oss-sec: by thread
1068 messages
starting Dec 31 14 and
ending Mar 31 15
Date index |
Thread index |
Author index
- Re: CVE Request: PHP: out of bounds read crashes php-cgi Stanislav Malyshev (Dec 31)
- Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign (Jan 02)
- Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel Salvatore Bonaccorso (Dec 31)
- CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Dec 31)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Jan 16)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Jan 17)
- <Possible follow-ups>
- CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso (Feb 18)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Feb 18)
- Re: Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Michael Gilbert (Feb 18)
- Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign (Feb 18)
- Re: cve request: miniunzip directory traversal Alexander Cherepanov (Jan 01)
- <Possible follow-ups>
- Re: cve request: miniunzip directory traversal cve-assign (Jan 03)
- CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 01)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 07)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop cve-assign (Jan 07)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 07)
- Re: Imagemagick fuzzing bug Bastien ROUCARIES (Jan 01)
- <Possible follow-ups>
- Re: Imagemagick fuzzing bug Yury German (Jan 17)
- CVE request: Concrete5 XSS vulnerability Henri Salo (Jan 02)
- Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto (Jan 05)
- Re: CVE request: Concrete5 XSS vulnerability Henri Salo (Jan 05)
- Re: CVE request: Concrete5 XSS vulnerability Simo Ben youssef (Jan 05)
- Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto (Jan 05)
- Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto (Jan 05)
- Possible "new" CVE for Zoo directory traversal Kurt Seifried (Jan 02)
- CVE requests: Drupal contributed modules Pere Orga (Jan 02)
- Re: CVE requests: Drupal contributed modules cve-assign (Jan 03)
- Re: 2012 CVE request: XXE in nokogiri ruby gem David Jorm (Jan 02)
- Re: Re: 2012 CVE request: XXE in nokogiri ruby gem Steven M. Christey (Jan 05)
- CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Salvatore Bonaccorso (Jan 02)
- Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Steven M. Christey (Jan 05)
- CVE Request -- Contenido 4.9.x - 4.9.5 -- Reflecting XSS vulnerability in exception handler with deactivated AMR function Steffen Rösemann (Jan 03)
- CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities Steffen Rösemann (Jan 03)
- Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities cve-assign (Jan 05)
- Re: CVE request: file(1) DoS Alexander Cherepanov (Jan 03)
- Re: CVE request: file(1) DoS Marc Deslauriers (Jan 16)
- Re: CVE request: file(1) DoS Alexander Cherepanov (Jan 16)
- Re: CVE request: file(1) DoS cve-assign (Jan 17)
- Re: CVE request: file(1) DoS jmm (Jan 16)
- Re: CVE request: file(1) DoS Alexander Cherepanov (Jan 16)
- Re: CVE request: file(1) DoS Marc Deslauriers (Jan 16)
- Re: CVE request: dir traversal in elfutils cve-assign (Jan 03)
- Re: CVE request: dir traversal in elfutils Vasyl Kaigorodov (Jan 06)
- Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp cve-assign (Jan 03)
- Re: parse_datetime() bug in coreutils cve-assign (Jan 03)
- Re: CVE request: mpfr: buffer overflow in mpfr_strtofr cve-assign (Jan 03)
- Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 cve-assign (Jan 03)
- Re: CVE Request, Use after free vulnerability in Dwarfdump cve-assign (Jan 03)
- Re: CVE request for emacs possibly cve-assign (Jan 03)
- cve request: insecure temporary file usage - xbindkeys-config Steve Kemp (Jan 03)
- Re: cve request: insecure temporary file usage - xbindkeys-config Steven M. Christey (Jan 05)
- Re: CVE request: XSS issues in Koha cve-assign (Jan 03)
- Re: Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 cve-assign (Jan 03)
- Re: CVE Request cve-assign (Jan 03)
- <Possible follow-ups>
- CVE request Daniel Strøm (Jan 08)
- Re: CVE request cve-assign (Jan 11)
- Re: CVE request Daniel Strøm (Jan 11)
- Re: CVE request cve-assign (Jan 11)
- CVE request Galen Charlton (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)
- Re: CVE request - Evergreen Galen Charlton (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)
- Re: CVE request - Evergreen cve-assign (Mar 03)
- Re: CVE Request for illumos distributions cve-assign (Jan 03)
- Re: CVE Request for illumos distributions Christos Zoulas (Jan 03)
- Re: CVE Request for illumos distributions Joshua Rogers (Jan 03)
- Re: CVE Request for illumos distributions Dave Horsfall (Jan 03)
- Re: CVE Request for illumos distributions gremlin (Jan 03)
- Re: CVE Request for illumos distributions Alan Coopersmith (Jan 04)
- Re: CVE Request for illumos distributions Marcus Meissner (Jan 04)
- Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)
- Re: CVE Request for illumos distributions Steven M. Christey (Jan 04)
- Re: CVE Request for illumos distributions Christos Zoulas (Jan 03)
- Re: CVE request: denial of service flaw in firebird cve-assign (Jan 03)
- Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso (Jan 03)
- Re: CVE request: denial of service flaw in firebird Vincent Danen (Jan 05)
- Re: CVE request: denial of service flaw in firebird cve-assign (Jan 05)
- Re: CVE request: denial of service flaw in firebird Vincent Danen (Jan 05)
- Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso (Jan 03)
- Re: [grant.murphy () hp com: [oss-security] CVE request for vulnerability in OpenStack Glance] cve-assign (Jan 03)
- Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server cve-assign (Jan 03)
- Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign (Jan 03)
- Re: CVE Request: libpng 1.6.15 Heap Overflow endeavor (Jan 09)
- Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign (Jan 10)
- Re: CVE Request: libpng 1.6.15 Heap Overflow endeavor (Jan 09)
- Re: Re: CVE Request: libsndfile buffer overread cve-assign (Jan 03)
- Re: mpg123 CVE Assignment? cve-assign (Jan 03)
- Fwd: Re: CVE Request Question Joshua Rogers (Jan 03)
- 【Vulnerability Report 】 - from QIHU 360 China 罗大龙 (Jan 03)
- CVE Request: gcab: directory traversal Salvatore Bonaccorso (Jan 04)
- Re: CVE Request: gcab: directory traversal cve-assign (Jan 05)
- Assignment of CVE IDs with 5 or more digits by January 13, 2015 Steven M. Christey (Jan 04)
- Re: Assignment of CVE IDs with 5 or more digits by January 13, 2015 Kurt Seifried (Jan 04)
- CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie (Jan 05)
- Re: CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Kurt Seifried (Jan 05)
