oss-sec: by thread
886 messages
starting Jul 01 14 and
ending Sep 30 14
Date index |
Thread index |
Author index
- default cipher suites in curl Marcus Meissner (Jul 01)
- Re: default cipher suites in curl Michael Samuel (Jul 06)
- Re: default cipher suites in curl Marcus Meissner (Jul 07)
- Re: default cipher suites in curl Michael Samuel (Jul 07)
- Re: default cipher suites in curl Marcus Meissner (Jul 07)
- Re: default cipher suites in curl Michael Samuel (Jul 06)
- CVE request: WordPress plugin wysija-newsletters remote file upload Henri Salo (Jul 02)
- Re: CVE request: WordPress plugin wysija-newsletters remote file upload cve-assign (Jul 08)
- Re: Ansible CVE requests cve-assign (Jul 02)
- Re: Ansible CVE requests Florian Weimer (Jul 02)
- Re: Re: Ansible CVE requests Brian Harring (Jul 02)
- Re: Ansible CVE requests Florian Weimer (Jul 02)
- CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon Simon McVittie (Jul 02)
- [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França (Jul 02)
- Re: [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França (Jul 02)
- [OSSA 2014-022] Keystone V2 trusts privilege escalation through user supplied project id (CVE-2014-3520) Tristan Cacqueray (Jul 02)
- Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 02)
- Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 03)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jul 02)
- Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jul 03)
- Amended Patches for CVE-2014-3483 for Rails 4.x Rafael Mendonça França (Jul 02)
- Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
- Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
- Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Sven Kieske (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Seth Arnold (Jul 03)
- Re: Varnish - no CVE == bug regression Sven Kieske (Jul 04)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 05)
- Re: Varnish - no CVE == bug regression cve-assign (Jul 08)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)
- Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 09)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
- Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)
- CVE-2014-4715 for LZ4 issue 134 cve-assign (Jul 02)
- CVE request: XSS in PNP4Nagios Murray McAllister (Jul 02)
- Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 11)
- Re: Re: CVE request: XSS in PNP4Nagios Salvatore Bonaccorso (Jul 11)
- Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 11)
- Re: Re: CVE request: XSS in PNP4Nagios Vasyl Kaigorodov (Jul 11)
- Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 16)
- Re: Re: CVE request: XSS in PNP4Nagios Salvatore Bonaccorso (Jul 11)
- Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 11)
- CVE-2014-0235 cleanup Kurt Seifried (Jul 03)
- Re: CVE-2014-0235 cleanup Solar Designer (Jul 03)
- Re: CVE-2014-0235 cleanup Kurt Seifried (Jul 03)
- Re: CVE-2014-0235 cleanup Solar Designer (Jul 03)
- CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Vasyl Kaigorodov (Jul 03)
- Re: CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Henri Salo (Jul 03)
- Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso (Jul 03)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried (Jul 04)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign (Jul 06)
- <Possible follow-ups>
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron (Jul 06)
- SaltStack - how to report security flaw? Kurt Seifried (Jul 03)
- Re: SaltStack - how to report security flaw? Murray McAllister (Jul 03)
- X.Org intel driver dev snapshots, backlight helper issue Matthieu Herrb (Jul 04)
- Re: X.Org intel driver dev snapshots, backlight helper issue cve-assign (Jul 11)
- CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 04)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 04)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 08)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
- Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Marc Deslauriers (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 06)
- Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
- Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
- Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
- Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 08)
- Re: LMS-2014-06-16-2: Linux Kernel LZO Solar Designer (Jul 05)
- Re: LMS-2014-06-16-2: Linux Kernel LZO Don A. Bailey (Jul 05)
- Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE David Jorm (Jul 06)
- [SECURITY] CVE-2014-3503 Apache Syncope Francesco Chicchiriccò (Jul 07)
- LMS-2014-07-07-1: python-lz4 Don A. Bailey (Jul 07)
- Re: LMS-2014-07-07-1: python-lz4 Don A. Bailey (Jul 07)
- Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
- Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.) cve-assign (Jul 17)
- <Possible follow-ups>
- Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem cap-strap-0.1.5 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem backup_checksum-3.0.23 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem gyazo-1.0.0 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem VladTheEnterprising-0.2 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem gnms-2.1.1 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem point-cli-0.0.1 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry W. Cashdollar (Jul 07)
- Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 11)
- Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 15)
- Re: Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry Cashdollar (Jul 16)
- Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 15)
- Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 11)
- Vulnerability Report for Ruby Gem lean-ruport-0.3.8 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem kajam-1.0.3.rc2 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem lawn-login-0.0.7 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem kcapifony-2.1.6 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem karo-2.3.8 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem lynx-0.2.0 Larry W. Cashdollar (Jul 07)
