulnerabilities cve-assign (Jun 25)
- Re: possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen (Jun 24)
- Re: CVE request: timthumb remote code execution Hanno Böck (Jun 25)
- Re: CVE request: timthumb remote code execution cve-assign (Jun 27)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Chris Steipp (Jun 25)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Hanno Böck (Jun 26)
- Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 cve-assign (Jun 27)
- Re: Xen Security Advisory 101 - information leak via gnttab_setup_table on ARM cve-assign (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Henri Salo (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Vladimir '3APA3A' Dubrovin (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Florian Weimer (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Jamie Strandboge (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 30)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 25)
- Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 26)
- Re: LMS-2014-06-16-1: Oberhumer LZO H. Peter Anvin (Jun 27)
- Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 28)
- Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 Eddie Chapman (Jun 27)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey (Jun 27)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jun 27)
- Re: LMS-2014-06-16-6: LZ4 Core Hanno Böck (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Solar Designer (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
- Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem cve-assign (Jun 27)
- Re: CVE request / advisory: Cherokee cve-assign (Jun 28)
- Re: Confusion on CVE-2014-0235 cve-assign (Jun 29)
- changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) cve-assign (Jun 30)