- <Possible follow-ups>
- CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie (Jan 05)
- Announcing D-Bus 1.8.14 Simon McVittie (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 cve-assign (Jan 05)
- Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Jan 06)
- <Possible follow-ups>
- Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff (Jan 05)
- [OSSA 2014-041.1] Glance v2 API unrestricted path traversal (CVE-2014-9493) ERRATA 1 Grant Murphy (Jan 05)
- CVE Revoke Joshua Rogers (Jan 05)
- CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley (Jan 06)
- Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley (Jan 21)
- Re: Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Moritz Muehlenhoff (Jan 24)
- Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley (Jan 21)
- Dublicate CVE assignment for directory traversal in elfutils? (CVE-2014-9486 and CVE-2014-9447) Salvatore Bonaccorso (Jan 06)
- Xen Security Advisory 116 (CVE-2015-0361) - xen crash due to use after free on hvm guest teardown Xen . org security team (Jan 06)
- Possible CVE request: python-pillow: potential denial-of-service in PNG decompression code Vasyl Kaigorodov (Jan 06)
- CVE-2014-9529 - Linux kernel security/keys/gc.c race condition cve-assign (Jan 06)
- CVE request Linux kernel: isofs: unchecked printing of ER records P J P (Jan 06)
- Re: CVE request Linux kernel: isofs: unchecked printing of ER records cve-assign (Jan 08)
- CVE-2012-5853 Henri Salo (Jan 06)
- CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 06)
- Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 17)
- Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper cve-assign (Feb 12)
- CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities Steffen Rösemann (Jan 06)
- Re: CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities cve-assign (Feb 13)
- CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend Steffen Rösemann (Jan 06)
- Re: CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend cve-assign (Feb 13)
- CVE request for directory traversal flaw in p7zip Vincent Danen (Jan 06)
- Re: CVE request for directory traversal flaw in p7zip cve-assign (Jan 11)
- unsubscribe mmcallis () redhat com Vincent Danen (Jan 06)
- Re: unsubscribe mmcallis () redhat com Vincent Danen (Jan 06)
- CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins Vasyl Kaigorodov (Jan 07)
- Directory traversals in cpio and friends? Alexander Cherepanov (Jan 07)
- Re: Directory traversals in cpio and friends? Florian Weimer (Jan 08)
- Re: Directory traversals in cpio and friends? Alexander Cherepanov (Jan 10)
- Re: Directory traversals in cpio and friends? Jakub Wilk (Jan 09)
- Re: Directory traversals in cpio and friends? Florian Weimer (Jan 08)
- CVE Request for Privoxy Version: 3.0.22 Yury German (Jan 07)
- Re: CVE Request for Privoxy Version: 3.0.22 cve-assign (Jan 10)
- CVE Request: PHP Joshua Rogers (Jan 08)
- Re: CVE Request: PHP Joshua Rogers (Jan 08)
- Re: CVE Request: PHP cve-assign (Jan 24)
- Re: CVE Request: PHP Joshua Rogers (Jan 24)
- Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)
- Re: Re: CVE Request: PHP Joshua Rogers (Jan 24)
- Re: CVE Request: PHP Joshua Rogers (Jan 24)
- [OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153) Tristan Cacqueray (Jan 08)
- CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities Steffen Rösemann (Jan 08)
- Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities cve-assign (Jan 11)
- CVE request: local privilege escalation flaw in Red Star OS 3.0 David Jorm (Jan 08)
- CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso (Jan 08)
- Re: CVE Request: kwallet: incorrect CBC encryption handling Marcus Meissner (Jan 08)
- Re: CVE Request: kwallet: incorrect CBC encryption handling Florian Weimer (Jan 09)
- Re: CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso (Jan 09)
- Re: CVE Request: kwallet: incorrect CBC encryption handling Albert Astals Cid (Jan 10)
- Re: CVE Request: kwallet: incorrect CBC encryption handling Marcus Meissner (Jan 08)
- CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hacker Fantastic (Jan 09)
- Re: PIE bypass using VDSO ASLR weakness - Linux kernel cve-assign (Jan 09)
- Re: PIE bypass using VDSO ASLR weakness - Linux kernel Andy Lutomirski (Jan 18)
- CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 09)
- Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad (Jan 10)
- Re: Re: CVE-2014-6316: URL redirection issue in MantisBT cve-assign (Jan 11)
- <Possible follow-ups>
- Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad (Mar 14)
- CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 Henri Salo (Jan 11)
- CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) Steffen Rösemann (Jan 12)
- CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend Steffen Rösemann (Jan 12)
- CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Heidkamp (Jan 12)
- Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Peter Bex (Jan 28)
- Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Muehlenhoff (Jan 28)
- Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Peter Bex (Jan 28)
- CVE request: pigz, kgb, pax: directory traversal Thijs Kinkhorst (Jan 12)
- Re: CVE request: pigz, kgb, pax: directory traversal cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 12)
- <Possible follow-ups>
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Jan 16)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Jan 18)
- CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 19)
- CVE request: httpd: IP address spoofing in mod_remoteip Vasyl Kaigorodov (Jan 13)
- Re: CVE request: httpd: IP address spoofing in mod_remoteip cve-assign (Jan 15)
- Re: Re: CVE request: httpd: IP address spoofing in mod_remoteip Amos Jeffries (Jan 15)
- Re: CVE request: httpd: IP address spoofing in mod_remoteip cve-assign (Jan 15)
- CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann (Jan 13)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor (Jan 15)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign (Feb 12)
- Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo (Jan 14)
- CVE request: lhasa: directory traversals Alexander Cherepanov (Jan 13)
- Re: CVE request: lhasa: directory traversals Henri Salo (Jan 14)
- Re: CVE request: lhasa: directory traversals Alexander Cherepanov (Jan 18)
- Re: CVE request: lhasa: directory traversals Henri Salo (Jan 14)
- CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not set for cookies with Jenkins on Tomcat Kurt Seifried (Jan 13)
- Node.js "serve-static" module Open Redirect Kurt Seifried (Jan 13)