- Vulnerability Report for Ruby Gem ciborg-3.0.0 Larry W. Cashdollar (Jul 07)
- possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Murray McAllister (Jul 08)
- Re: possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Shota Fukumori (sora_h) (Jul 08)
- [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) Tristan Cacqueray (Jul 08)
- Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service P J P (Jul 08)
- <Possible follow-ups>
- Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service yersinia (Jul 08)
- Summer bug cleaning - some Hash DoS stuff Kurt Seifried (Jul 08)
- Summer bug cleaning - rpcbind -h option Kurt Seifried (Jul 08)
- FreeBSD Security Advisory FreeBSD-SA-14:17.kmem FreeBSD Security Advisories (Jul 08)
- Zend Framework CVEs Kurt Seifried (Jul 08)
- Re: Zend Framework CVEs Moritz Muehlenhoff (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs cve-assign (Jul 11)
- Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Tomas Hoger (Jul 09)
- <Possible follow-ups>
- Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Sven Kieske (Jul 09)
- Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Stuart Henderson (Jul 09)
- CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett (Jul 09)
- Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign (Jul 15)
- Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett (Jul 16)
- Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Tomas Hoger (Jul 16)
- Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign (Jul 18)
- <Possible follow-ups>
- Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Kurt Seifried (Jul 15)
- Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign (Jul 15)
- Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 09)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Murray McAllister (Jul 09)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 10)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Kurt Seifried (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 14)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 15)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 15)
- Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
- Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 16)
- Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 17)
- Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
- LMS-2014-07-09-1: lz4-ruby Memory Corruption Don A. Bailey (Jul 09)
- GnuPG computation error checks Solar Designer (Jul 10)
- Re: GnuPG computation error checks Florian Weimer (Jul 10)
- CVE request: transmission peer communication vulnerability Vasyl Kaigorodov (Jul 10)
- Re: CVE request: transmission peer communication vulnerability cve-assign (Jul 11)
- Vulnerabilities in Ruby Gem brbackup-0.1.1 Larry W. Cashdollar (Jul 10)
- CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy (Jul 10)
- Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 12)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 14)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- LMS-2014-07-10-1 - CloudFlare GoLang LZ4 Memory Corruption Don A. Bailey (Jul 12)
- glibc locale issues Tavis Ormandy (Jul 13)
- Re: glibc locale issues Tavis Ormandy (Jul 13)
- Re: Re: glibc locale issues Florian Weimer (Jul 21)
- Re: Re: glibc locale issues Tavis Ormandy (Jul 21)
- [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Florian Weimer (Jul 29)
- Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) cve-assign (Aug 12)
- Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) John Haxby (Aug 14)
- Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Tavis Ormandy (Aug 14)
- Re: Re: glibc locale issues Florian Weimer (Jul 21)
- Re: glibc locale issues Tavis Ormandy (Jul 13)
- IPython Notebook Cross 2014-3429 Kyle Kelley (Jul 15)
- CVE request: libressl before 2.0.2 under linux PRNG failure Hanno Böck (Jul 16)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 30)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 31)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Aug 06)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure Rich Felker (Jul 17)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)
- CVE request: rawstudio: Insecure use of temporary file Vasyl Kaigorodov (Jul 16)
- Re: CVE request: rawstudio: Insecure use of temporary file cve-assign (Jul 16)
- qemu-bridge-helper minimizing patch Sebastian Krahmer (Jul 16)
- CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets Kees Cook (Jul 16)
- [OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517) Grant Murphy (Jul 17)
- Strong Security Processes Require Strong Privacy Protections coderman (Jul 18)
- CVE Request: bozohttpd: basic http authentication bypass Salvatore Bonaccorso (Jul 18)
- Re: CVE Request: bozohttpd: basic http authentication bypass cve-assign (Jul 18)
- CVE's for intersection vulnerabilities Kurt Seifried (Jul 18)
- Re: CVE's for intersection vulnerabilities cve-assign (Jul 18)
- Re: CVE's for intersection vulnerabilities intrigeri (Jul 19)
- Re: CVE's for intersection vulnerabilities Dolev Farhi (Jul 19)
- Re: CVE's for intersection vulnerabilities Kurt Seifried (Jul 20)
- Re: CVE's for intersection vulnerabilities Dolev Farhi (Jul 20)
- Re: CVE's for intersection vulnerabilities Dolev Farhi (Jul 19)
- Good news and bad news on Python sockets and pickle Kurt Seifried (Jul 18)
- Re: Good news and bad news on Python sockets and pickle gremlin (Jul 18)
- Re: Good news and bad news on Python sockets and pickle Kurt Seifried (Jul 19)
- Re: Good news and bad news on Python sockets and pickle cve-assign (Jul 19)
- Re: Good news and bad news on Python sockets and pickle gremlin (Jul 18)
- Status of CVE-2012-4542/Linux? Moritz Muehlenhoff (Jul 20)
- CVE request: cacti XSS Moritz Muehlenhoff (Jul 20)
- Re: CVE request: cacti XSS cve-assign (Jul 22)
- Additional information on CVE-2014-2469? Moritz Muehlenhoff (Jul 20)
- <Possible follow-ups>
- Re: Additional information on CVE-2014-2469? Ritwik Ghoshal (Jul 21)