- Re: Node.js "serve-static" module Open Redirect Adam Baldwin (Jan 14)
- Re: Node.js "serve-static" module Open Redirect cve-assign (Jan 17)
- Re: Node.js "serve-static" module Open Redirect Adam Baldwin (Jan 14)
- CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded Wade Mealing (Jan 13)
- CVE request: directory traversal flaw in patch Martin Prpic (Jan 14)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)
- Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 22)
- Re: CVE request: directory traversal flaw in patch Martin Prpic (Jan 20)
- Re: CVE request: directory traversal flaw in patch cve-assign (Jan 18)
- [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme Tristan Cacqueray (Jan 15)
- CVE Request: cpio -- directory traversal Alexander Cherepanov (Jan 15)
- Re: CVE Request: cpio -- directory traversal Lyndon Nerenberg (Jan 15)
- Re: CVE Request: cpio -- directory traversal Alexander Cherepanov (Jan 15)
- Re: CVE Request: cpio -- directory traversal cve-assign (Jan 18)
- Re: CVE Request: cpio -- directory traversal Vitezslav Cizek (Feb 02)
- Re: CVE Request: cpio -- directory traversal Alexander Cherepanov (Feb 05)
- Re: CVE Request: cpio -- directory traversal Lyndon Nerenberg (Jan 15)
- jar(1) -- directory traversal Alexander Cherepanov (Jan 15)
- CVE Request: ha -- directory traversals Alexander Cherepanov (Jan 15)
- Re: CVE Request: ha -- directory traversals cve-assign (Jan 18)
- CVE Request: ppmd -- directory traversals Alexander Cherepanov (Jan 15)
- Re: CVE Request: ppmd -- directory traversals cve-assign (Jan 18)
- CVE Request: pxz -- race condition in setting permissions Alexander Cherepanov (Jan 15)
- Re: CVE Request: pxz -- race condition in setting permissions cve-assign (Jan 18)
- CVE Request: libarchive -- directory traversal in bsdcpio Alexander Cherepanov (Jan 15)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Muehlenhoff (Feb 22)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio Alessandro Ghedini (Mar 05)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Mühlenhoff (Mar 05)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio Marcus Meissner (Mar 09)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio cve-assign (Mar 15)
- Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Muehlenhoff (Feb 22)
- KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 16)
- Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 21)
- Re: KDE Plasma vulnerabilities: need CVE cve-assign (Jan 22)
- Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid (Jan 22)
- CVE-2015-1042: URL redirection issue in MantisBT Damien Regad (Jan 16)
- CVE-2014-9571: XSS in install.php Damien Regad (Jan 16)
- CVE-2014-9573: SQL Injection in manage_user_page.php Damien Regad (Jan 16)
- CVE-2014-9572: Improper Access Control in install.php Damien Regad (Jan 16)
- CVE-2014-9571, -9572 and -9573 affect MantisBT Damien Regad (Jan 16)
- CVE request: CAPTCHA bypass in MantisBT Damien Regad (Jan 16)
- Re: CVE request: CAPTCHA bypass in MantisBT cve-assign (Jan 18)
- CVE-2005-2096 and gamera Raphael Geissert (Jan 17)
- [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings (Jan 17)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks James Morris (Jan 20)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler (Jan 20)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Stephen Smalley (Jan 21)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler (Jan 21)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Solar Designer (Jan 21)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings (Jan 21)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Josh Boyer (Feb 16)
- Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks James Morris (Jan 20)
- CVE request: grep heap buffer overrun Jim Meyering (Jan 18)
- Re: CVE request: grep heap buffer overrun cve-assign (Jan 22)
- Moodle security issues are now public Marina Glancy (Jan 18)
- New Apache Santuario security advisory CVE-2014-8152 Colm O hEigeartaigh (Jan 19)
- CVE Request: Webmin & Usermin - Read Mail Module Vulnerability Patrick William (Jan 19)
- Re: CVE Request: Webmin & Usermin - Read Mail Module Vulnerability cve-assign (Jan 27)
- CVE Request: Linux kernel information leak in event device handling Marcus Meissner (Jan 20)
- RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John (Jan 20)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Pavel Machek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek (Jan 21)
- Re: CVE Request: Linux kernel information leak in event device handling Moritz Muehlenhoff (Feb 24)
- RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John (Jan 20)
- [OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1 Tristan Cacqueray (Jan 20)
- Possible CVE request: sympa: vulnerability in the web interface Salvatore Bonaccorso (Jan 20)
- Re: Possible CVE request: sympa: vulnerability in the web interface cve-assign (Jan 22)
- Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi (Jan 20)
- Re: Vulnerabilities in VLC 2.1.5 cve-assign (Jan 20)
- Re: Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi (Jan 20)
- Re: Vulnerabilities in VLC 2.1.5 cve-assign (Jan 20)
- ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat Kurt Seifried (Jan 20)
- CVE Request: PHP int overflow Joshua Rogers (Jan 20)
- Re: CVE Request: PHP int overflow cve-assign (Jan 24)
- Re: CVE Request: Info-ZIP unzip 6.0 mancha (Jan 20)
- Re: CVE Request: Info-ZIP unzip 6.0 cve-assign (Jan 22)
- <Possible follow-ups>
- Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 mancha (Feb 11)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 11)
- Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls Xen . org security team (Jan 20)
- CVE request: two issues in vorbis-tools Martin Prpic (Jan 21)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 23)
- Re: CVE request: two issues in vorbis-tools Paris Z (Jan 23)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)
- Re: heap overflow in procmail Jakub Wilk (Jan 21)
- Re: heap overflow in procmail cve-assign (Jan 22)
- Re: heap overflow in procmail Jakub Wilk (Feb 12)
- Re: heap overflow in procmail Salvatore Bonaccorso (Feb 22)
- Re: heap overflow in procmail Jakub Wilk (Feb 12)
- Re: heap overflow in procmail Salvatore Bonaccorso (Feb 11)
- Re: heap overflow in procmail cve-assign (Jan 22)
- CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo (Jan 21)
- CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers (Jan 21)
- Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers (Jan 26)
- Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin cve-assign (Jan 27)