- Re: Additional information on CVE-2014-2469? Tomas Hoger (Jul 29)
- Moodle security notifications public Michael de Raadt (Jul 20)
- <Possible follow-ups>
- Moodle security notifications public Michael de Raadt (Jul 20)
- Re: Moodle security notifications public cve-assign (Jul 20)
- Re: Moodle security notifications public cve-assign (Jul 21)
- Re: Moodle security notifications public cve-assign (Jul 20)
- Moodle security notifications public Michael de Raadt (Sep 14)
- CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 21)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
- Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
- CVE Request for Drupal Core Jorge Manuel B. S. Vicetto (Jul 21)
- Re: CVE Request for Drupal Core Loganaden Velvindron (Jul 21)
- Re: CVE Request for Drupal Core Forest Monsen (Jul 23)
- Re: CVE Request for Drupal Core cve-assign (Jul 23)
- [OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) Tristan Cacqueray (Jul 21)
- CVE requests for Review Board Christian Hammond (Jul 21)
- Re: CVE requests for Review Board cve-assign (Jul 22)
- Re: CVE requests for Review Board Christian Hammond (Jul 22)
- Re: CVE requests for Review Board cve-assign (Jul 22)
- [oCERT-2014-004] Ansible input sanitization errors Andrea Barisani (Jul 21)
- CVE Request: cups: Incomplete fix for CVE-2014-3537 Salvatore Bonaccorso (Jul 21)
- Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 cve-assign (Jul 22)
- Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
- Re: Linux peer_cred Mischmasch Simon McVittie (Jul 22)
- Re: Linux peer_cred Mischmasch Florian Weimer (Jul 22)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 22)
- Re: Re: Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 24)
- Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 22)
- GLPI: unprivileged users can access cost information Raphael Geissert (Jul 22)
- Re: GLPI: unprivileged users can access cost information cve-assign (Jul 22)
- Exim: 4.83 Released, CVE-2014-2972 fix Phil Pennock (Jul 22)
- ecryptfs-setup-private nitpick Raphael Geissert (Jul 22)
- Re: ecryptfs-setup-private nitpick Tyler Hicks (Jul 22)
- Re: ecryptfs-setup-private nitpick Dustin Kirkland (Jul 23)
- Re: ecryptfs-setup-private nitpick Michael Samuel (Jul 23)
- Re: ecryptfs-setup-private nitpick Michael Samuel (Jul 23)
- Re: ecryptfs-setup-private nitpick Dustin Kirkland (Jul 23)
- Re: ecryptfs-setup-private nitpick Tyler Hicks (Jul 22)
- Re: LMS-2014-06-16-3: Libav LZO Don A. Bailey (Jul 22)
- [oCERT-2014-005] LPAR2RRD input sanitization errors Daniele Bianco (Jul 23)
- [CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 23)
- Re: [CVE request] Array allocation fixes in libgfortran cve-assign (Jul 23)
- Re: Re: [CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 31)
- Re: [CVE request] Array allocation fixes in libgfortran cve-assign (Jul 23)
- CVE request: kernel: vfs: refcount issues during unmount on symlink Vasily Averin (Jul 23)
- Re: CVE request: kernel: vfs: refcount issues during unmount on symlink cve-assign (Jul 23)
- CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Hanno Böck (Jul 24)
- CVE request Linux Kernel: net: SCTP: NULL pointer dereference P J P (Jul 24)
- Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign (Jul 25)
- Re: Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference Daniel Borkmann (Jul 26)
- Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign (Jul 25)
- CVE request: WordPress plugin vitamin traversal arbitrary file access Henri Salo (Jul 24)
- Re: CVE request: WordPress plugin vitamin traversal arbitrary file access cve-assign (Jul 28)
- Duplicated CVE - Cacti XSS Adan Alvarez (Jul 24)
- Re: Duplicated CVE - Cacti XSS cve-assign (Jul 24)
- Re: Duplicated CVE - Cacti XSS Adan Alvarez (Jul 24)
- Re: Duplicated CVE - Cacti XSS cve-assign (Jul 24)
- rsync vulnerable to collisions Michael Samuel (Jul 27)
- Re: rsync vulnerable to collisions Loganaden Velvindron (Jul 28)
- CVE Request: tboot failing to measure commandline parameters Marcus Meissner (Jul 29)
- Re: CVE Request: tboot failing to measure commandline parameters cve-assign (Jul 30)
- CVE-2014-3554: libndp buffer overflow Murray McAllister (Jul 29)
- Subscribtion request to linux-distros Martin Schwidefsky (Jul 29)
- Re: Subscribtion request to linux-distros Solar Designer (Jul 29)
- Re: Subscribtion request to linux-distros Kurt Seifried (Sep 02)
- Re: Subscribtion request to linux-distros Martin Schwidefsky (Sep 03)
- Re: Subscribtion request to linux-distros Kurt Seifried (Sep 02)
- Re: Subscribtion request to linux-distros Solar Designer (Jul 29)
- CVE-2014-3120 ElasticSearch Henri Salo (Jul 30)
- CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Henri Salo (Jul 30)
- CVE-2014-5117 - Tor before 0.2.4.23 RELAY_EARLY issue cve-assign (Jul 30)
- CVE Request: dhcpcd DoS attack Roy Marples (Jul 30)
- Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand (Sep 01)
- Re: CVE Request: dhcpcd DoS attack Florian Weimer (Sep 01)
- Re: CVE Request: dhcpcd DoS attack cve-assign (Sep 01)
- Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand (Sep 01)
- CVE request for Drupal contributed modules Forest Monsen (Jul 30)
- Re: CVE request for Drupal contributed modules cve-assign (Jul 30)
- CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Jul 30)
- Re: CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Aug 01)
- Re: CVE Request: XML-DT: Insecure use of temporary files cve-assign (Aug 15)
- Re: CVE Request: XML-DT: Insecure use of temporary files Alberto Simoes (Aug 15)
- CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler Stefan Cornelius (Jul 31)
- Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso (Jul 31)
- Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Chris Steipp (Jul 31)
- Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso (Aug 01)
- Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 cve-assign (Aug 14)
- Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Chris Steipp (Jul 31)
- CVE Request: Enforce use of HTTPS for MathJax in IPython Kyle Kelley (Jul 31)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 02)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 02)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Kurt Seifried (Aug 02)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 03)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 03)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 05)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 02)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 03)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 02)
- Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 02)
- Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner (Aug 01)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel (Aug 04)
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
- <Possible follow-ups>
- Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 05)
- Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
- CVE request: xcfa: Insecure use of temporary files, subject to race conditions Salvatore Bonaccorso (Aug 01)
- CVE Request -- qemu: missing field list terminator in vmstate_xhci_event Petr Matousek (Aug 04)
- <Possible follow-ups>
- Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event cve-assign (Aug 15)
- Apache Cordova 3.5.1 Marcel Kinard (Aug 04)
- CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 04)
- Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker (Aug 05)
- Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 07)
- Re: CVE request: issues in ISO C++ 2011 regex library Maksymilian A (Aug 10)
- Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 07)
- Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker (Aug 05)
- [CVE Requests] rsync and librsync collisions Michael Samuel (Aug 04)
- Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Aug 04)
- Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Aug 04)
- Re: [CVE Requests] rsync and librsync collisions Murray McAllister (Sep 08)
- Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Sep 08)
- Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 08)
- Re: [CVE Requests] rsync and librsync collisions cve-assign (Sep 12)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 15)
- Re: Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Sep 15)
- Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 17)
- Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Sep 08)
- Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Aug 04)
- CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Aug 05)
- Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Aug 14)
- <Possible follow-ups>
- Re: CVE request for vulnerability in OpenStack Keystone Kurt Seifried (Aug 14)
- CVE request for Drupal core, and contributed modules Forest Monsen (Aug 06)
- Re: CVE request for Drupal core, and contributed modules cve-assign (Aug 16)
- WordPress 3.9.2 release - needs CVE's Kurt Seifried (Aug 06)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 13)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 13)
- GetID3 CVE-2014-2053 XXE issue [was Re: [oss-security] WordPress 3.9.2 release - needs CVE's] Murray McAllister (Aug 14)
- Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
- Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)
- CVE-2014-3562: Vulnerability in 389-ds Vincent Danen (Aug 07)
- BadUSB discussion Dan Carpenter (Aug 08)
- Re: BadUSB discussion Florian Weimer (Aug 08)
- Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Eddie Chapman (Aug 08)
- Re: BadUSB discussion lazytyped (Aug 09)
- Re: BadUSB discussion Dean Pierce (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion (GalaxyMaster) (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Vincent Lefevre (Aug 14)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
- Re: BadUSB discussion John Haxby (Aug 08)
- Re: BadUSB discussion Rich Felker (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
- Re: BadUSB discussion Willy Tarreau (Aug 09)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion (GalaxyMaster) (Aug 08)
- Re: BadUSB discussion gremlin (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Greg KH (Aug 08)
- Re: BadUSB discussion Kurt Seifried (Aug 09)
- Re: BadUSB discussion Florian Weimer (Aug 08)
- CVE request: libgcrypt, ELGAMAL side-channel attack Murray McAllister (Aug 10)
- Re: CVE request: libgcrypt, ELGAMAL side-channel attack cve-assign (Aug 15)
- CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure Salvatore Bonaccorso (Aug 11)
- Apache Cordova 3.5.1: CVE-2014-3502 update Marcel Kinard (Aug 11)
- [oCERT-2014-006] Ganeti insecure archive permission Andrea Barisani (Aug 12)
- Re: [oCERT-2014-006] Ganeti insecure archive permission cve-assign (Aug 14)
- Xen Security Advisory 102 (CVE-2014-5147) - Flaws in handling traps from 32-bit userspace on 64-bit ARM Xen . org security team (Aug 12)
- Xen Security Advisory 103 (CVE-2014-5148) - Flaw in handling unknown system register access from 64-bit userspace on ARM Xen . org security team (Aug 12)
- Xen Security Advisory 97 (CVE-2014-5146,CVE-2014-5149) - Long latency virtual-mmu operations are not preemptible Xen . org security team (Aug 12)
- CVE id request: cacti remote code execution and SQL injection Nico Golde (Aug 12)
- Re: CVE id request: cacti remote code execution and SQL injection Murray McAllister (Aug 14)
- Re: CVE id request: cacti remote code execution and SQL injection Nico Golde (Aug 15)
- Re: CVE id request: cacti remote code execution and SQL injection cve-assign (Aug 16)
- Re: CVE id request: cacti remote code execution and SQL injection Murray McAllister (Aug 14)
- CVE Request: ro bind mount bypass using user namespaces Kenton Varda (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 13)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces cve-assign (Aug 12)
- Re: CVE Request: ro bind mount bypass using user namespaces Kenton Varda (Aug 13)
- Re: CVE Request: ro bind mount bypass using user namespaces Yves-Alexis Perez (Aug 13)