- CVE or not: 2x grml-debootstrap Sebastian Pipping (Jan 21)
- Re: CVE or not: 2x grml-debootstrap cve-assign (Jan 27)
- [oCERT-2015-001] JasPer input sanitization errors Andrea Barisani (Jan 21)
- Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem David Jorm (Jan 21)
- CVE Request: Linux kernel - Denial of service in notify_change for xattrs. Wade Mealing (Jan 22)
- Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs. cve-assign (Jan 24)
- CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order Kurt Seifried (Jan 22)
- CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Steffen Rösemann (Jan 22)
- CVE Request: Linux kernel crypto api unprivileged arbitrary module load Marc Deslauriers (Jan 23)
- Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign (Jan 24)
- Re: Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load Mathias Krause (Jan 24)
- Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign (Jan 24)
- Re: Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load Mathias Krause (Jan 24)
- Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign (Jan 24)
- CVE request for BZ Kurt Seifried (Jan 23)
- Re: CVE request for BZ David Lawrence (Jan 23)
- [perl #119505] Segfault from bad backreference Kurt Seifried (Jan 23)
- Re: [perl #119505] Segfault from bad backreference Salvatore Bonaccorso (Jan 23)
- Re: [perl #119505] Segfault from bad backreference cve-assign (Jan 27)
- Re: [perl #119505] Segfault from bad backreference Salvatore Bonaccorso (Jan 23)
- CVE Request: patch: directory traversal via file rename Salvatore Bonaccorso (Jan 24)
- Re: CVE Request: patch: directory traversal via file rename cve-assign (Jan 28)
- CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? Salvatore Bonaccorso (Jan 24)
- Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? cve-assign (Jan 28)
- Socat security advisory 6 - Possible DoS with fork Gerhard Rieger (Jan 24)
- Re: Socat security advisory 6 - Possible DoS with fork cve-assign (Jan 27)
- SEANux 1.0 remote back door Larry W. Cashdollar (Jan 24)
- Re: SEANux 1.0 remote back door Larry W. Cashdollar (Jan 24)
- Re: SEANux 1.0 remote back door Alexander Cherepanov (Jan 25)
- Re: SEANux 1.0 remote back door Larry W. Cashdollar (Jan 25)
- Re: SEANux 1.0 remote back door Alexander Cherepanov (Jan 25)
- Re: SEANux 1.0 remote back door Larry W. Cashdollar (Jan 25)
- Multiple vulnerabilities in LibTIFF and associated tools William Robinet (Jan 24)
- Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)
- Re: Multiple vulnerabilities in LibTIFF and associated tools cve-assign (Feb 07)
- Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)
- CVE for SEANux 1.0? Larry Cashdollar (Jan 25)
- CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Henri Salo (Jan 25)
- busybox CVE-2014-9645 Kurt Seifried (Jan 25)
- unshield directory traversal Kurt Seifried (Jan 25)
- Re: unshield directory traversal cve-assign (Jan 28)
- Reject CVE-2012-3878? Florian Weimer (Jan 26)
- CVE request for Privoxy Fabian Keil (Jan 26)
- Re: CVE request for Privoxy cve-assign (Jan 27)
- [OSSA 2015-003] Glance user storage quota bypass (CVE-2014-9623) Tristan Cacqueray (Jan 26)
- WebKitGTK+ Security Advisory WSA-2015-0001 Carlos Alberto Lopez Perez (Jan 26)
- kamailio: multiple /tmp file vulnerabilities Helmut Grohne (Jan 26)
- Re: kamailio: multiple /tmp file vulnerabilities cve-assign (Feb 12)
- CVE HOWTO - updated and moved to github Kurt Seifried (Jan 26)
- Re: CVE HOWTO - updated and moved to github Seth Arnold (Jan 26)
- GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jonathan Brossard (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Marek Kroemeke (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign (Jan 29)
- Please REJECT CVE-2012-6686 Florian Weimer (Feb 24)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 27)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez (Jan 28)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 30)
- R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02 (Jan 30)
- Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi (Jan 31)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann (Jan 29)
- Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer (Jan 27)
- KVM SYSENTER emulation vulnerability - CVE-2015-0239 Nadav Amit (Jan 27)
- CVE request: XSS in search functionality for Geo Mashup Wordpress plugin Paolo Perego (Jan 27)
- Re: CVE request: XSS in search functionality for Geo Mashup Wordpress plugin cve-assign (Jan 27)
- Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske (Jan 28)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer (Jan 29)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory (Jan 27)
- Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski (Jan 27)
- kgb-bot can be crashed by some network traffic Kurt Seifried (Jan 27)
- Re: kgb-bot can be crashed by some network traffic Pierre Schweitzer (Jan 28)
- Re: kgb-bot can be crashed by some network traffic cve-assign (Feb 07)
- CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities Steffen Rösemann (Jan 27)
- CVE-2014-8156: freesmartphone.org stack configures D-Bus system bus to be insecure Simon McVittie (Jan 28)
- CVE request - ICU Tomas Hoger (Jan 28)
- Re: CVE request - ICU cve-assign (Jan 29)
- Re: Re: CVE request - ICU Tomas Hoger (Jan 29)
- Re: CVE request - ICU cve-assign (Feb 05)
- Re: Re: CVE request - ICU Tomas Hoger (Jan 29)
- Re: CVE request - ICU cve-assign (Jan 29)
- the other glibc issue Hanno Böck (Jan 28)
- Re: the other glibc issue cve-assign (Jan 28)
- Re: the other glibc issue Solar Designer (Jan 29)
- Re: the other glibc issue Rich Felker (Jan 30)
- Re: the other glibc issue Solar Designer (Jan 29)
- Re: the other glibc issue cve-assign (Jan 28)
- CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 28)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)
- Re: Re: CVEs for Drupal contributed modules - January 2015 Vasyl Kaigorodov (Jan 29)
- Re: CVEs for Drupal contributed modules - January 2015 Pere Orga (Jan 29)
- Xen Security Advisory 118 - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team (Jan 29)
- CVE-2015-1420 - Linux kernel fs/fhandle.c race condition cve-assign (Jan 29)
- CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions Petr Matousek (Jan 29)