- Re: CVE Request: ro bind mount bypass using user namespaces Sven Kieske (Aug 13)
- <Possible follow-ups>
- Re: CVE Request: ro bind mount bypass using user namespaces Vitaly Nikolenko (Aug 14)
- Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
- CVE request: FFmpeg issues Piotr Bandurski (Aug 14)
- Re: CVE request: FFmpeg issues cve-assign (Aug 16)
- CVE request for accountsservice local encrypted password disclosure flaw Vincent Danen (Aug 15)
- Re: CVE request for accountsservice local encrypted password disclosure flaw cve-assign (Aug 16)
- [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253) Tristan Cacqueray (Aug 15)
- FreeNAS default blank password Kurt Seifried (Aug 16)
- Re: FreeNAS default blank password Kurt Seifried (Aug 16)
- Re[2]: FreeNAS default blank password Dolev Farhi (Aug 17)
- Re: FreeNAS default blank password devzero2000 (Aug 17)
- Re: FreeNAS default blank password Kurt Seifried (Aug 17)
- Re: FreeNAS default blank password cve-assign (Aug 19)
- Re: Re: FreeNAS default blank password Pierre Schweitzer (Aug 19)
- Re: FreeNAS default blank password Kurt Seifried (Aug 16)
- Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Noel Kuntze (Aug 17)
- Re: Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Pedro Cunha (Aug 18)
- Re: Enigmail warning Henri Salo (Aug 17)
- Re: Enigmail warning Jerome Athias (Aug 18)
- Re: Enigmail warning Nick Boyce (Aug 18)
- RE: Enigmail warning securitylists (Aug 19)
- Re: Enigmail warning Guilherme Andrade (Aug 20)
- RE: Enigmail warning securitylists (Aug 19)
- Re: Enigmail warning cve-assign (Aug 21)
- Re: Enigmail warning Noel Kuntze (Aug 17)
- CVE request / advisory: Monkey web server <= v1.5.2 Matthew Daley (Aug 18)
- Re: CVE request / advisory: Monkey web server <= v1.5.2 cve-assign (Aug 19)
- CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik (Aug 18)
- [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França (Aug 18)
- Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Kurt Seifried (Aug 18)
- Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França (Aug 18)
- [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato (Aug 19)
- CVE request: WordPress plugin wp-source-control remote path traversal file access Henri Salo (Aug 19)
- incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress Marcus Meissner (Aug 19)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Aug 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
- [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594) Tristan Cacqueray (Aug 19)
- CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack David Jorm (Aug 19)
- CVE Request: Multiple issues in com.ning:async-http-client Arun Babu Neelicattu (Aug 20)
- Re: CVE Request: Multiple issues in com.ning:async-http-client cve-assign (Aug 25)
- CVE request: possible overflow in vararg functions Murray McAllister (Aug 20)
- Re: CVE request: possible overflow in vararg functions Murray McAllister (Aug 20)
- Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Murray McAllister (Aug 20)
- Re: CVE request: possible overflow in vararg functions Florian Weimer (Aug 21)
- Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign (Aug 25)
- Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Florian Weimer (Aug 26)
- Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign (Aug 26)
- Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign (Aug 25)
- Re: CVE request: possible overflow in vararg functions Murray McAllister (Aug 20)
- SaltStack 2014.1.10 released C. R. Oldham (Aug 21)
- Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
- Re: SaltStack 2014.1.10 released gremlin (Aug 21)
- Re: SaltStack 2014.1.10 released Aaron Toponce (Aug 21)
- Re: SaltStack 2014.1.10 released gremlin (Aug 21)
- Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
- Re: SaltStack 2014.1.10 released Kristian Fiskerstrand (Aug 21)
- Re: SaltStack 2014.1.10 released Phil Pennock (Aug 21)
- Re: SaltStack 2014.1.10 released Nick Boyce (Aug 21)
- Re: SaltStack 2014.1.10 released Rylee Fowler (Aug 21)
- Re: SaltStack 2014.1.10 released gremlin (Aug 21)
- Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
- [OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356) Tristan Cacqueray (Aug 21)
- Revised: Salt 2014.1.10 released C. R. Oldham (Aug 21)
- CVE request Qemu: out of bounds memory access P J P (Aug 22)
- Re: CVE request Qemu: out of bounds memory access cve-assign (Aug 22)
- FYI, change to Secunia vuln db EULA ken (Aug 22)
- <Possible follow-ups>
- Re: FYI, change to Secunia vuln db EULA ken (Aug 23)
- Re: Re: FYI, change to Secunia vuln db EULA Rich Felker (Aug 23)
- CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability Henri Salo (Aug 24)
- CVE request: Multiple incorrect default permissions in Zarafa Robert Scheck (Aug 24)
- Re: CVE request: Multiple incorrect default permissions in Zarafa cve-assign (Aug 25)
- CVE-2014-5119 glibc __gconv_translit_find() exploit Tavis Ormandy (Aug 25)
- CVE request: php-pear, pear's insecure /tmp/ use for cache data Murray McAllister (Aug 25)
- Re: CVE request: php-pear, pear's insecure /tmp/ use for cache data cve-assign (Aug 26)
- CVE Request: Linux Kernel unbound recursion in ISOFS Marcus Meissner (Aug 26)
- Re: CVE Request: Linux Kernel unbound recursion in ISOFS cve-assign (Aug 26)
- XRMS SQLi to RCE 0day Benjamin Harris (Aug 27)
- Re: XRMS SQLi to RCE 0day cve-assign (Aug 29)
- PHP-Wiki Command Injection Benjamin Harris (Aug 27)
- Re: PHP-Wiki Command Injection cve-assign (Aug 29)
- Open Source only? Solar Designer (Aug 27)
- Re: Open Source only? Kurt Seifried (Aug 27)
- Re: Open Source only? Hanno Böck (Aug 27)
- Re: Open Source only? Joe MacDonald (Sep 03)
- Re: Open Source only? Tim (Aug 27)
- Re: Open Source only? Tomas Hoger (Sep 03)
- Re: Open Source only? Kurt Seifried (Aug 27)
- CVE-2014-0485: unsafe Python pickle in s3ql Florian Weimer (Aug 27)
- Zarafa WebApp < 1.6 affected by CVE-2010-4207 or CVE-2012-5881 Robert Scheck (Aug 28)
- Full disclosure: denial of service in srvx Pierre Schweitzer (Aug 28)
- Re: Full disclosure: denial of service in srvx cve-assign (Aug 29)
- Re: Full disclosure: denial of service in srvx Pierre Schweitzer (Sep 22)
- Re: Full disclosure: denial of service in srvx cve-assign (Aug 29)
- CVE request: glibc character set conversion from IBM code pages Florian Weimer (Aug 29)
- Re: CVE request: glibc character set conversion from IBM code pages cve-assign (Sep 01)
- CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files Salvatore Bonaccorso (Aug 29)
- RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) Nicolas Guigo (Aug 29)
- Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) cve-assign (Sep 02)
- Fwd: ezmlm warning Jorge Manuel B. S. Vicetto (Aug 30)
- Re: Fwd: ezmlm warning Jeremy Stanley (Aug 31)
- CVE-2014-3565, net-snmp: snmptrapd crash Murray McAllister (Aug 31)
- gpg blindly imports keys from keyserver responses Thijs Kinkhorst (Sep 01)
- Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand (Sep 01)
- Re: gpg blindly imports keys from keyserver responses mancha (Sep 01)
- Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand (Sep 01)
- Re: gpg blindly imports keys from keyserver responses mancha (Sep 01)
- Re: gpg blindly imports keys from keyserver responses Werner Koch (Sep 01)
- Re: gpg blindly imports keys from keyserver responses mancha (Sep 01)
- Re: gpg blindly imports keys from keyserver responses Daniel Kahn Gillmor (Sep 01)
- Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand (Sep 01)
- CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 01)
- Re: CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 14)
- Re: CVE assignment for c-icap Server cve-assign (Sep 15)
- CVE request: V8 Memory Corruption and Stack Overflow Tomas Hoger (Sep 03)
- Re: CVE request: V8 Memory Corruption and Stack Overflow - Node.js cve-assign (Sep 04)
- CVE request: TYPO3-EXT-SA-2014-10 Henri Salo (Sep 03)
- Re: CVE request: TYPO3-EXT-SA-2014-10 cve-assign (Sep 04)
- CVE request for nodejs/v8 Vincent Danen (Sep 03)
- Re: CVE request for nodejs/v8 Vincent Danen (Sep 03)
- heap overflow in procmail Tavis Ormandy (Sep 03)
- Re: heap overflow in procmail Kurt Seifried (Sep 03)
- Re: heap overflow in procmail cve-assign (Sep 03)
- RE: heap overflow in procmail Christey, Steven M. (Sep 03)
- Re: heap overflow in procmail Michal Zalewski (Sep 03)
- Re: heap overflow in procmail Kurt Seifried (Sep 04)
- Re: heap overflow in procmail Kurt Seifried (Sep 04)
- Re: heap overflow in procmail Rich Felker (Sep 03)
- Re: heap overflow in procmail Tavis Ormandy (Sep 03)
- Re: Re: heap overflow in procmail Rich Felker (Sep 04)
- Re: Re: heap overflow in procmail Tavis Ormandy (Sep 04)
- Re: heap overflow in procmail Tavis Ormandy (Sep 03)
- <Possible follow-ups>
- Re: heap overflow in procmail Jack Frosch (Sep 05)
- Re: Re: heap overflow in procmail Simon McVittie (Sep 05)
- Re: heap overflow in procmail Kurt Seifried (Sep 03)
- RFC: Denial of Service in XCache? Pierre Schweitzer (Sep 04)
- CVE request: TYPO3-EXT-SA-2014-006 Henri Salo (Sep 04)
- Re: TYPO3 extensions cve-assign (Sep 11)
- CVE request: TYPO3-EXT-SA-2014-005 Henri Salo (Sep 05)
- CVE request: TYPO3-EXT-SA-2014-003 Henri Salo (Sep 05)
- CVE request: TYPO3-EXT-SA-2014-001 Henri Salo (Sep 05)
- CVE request: TYPO3-EXT-SA-2014-002 Henri Salo (Sep 05)
- CVE request: TYPO3-EXT-SA-2013-014 Henri Salo (Sep 05)
- CVE request: /tmp file vulnerability in ace Helmut Grohne (Sep 07)
- Re: CVE request: /tmp file vulnerability in ace cve-assign (Sep 11)
- Re: CVE request: /tmp file vulnerability in ace Helmut Grohne (Sep 12)
- Re: CVE request: /tmp file vulnerability in ace cve-assign (Sep 12)
- Re: CVE request: /tmp file vulnerability in ace Helmut Grohne (Sep 12)
- Re: CVE request: /tmp file vulnerability in ace cve-assign (Sep 11)
- Python robotframework - tmp vuln Kurt Seifried (Sep 07)
- Re: Python robotframework - tmp vuln Kurt Seifried (Sep 07)
- Re: Python robotframework - tmp vuln coderman (Sep 07)
- Re: Python robotframework - tmp vuln cve-assign (Sep 08)
- Re: Python robotframework - tmp vuln Kurt Seifried (Sep 08)
- Re: Re: Python robotframework - tmp vuln Mikko Korpela (Sep 08)
- Re: Python robotframework - tmp vuln cve-assign (Sep 08)
- Re: Python robotframework - tmp vuln Kurt Seifried (Sep 08)
- <Possible follow-ups>
- RE: Python robotframework - tmp vuln Mikko Korpela (Sep 08)
- Re: Python robotframework - tmp vuln Kurt Seifried (Sep 07)
- CVE-2014-3615 Qemu: information leakage when guest sets high resolution P J P (Sep 08)
- Confusion around gksu & CVE-2014-2943 Alan Coopersmith (Sep 08)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 12)
- Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 17)
- ioflo tmp vuln Kurt Seifried (Sep 08)
- Re: ioflo tmp vuln cve-assign (Sep 11)
- pinocchio tmp vuln Kurt Seifried (Sep 08)
- Re: pinocchio tmp vuln David Jorm (Sep 08)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Steve Kemp (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Henri Salo (Sep 09)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 09)
- Re: pinocchio tmp vuln Donald Stufft (Sep 11)
- Re: pinocchio tmp vuln John Haxby (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln John Haxby (Sep 11)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 11)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln David Jorm (Sep 08)
- headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools Kurt Seifried (Sep 08)
- vos tmp vuln Kurt Seifried (Sep 08)
- Re: vos tmp vuln cve-assign (Sep 11)
- luigi tmp vuln Kurt Seifried (Sep 08)
- CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
- Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)
- Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)
- Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)
- CVE-Request: squid snmp off-by-one Sebastian Krahmer (Sep 09)
- Re: CVE-Request: squid snmp off-by-one cve-assign (Sep 09)
- Xen Security Advisory 107 - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team (Sep 09)