- CVE request: xchat/hexchat don't properly verify SSL certificates Vincent Danen (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Marc Deslauriers (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sam Dodrill (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Reed Loden (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Daniel Kahn Gillmor (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Michael Samuel (Jan 30)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Kurt Seifried (Jan 30)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates TingPing (Jan 30)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sven Schwedas (Jan 30)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sam Dodrill (Jan 29)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates jmm (Feb 22)
- Re: CVE request: xchat/hexchat don't properly verify SSL certificates Marc Deslauriers (Jan 29)
- Fwd: ClamAV® blog: ClamAV 0.98.6 has been released! Alexander Cherepanov (Jan 29)
- CVE request: Xymon Moritz Muehlenhoff (Jan 30)
- Re: CVE request: Xymon cve-assign (Jan 31)
- CVE request: phpbb3 CSRF and CSS injection Henri Salo (Jan 31)
- Re: CVE request: phpbb3 CSRF and CSS injection cve-assign (Jan 31)
- CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 Henri Salo (Jan 31)
- Re: CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 cve-assign (Jan 31)
- CVE request: Piwigo SQL Injection Achref Akremi (Jan 31)
- Re: CVE request: Piwigo SQL Injection cve-assign (Jan 31)
- RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
- CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann (Feb 01)
- Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities cve-assign (Feb 01)
- Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann (Feb 01)
- CVE request: heap buffer overflow in glibc swscanf Paul Pluzhnikov (Feb 01)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Daniel Micay (Feb 03)
- Re: Re: CVE request: heap buffer overflow in glibc swscanf Florian Weimer (Feb 04)
- <Possible follow-ups>
- Re: CVE request: heap buffer overflow in glibc swscanf Gsunde Orangen (Feb 03)
- Re: CVE request: heap buffer overflow in glibc swscanf cve-assign (Feb 03)
- workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 02)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Qualys Security Advisory (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)
- CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast Petr Matousek (Feb 02)
- Re: Linux kernel: multiple x86_64 vulnerabilities Solar Designer (Feb 02)
- Re: Linux kernel: multiple x86_64 vulnerabilities Shawn (Feb 05)
- vsftpd problem in deny_hosts Marcus Meissner (Feb 03)
- Re: vsftpd problem in deny_hosts Solar Designer (Feb 03)
- Re: vsftpd problem in deny_hosts Marcus Meissner (Feb 03)
- Re: vsftpd problem in deny_hosts Moritz Muehlenhoff (Feb 03)
- Re: vsftpd problem in deny_hosts Chris Evans (Feb 03)
- Re: vsftpd problem in deny_hosts Joshua J. Drake (Feb 03)
- Re: vsftpd problem in deny_hosts Solar Designer (Feb 03)
- Re: CVE Request: MySQL: MyISAM temporary file issue Marcus Meissner (Feb 03)
- Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Hanno Böck (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Moritz Mühlenhoff (Feb 22)
- Re: Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Mar 03)
- CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability Steffen Rösemann (Feb 03)
- Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability cve-assign (Feb 03)
- CVE request: NULL ptr deref in php Johannes Segitz (Feb 04)
- Re: CVE request: NULL ptr deref in php cve-assign (Feb 05)
- Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Reed Loden (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Michael Samuel (Feb 04)
- Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere (Feb 04)
- CVE Request: PHP/file: out-of-bounds memory access in softmagic Moritz Muehlenhoff (Feb 04)
- Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic Hanno Böck (Feb 04)
- Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign (Feb 05)
- Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign (Feb 05)
- Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic Hanno Böck (Feb 04)
- Old nagios CVE Kurt Seifried (Feb 04)
- CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument Kurt Seifried (Feb 04)
- CVE request for some NTP stuff Kurt Seifried (Feb 04)
- Re: CVE request for some NTP stuff Gsunde Orangen (Feb 04)
- CVE request for Zero-day in the Fancybox-for-WordPress Plugin Kurt Seifried (Feb 04)
- Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign (Feb 05)
- Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin Henri Salo (Feb 05)
- Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign (Feb 05)
- MP3::Info file loading from cwd Kurt Seifried (Feb 04)
- foomatic file loading from cwd Kurt Seifried (Feb 04)
- <Possible follow-ups>
- Re: foomatic file loading from cwd Kurt Seifried (Feb 18)
- [oCERT-2015-002] e2fsprogs input sanitization errors Andrea Barisani (Feb 05)
- [ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities Dejan Bosanac (Feb 05)
- [ANNOUNCE] CVE-2014-3579 - ActiveMQ Apollo vulnerability Dejan Bosanac (Feb 05)
- CVE requests for Drupal contributed modules Pere Orga (Feb 05)
- <Possible follow-ups>
- CVE requests for Drupal contributed modules Pere Orga (Feb 13)
- CVE requests for Drupal contributed modules Pere Orga (Mar 22)
- CVE request: two OpenLDAP DoS issues Ryan Tandy (Feb 05)
- Re: CVE request: two OpenLDAP DoS issues cve-assign (Feb 07)
- CVE request for denial-of-service vulnerability in fcgi Till Maas (Feb 06)
- Re: CVE request for denial-of-service vulnerability in fcgi Kurt Seifried (Feb 06)
- Re: CVE request for denial-of-service vulnerability in fcgi cve-assign (Feb 07)
- lynx: crash when parsing overly long links Kurt Seifried (Feb 06)
- Re: lynx: crash when parsing overly long links Alan Coopersmith (Feb 06)
- Re: lynx: crash when parsing overly long links Kurt Seifried (Feb 06)
- Re: lynx: crash when parsing overly long links Hanno Böck (Feb 08)
- Re: lynx: crash when parsing overly long links Kurt Seifried (Feb 06)
- Re: lynx: crash when parsing overly long links Alan Coopersmith (Feb 06)
- older fuseiso stuff Kurt Seifried (Feb 06)
- Re: older fuseiso stuff Florian Weimer (Feb 23)
- some older pbm2l2030 stuff Kurt Seifried (Feb 06)
- Re: some older pbm2l2030 stuff cve-assign (Mar 29)
- Re: some older pbm2l2030 stuff Vasyl Kaigorodov (Mar 30)
- Re: some older pbm2l2030 stuff cve-assign (Mar 29)
- older issues in libbluray Kurt Seifried (Feb 06)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: older issues in libbluray Florian Weimer (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Kurt Seifried (Feb 23)
- Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf (Feb 24)
- Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy (Feb 24)
- Re: older issues in libbluray Florian Weimer (Feb 23)