- CVE Request: haproxy read out of bounds Willy Tarreau (Sep 09)
- Re: CVE Request: haproxy read out of bounds cve-assign (Sep 09)
- CVE request for select() buffer overrun in CHICKEN Scheme on the Android platform Moritz Heidkamp (Sep 10)
- CVE Request: MySQL: MyISAM temporary file issue Salvatore Bonaccorso (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Marc Deslauriers (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Henri Salo (Sep 16)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Loganaden Velvindron (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
- Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
- Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)
- photini tmp vuln Kurt Seifried (Sep 11)
- pscripts tmp vuln leading to possible code exec Kurt Seifried (Sep 11)
- Re: CVE Request: static IV used in Percona XtraBackup Florian Weimer (Sep 11)
- Xen Security Advisory 107 (CVE-2014-6268) - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team (Sep 11)
- Multiple Linux USB driver CVE assignment Ben Hawkes (Sep 11)
- Re: Multiple Linux USB driver CVE assignment Ben Hawkes (Sep 11)
- CVE request: automake: insecure use of /tmp in install-sh Vasyl Kaigorodov (Sep 12)
- PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer (Sep 12)
- Re: PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer (Sep 12)
- CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 12)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign (Sep 12)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 13)
- Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign (Sep 12)
- CVE request Linux kernel: net: guard tcp_set_keepalive against crash P J P (Sep 15)
- Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash cve-assign (Sep 15)
- CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs Loganaden Velvindron (Sep 15)
- CVE Request: libceph auth token overflow Marcus Meissner (Sep 15)
- Re: CVE Request: libceph auth token overflow / Linux kernel cve-assign (Sep 15)
- CVE request for vulnerability in OpenStack Neutron Grant Murphy (Sep 15)
- Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Sep 15)
- CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 Simon McVittie (Sep 16)
- [OSSA 2014-029] Configuration option leak through Keystone catalog (CVE-2014-3621) Tristan Cacqueray (Sep 16)
- Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu (Sep 16)
- CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Raphael Geissert (Sep 17)
- Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon / Linux kernel cve-assign (Sep 21)
- Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P (Sep 22)
- Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Moritz Muehlenhoff (Sep 22)
- Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P (Sep 22)
- Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Moritz Muehlenhoff (Sep 22)
- CVE request for vulnerability in OpenStack keystonemiddleware Grant Murphy (Sep 17)
- Re: CVE request for vulnerability in OpenStack keystonemiddleware cve-assign (Sep 21)
- Twisted Security Issue Alex Gaynor (Sep 17)
- Re: Twisted Security Issue cve-assign (Sep 21)
- CVE ID Syntax Change - Deadline Approaching Christey, Steven M. (Sep 17)
- python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect Jakub Wilk (Sep 19)
- CVE-2014-3653 Foreman: XSS flaw on template preview screen Murray McAllister (Sep 22)
- Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram Xen . org security team (Sep 23)
- Re: Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram cve-assign (Sep 23)
- Xen Security Advisory 106 - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team (Sep 23)
- Xen Security Advisory 105 - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team (Sep 23)
- CVE Request: Python 2.7 mancha (Sep 23)
- Re: CVE Request: Python 2.7 cve-assign (Sep 25)
- Multiple issues in libVNCserver Nicolas RUFF (Sep 23)
- CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 23)
- Re: CVE request: various NodeJS module vulnerabilities cve-assign (Sep 29)
- <Possible follow-ups>
- CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 28)
- Xen Security Advisory 106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team (Sep 24)
- Xen Security Advisory 105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team (Sep 24)
- CVE request: multiple issues in libupnp Vasyl Kaigorodov (Sep 24)
- Xen Security Advisory 104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram Xen . org security team (Sep 24)
- [CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected André Arko (Sep 24)
- CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Henri Salo (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Alexander E. Patrakov (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Tim (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Rich Felker (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash mancha (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Pierre Schweitzer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash David A. Wheeler (Sep 26)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 29)
- Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 28)
- Healing the bash fork (was: Re: [oss-security] CVE-2014-6271: remote code execution through bash) Florian Weimer (Sep 29)
- Re: Healing the bash fork Eric Blake (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Tavis Ormandy (Sep 29)
- Re: Healing the bash fork David A. Wheeler (Sep 29)
- Re: Healing the bash fork John Haxby (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Chet Ramey (Sep 29)
- Re: Healing the bash fork gremlin (Sep 29)
- Re: Healing the bash fork Florian Weimer (Sep 30)
- Re: Healing the bash fork Gennady Kupava (Sep 30)
- Re: Healing the bash fork gremlin (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Michal Zalewski (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Re: Healing the bash fork Todd C. Miller (Sep 29)
- atd (was: Re: [oss-security] Re: Healing the bash fork) Seth Arnold (Sep 29)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Christos Zoulas (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Tavis Ormandy (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Anthony Liguori (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash John Haxby (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash John Haxby (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
- Message not available
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Alexandre Dulaunoy (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Larry W. Cashdollar (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
- Re: CVE-2014-6271: remote code execution through bash Dwayne Litzenberger (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 26)
- Re: nss RSA forgery (CVE-2014-1568) Marcus Meissner (Sep 24)
- Re: nss RSA forgery (CVE-2014-1568) Yves-Alexis Perez (Sep 25)
- Re: nss RSA forgery (CVE-2014-1568) Nick Semenkovich (Sep 24)
- Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
- Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
- Re: CVE-2014-6271 first patch and remote exploit via CGI Michal Zalewski (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 25)
- Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 25)
- Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 25)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
- Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 26)
- Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
- Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 27)
- Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
- Re: Fwd: Non-upstream patches for bash Steve Jones (Sep 27)
- Re: Fwd: Non-upstream patches for bash Michael Samuel (Sep 28)
- Re: Fwd: Non-upstream patches for bash Sven Kieske (Sep 28)
- Re: [langsec-discuss] [oss-security] Fwd: Non-upstream patches for bash Paul Burchard (Sep 29)
- Re: Fwd: Non-upstream patches for bash Bernhard Hermann (Sep 29)
- Re: Fwd: Non-upstream patches for bash Ed Prevost (Sep 29)
- Re: Fwd: Non-upstream patches for bash Jakub Wilk (Sep 29)
- Re: Fwd: Non-upstream patches for bash cve-assign (Sep 29)
- Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 29)
- Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
- Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)
- Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)
- Re: [security-vendor] Re: [oss-security] Fwd: Non-upstream patches for bash Mark Hatle (Sep 26)
- Re: Fwd: Non-upstream patches for bash cve-assign (Sep 25)
- Re: Fwd: Non-upstream patches for bash Hanno Böck (Sep 26)
- Re: Non-upstream patches for bash Ángel González (Sep 26)
- Re: Re: Non-upstream patches for bash John Haxby (Sep 26)
- Re: Re: Non-upstream patches for bash Ángel González (Sep 26)
- Re: Re: Non-upstream patches for bash John Haxby (Sep 26)
- Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Florian Weimer (Sep 29)
- Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric (Sep 29)
- Re: Array importing in bash 4.3 Florian Weimer (Sep 29)
- Re: Array importing in bash 4.3 Kobrin, Eric (Sep 29)
- Re: Array importing in bash 4.3 Chet Ramey (Sep 29)
- Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric (Sep 29)
- <Possible follow-ups>
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Hanno Böck (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Florian Weimer (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) John Haxby (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bernhard Hermann (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 26)
- Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 26)
- Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 28)
- Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost (Sep 29)
- RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi (Sep 29)
- Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle (Sep 29)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 27)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 27)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Guido Berhoerster (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) John Haxby (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Simon McVittie (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 27)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried (Sep 26)
- Re: CVE Request: Go crypto/tls vulnerability cve-assign (Sep 26)
- Re: CVE request: zeromq cve-assign (Sep 26)
- Re: CVE request: TYPO3-EXT-SA-2014-012 cve-assign (Sep 26)
- Re: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file cve-assign (Sep 29)
- Re: test script for various bash vulns Daniel Calvo Castro (Sep 29)
- Re: binary-patching bash Solar Designer (Sep 28)
- Re: binary-patching bash Solar Designer (Sep 29)
- Re: CVE request: QNAP QTS cve-assign (Sep 29)
- Re: Pylint checks not as static as one would think cve-assign (Sep 29)
- Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove cve-assign (Sep 29)
- <Possible follow-ups>
- Re: Healing the bash fork Sven Kieske (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Sebastian Krahmer (Sep 30)
- Re: Healing the bash fork John Haxby (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: Healing the bash fork Rich Felker (Sep 30)
- Re: Healing the bash fork Kobrin, Eric (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Simon McVittie (Sep 30)
- Re: Healing the bash fork Mark R Bannister (Sep 30)
- Re: Healing the bash fork Tavis Ormandy (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: Healing the bash fork Zach Wikholm (Sep 30)
- Re: Healing the bash fork David A. Wheeler (Sep 30)
- Re: Healing the bash fork Michal Zalewski (Sep 30)
- Re: Healing the bash fork Stuart D. Gathman (Sep 30)
- Re: Healing the bash fork Martin Carpenter (Sep 30)
- Re: Healing the bash fork Ed Prevost (Sep 30)
- Re: vulnerability in rsyslog Sven Kieske (Sep 30)
- Re: vulnerability in rsyslog Solar Designer (Sep 30)
- Re: vulnerability in rsyslog Rainer Gerhards (Sep 30)
- Re: vulnerability in rsyslog Solar Designer (Sep 30)