- Re: older issues in libbluray Kurt Seifried (Feb 22)
- Re: older issues in libbluray Moritz Mühlenhoff (Feb 22)
- byzanz: Out-of heap-based buffer write in GIF encoder Kurt Seifried (Feb 06)
- Re: byzanz: Out-of heap-based buffer write in GIF encoder cve-assign (Mar 29)
- potrace: possible heap overflow Kurt Seifried (Feb 06)
- Re: potrace: possible heap overflow cve-assign (Mar 29)
- libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried (Feb 06)
- python-rope: pickle.load of remotely supplied data with no authentication required Kurt Seifried (Feb 06)
- gcj jar manifest parsing segfault with classpath references Kurt Seifried (Feb 07)
- ghostscript double free and invalid read caused by embedded jbig2 data Kurt Seifried (Feb 07)
- Re: ghostscript double free and invalid read caused by embedded jbig2 data Hanno Böck (Feb 07)
- Re: ghostscript double free and invalid read caused by embedded jbig2 data Gynvael Coldwind (Feb 07)
- Re: ghostscript double free and invalid read caused by embedded jbig2 data Hanno Böck (Feb 07)
- CVE REJECT CVE-2009-1193 Kurt Seifried (Feb 07)
- kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() Kurt Seifried (Feb 07)
- Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried (Feb 07)
- Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden (Feb 07)
- some really old openjdk stuff/possible java Kurt Seifried (Feb 07)
- Spencer regexp heap overflow? Alistair Crooks (Feb 07)
- Fwd: ezmlm response Constantine Shulyupin (Feb 07)
- CVE-Request -- eFront v. 3.6.15.2 build 18021 (Community Edition) -- Multiple CSRF vulnerabilities Steffen Rösemann (Feb 08)
- CVE-2013-6501 php: predictible filename used for cache in world writable directory Kurt Seifried (Feb 08)
- Re: CVE-2013-6501 php: predictible filename used for cache in world writable directory Stanislav Malyshev (Feb 08)
- CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Kurt Seifried (Feb 08)
- Re: CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Ritwik Ghoshal (Feb 09)
- please REJECT CVE-2013-4186 Kurt Seifried (Feb 08)
- Moodle security issue made public Marina Glancy (Feb 08)
- CVE-2014-8165: remote code execution in powerpc-utils-python Florian Weimer (Feb 09)
- CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation Simon McVittie (Feb 09)
- CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Alexander Cherepanov (Feb 09)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 09)
- Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 11)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 11)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 12)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign (Feb 15)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 16)
- Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco (Feb 10)
- Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Mike O'Connor (Feb 09)
- CVE request: XSS in MantisBT Damien Regad (Feb 09)
- RE: CVE request: XSS in MantisBT P Richards (Feb 09)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
- RE: Re: CVE request: XSS in MantisBT P Richards (Feb 13)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
- RE: Re: CVE request: XSS in MantisBT P Richards (Feb 16)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 16)
- Re: CVE request: XSS in MantisBT Damien Regad (Feb 13)
- Re: CVE request: XSS in MantisBT cve-assign (Feb 20)
- RE: CVE request: XSS in MantisBT P Richards (Feb 21)
- Re: CVE request: XSS in MantisBT cve-assign (Feb 21)
- RE: CVE request: XSS in MantisBT P Richards (Feb 21)
- RE: CVE request: XSS in MantisBT P Richards (Feb 09)
- CVE request: sudo TZ issue Todd C. Miller (Feb 09)
- <Possible follow-ups>
- Re: CVE request: sudo TZ issue Florian Weimer (Feb 10)
- Re: CVE request: sudo TZ issue Todd C. Miller (Feb 10)
- Re: CVE request: sudo TZ issue cve-assign (Feb 10)
- Re: Re: CVE request: sudo TZ issue Florian Weimer (Feb 11)
- Re: CVE request: sudo TZ issue cve-assign (Feb 12)
- Re: Re: CVE request: sudo TZ issue Todd C. Miller (Feb 11)
- Re: Re: CVE request: sudo TZ issue Rich Felker (Feb 12)
- Re: Re: CVE request: sudo TZ issue Simon McVittie (Feb 13)
- Re: Re: CVE request: sudo TZ issue Todd C. Miller (Feb 13)
- CVE Request: jabberd remote information disclosure Thijs Alkemade (Feb 09)
- CVE Request: jabberd remote information disclosure Joe Malcolm (Feb 20)
- Re: CVE Request: jabberd remote information disclosure Moritz Muehlenhoff (Feb 22)
- Re: CVE Request: jabberd remote information disclosure cve-assign (Feb 22)
- Re: CVE Request: jabberd remote information disclosure Thijs Alkemade (Feb 23)
- Re: CVE Request: jabberd remote information disclosure cve-assign (Feb 23)
- Re: CVE Request: jabberd remote information disclosure Thijs Alkemade (Feb 23)
- Current outstanding CVE requests Kurt Seifried (Feb 09)
- CVE-Request -- Linux kernel - panic on nftables rule flush Wade Mealing (Feb 09)
- Re: CVE-Request -- Linux kernel - panic on nftables rule flush Florian Weimer (Feb 10)
- Re: CVE-Request -- Linux kernel - panic on nftables rule flush cve-assign (Feb 10)
- Two new security advisories released for Apache WSS4J Colm O hEigeartaigh (Feb 10)
- eCryptfs key wrapping help to crack user password Sylvain Pelissier (Feb 10)
- Re: eCryptfs key wrapping help to crack user password Tyler Hicks (Feb 10)
- Re: eCryptfs key wrapping help to crack user password Tyler Hicks (Feb 26)
- Re: eCryptfs key wrapping help to crack user password cve-assign (Feb 27)
- Re: eCryptfs key wrapping help to crack user password Tyler Hicks (Feb 10)
- wordexp(3) Solar Designer (Feb 10)
- Re: wordexp(3) Rich Felker (Feb 10)
- Re: wordexp(3) Rich Felker (Feb 10)
- Re: wordexp(3) John Haxby (Feb 11)
- Re: wordexp(3) Stuart Henderson (Feb 11)
- Re: wordexp(3) Florian Weimer (Feb 11)
- Re: wordexp(3) Tim (Feb 11)
- Re: wordexp(3) Daniel Micay (Feb 11)
- Re: wordexp(3) Florian Weimer (Feb 11)
- Re: wordexp(3) Rich Felker (Feb 10)
- CVE Request: Cups: cupsRasterReadPixels buffer overflow Kristian Fiskerstrand (Feb 10)
- Re: CVE Request: Cups: cupsRasterReadPixels buffer overflow cve-assign (Feb 12)
- CVE-2015-0260: Kallithea: API key of repository's creator exposed by get_repo API method Andrew Shadura (Feb 10)
- Fwd: X.Org Security Advisory: CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers Alan Coopersmith (Feb 10)
- CVE request: MovableType before 5.2.12 John Lightsey (Feb 12)
- Re: CVE request: MovableType before 5.2.12 - Movable Type cve-assign (Feb 12)
- CVE request: lame Moritz Muehlenhoff (Feb 12)
- CVE request: archmage directory traversal Moritz Muehlenhoff (Feb 12)
- Re: CVE request: archmage directory traversal cve-assign (Feb 12)
- Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2: GICD_SGIR is not properly emulated Xen . org security team (Feb 12)
- CVE Requests - glibc overflows (strxfrm) mancha (Feb 13)
- CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow cve-assign (Feb 13)
- Re: CVE-Request -- Linux ASLR integer overflow Kees Cook (Feb 14)
- Re: CVE-Request -- Linux ASLR integer overflow Hector Marco (Feb 13)
- CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 13)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Hanno Böck (Feb 14)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Vasyl Kaigorodov (Feb 16)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 16)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 25)
- Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu (Feb 16)
- Re: CVE Request - dns-sync node module cve-assign (Feb 13)
- CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF Steffen Rösemann (Feb 13)
- Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign (Feb 13)
- Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign (Feb 14)
- Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck (Feb 13)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 14)
- Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign (Feb 13)
- Possible vulnerability fixed in ZPAQ v7.02 Matt Mahoney (Feb 13)
- CVE-Request - Offset2lib Hector Marco (Feb 15)
- Re: CVE-Request - Offset2lib Daniel Micay (Feb 15)
- End of the m0n0wall project Henri Salo (Feb 15)
- CVE-Request - bitbake Maxin John (Feb 16)
- Re: CVE-Request - bitbake Florian Weimer (Feb 17)
- CVE request: spencer regexp Moritz Muehlenhoff (Feb 16)
- Re: CVE request: spencer regexp Siddharth Sharma (Mar 11)
- Re: CVE request: spencer regexp cve-assign (Mar 11)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: Re: CVE request: spencer regexp Alistair Crooks (Mar 12)
- Re: Re: CVE request: spencer regexp Siddharth Sharma (Mar 12)
- Re: CVE request: spencer regexp cve-assign (Mar 16)
- CVE request: novnc: session hijack through insecurely set session token cookies Vasyl Kaigorodov (Feb 17)
- CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 17)
- Re: CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 17)
- Re: CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 25)
- Re: CVE request: vulnerabilities in libcsoap cve-assign (Mar 14)
- Re: CVE request: vulnerabilities in libcsoap Patrick Coleman (Feb 17)
- CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write William Robinet (Feb 17)
- CVE-2014-9328: clamav: special crafted upack files may lead to segfault Sebastian Andrzej Siewior (Feb 17)
- CVE-2015-1463: clamav: special crafted petite can lead to a crash Sebastian Andrzej Siewior (Feb 17)
- CVE request: Linux kernel ecryptfs 1-byte overwrite Kees Cook (Feb 17)
- Re: CVE request: Linux kernel ecryptfs 1-byte overwrite cve-assign (Feb 17)
- FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Loganaden Velvindron (Feb 17)
- Re: FreeBSD: URGENT: RNG broken for last 4 months cve-assign (Feb 18)
- Re: FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried (Feb 18)
- CVE Request: cabextract -- directory traversal Alexander Cherepanov (Feb 18)
- Re: CVE Request: cabextract -- directory traversal cve-assign (Feb 22)
- Re: Re: CVE Request: cabextract -- directory traversal Alexander Cherepanov (Feb 23)
- Re: CVE Request: cabextract -- directory traversal cve-assign (Feb 23)
- Re: Re: CVE Request: cabextract -- directory traversal Alexander Cherepanov (Feb 23)
- Re: CVE Request: cabextract -- directory traversal cve-assign (Feb 22)
- CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Feb 18)
- Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Loganaden Velvindron (Feb 18)
- Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Feb 18)
- Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco (Mar 03)
- Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Loganaden Velvindron (Feb 18)
- CVE-Request -- Piwigo <= v. 2.7.3 -- Reflecting XSS- and SQLi-vulnerability in administrative backend Steffen Rösemann (Feb 18)
- CVE request: xrdp mancha (Feb 18)
- Re: CVE request: xrdp mancha (Feb 18)
- Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Stuart Gathman (Feb 19)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 19)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 19)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 20)
- Re: Fixing the glibc runtime linker Casper . Dik (Feb 20)
- Re: Fixing the glibc runtime linker Paul Pluzhnikov (Feb 20)
- Re: Fixing the glibc runtime linker Rich Felker (Feb 21)
- Re: Fixing the glibc runtime linker Tim Brown (Feb 19)
- Re: Fixing the glibc runtime linker John Haxby (Feb 25)
- Re: Fixing the glibc runtime linker Stuart Gathman (Feb 19)
- Requesting CVE for ImageMagick DoS Jodie Cunningham (Feb 19)
- Re: Requesting CVE for ImageMagick DoS Jodie Cunningham (Feb 26)
- CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso (Feb 20)
- Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso (Mar 10)
- Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices cve-assign (Mar 12)
- CVE-2015-2041 - Linux kernel - incorrect data type in llc2_timeout_table cve-assign (Feb 20)
- CVE-2015-2042 - Linux kernel - incorrect data type in rds_sysctl_rds_table cve-assign (Feb 20)
- CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities Steffen Rösemann (Feb 21)
- CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities Steffen Rösemann (Feb 21)
- Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities cve-assign (Feb 27)
- CVE-2015-0881 Kurt Seifried (Feb 21)
- Re: CVE-2015-0881 C Peters (Feb 21)
- Re: CVE-2015-0881 Kurt Seifried (Feb 21)
- Re: CVE-2015-0881 Amos Jeffries (Feb 22)
- Re: CVE-2015-0881 Kurt Seifried (Feb 23)
- Re: CVE-2015-0881 Amos Jeffries (Feb 28)
- Re: CVE-2015-0881 Kurt Seifried (Mar 01)
- Re: CVE-2015-0881 Amos Jeffries (Mar 06)
- Re: CVE-2015-0881 Jerome Athias (Feb 28)
- Re: CVE-2015-0881 Kurt Seifried (Feb 23)
- Re: CVE-2015-0881 C Peters (Feb 21)
- CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 Salvatore Bonaccorso (Feb 21)
- Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 cve-assign (Feb 22)
- CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 22)
- Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 23)
- Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign (Feb 25)
- Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond (Feb 26)
- Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign (Feb 26)
- CVE request: glibc PR 17269 _IO_wstr_overflow integer overflow Paul Pluzhnikov (Feb 22)
- CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann (Feb 22)
- CVE request: BD-J implementation in libbluray Florian Weimer (Feb 23)
- Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: CVE request: BD-J implementation in libbluray Florian Weimer (Feb 23)
- Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Feb 23)
- Re: Re: CVE request: BD-J implementation in libbluray Sven Schwedas (Feb 23)
- Re: Re: CVE request: BD-J implementation in libbluray Florian Weimer (Mar 01)
- Re: CVE request: BD-J implementation in libbluray Florian Weimer (Feb 23)
- Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf (Feb 23)
- CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG() Petr Matousek (Feb 23)
- [OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881) Tristan Cacqueray (Feb 23)
- CVE request: unace Moritz Muehlenhoff (Feb 23)
- Re: CVE request: unace cve-assign (Feb 23)
- Re: Summer bug cleaning - rpcbind -h option - REJECT CVE-2012-3541 Kurt Seifried (Feb 23)
- CVE-2015-2080 - Jetty remote unauthenticated credential exposure cve-assign (Feb 25)
- Xen Security Advisory 118 (CVE-2015-1563) - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team (Feb 25)
- CVE request: glibc scanf implementation crashes on certain inputs Florian Weimer (Feb 26)
- Re: CVE request: glibc scanf implementation crashes on certain inputs cve-assign (Mar 12)
- CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 26)
- Re: CVE request: Joomla Google Maps Plugin cve-assign (Feb 26)
- Re: Re: CVE request: Joomla Google Maps Plugin Hanno Böck (Feb 27)
- Re: CVE request: Joomla Google Maps Plugin cve-assign (Feb 26)
- CVE request: glibc: potential application crash due to overread in fnmatch Florian Weimer (Feb 26)
- XSS In Zope Kurt Seifried (Feb 26)
- Re: XSS In Zope cve-assign (Mar 02)
- CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker (Feb 28)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 28)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Steven Stewart-Gallus (Mar 01)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker (Feb 28)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
- CVE Request: null ptr deref in lame v3.99.5 Brian Carpenter (Feb 26)
- Re: CVE Request: null ptr deref in lame v3.99.5 Moritz Muehlenhoff (Feb 26)
- CVE request: RFC 4253 section 8 wooes Florent Daigniere (Feb 27)
- dropbear and PuTTY missing DHE sanity checks [was: Re: CVE request: RFC 4253 section 8 wooes] Daniel Kahn Gillmor (Feb 27)
- CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others) Siddharth Sharma (Feb 27)
- CVE Request: PuTTY fails to clear private key information from memory Patrick Coleman (Feb 28)
- Re: CVE Request: PuTTY fails to clear private key information from memory cve-assign (Feb 28)
- Re: CVE Request: PuTTY fails to clear private key information from memory Zubin Mithra (Feb 28)
- CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) Brian Carpenter (Feb 28)
- Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) cve-assign (Feb 28)
- CVE request: DokuWiki privilege escalation in RPC API Sebastian Pipping (Mar 01)
- Re: CVE request: DokuWiki privilege escalation in RPC API cve-assign (Mar 01)
- CVE request: Maven downloads JARs via HTTP Martin Prpic (Mar 02)
- Re: CVE request: Maven downloads JARs via HTTP gremlin (Mar 02)
- Re: CVE request: Maven downloads JARs via HTTP Martin Prpic (Mar 02)
- Re: CVE request: Maven downloads JARs via HTTP gremlin (Mar 02)
- Re: CVE request: Maven downloads JARs via HTTP Simon McVittie (Mar 02)
- Re: validation on update gremlin (Mar 03)
- Re: validation on update Kurt Seifried (Mar 03)
- Re: CVE request: Maven downloads JARs via HTTP Martin Prpic (Mar 02)
- Re: CVE request: Maven downloads JARs via HTTP cve-assign (Mar 03)
- Re: CVE request: Maven downloads JARs via HTTP gremlin (Mar 02)
- Debian / xterm #779397 Kurt Seifried (Mar 02)
- Re: Debian / xterm #779397 Thomas Dickey (Mar 03)
- Re: Re: Debian / xterm #779397 Simon McVittie (Mar 03)
- Re: Re: Debian / xterm #779397 Marcus Meissner (Mar 03)
- Re: Re: Debian / xterm #779397 Stephane Chazelas (Mar 03)
- Re: Re: Debian / xterm #779397 Simon McVittie (Mar 03)
- Re: Debian / xterm #779397 Thomas Dickey (Mar 03)
- PostgreSQL password hashing Michael Samuel (Mar 03)
- CVE request: PHPMoAdmin Unauthorized Remote Code Execution Henri Salo (Mar 03)
- Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution cve-assign (Mar 04)
- CVE request: Invalid pointer dereference in the GNOME librest library Florian Weimer (Mar 04)
- Re: CVE request: Invalid pointer dereference in the GNOME librest library cve-assign (Mar 23)
- Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 04)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft (Mar 04)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 04)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 05)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 05)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 05)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 05)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 06)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 06)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 08)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 09)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 09)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 09)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 10)
- Re: PEP-466 common compatible implementation. (was ... CVE-2015-1777) John Haxby (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 10)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel (Mar 11)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Tomas Hoger (Mar 05)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried (Mar 04)
- Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft (Mar 04)
- unassigning CVE-2015-2104 Paul McMillan (Mar 04)
- Re: unassigning CVE-2015-2104 Kurt Seifried (Mar 04)
- Re: unassigning CVE-2015-2104 cve-assign (Mar 05)
- Re: Re: unassigning CVE-2015-2104 Amos Jeffries (Mar 05)
- CVE-2014-6440: Heap Overflow in VLC Transcode Module Bill Blough (Mar 04)
- Re: [FD] Java 8u40 released: why? Gsunde Orangen (Mar 05)
- Xen Security Advisory 121 (CVE-2015-2044) - Information leak via internal x86 system device emulation Xen . org security team (Mar 05)
- Xen Security Advisory 122 (CVE-2015-2045) - Information leak through version information hypercall Xen . org security team (Mar 05)
- Certificate pinning and the browser PKI Florian Weimer (Mar 05)
- Re: Certificate pinning and the browser PKI Martin Hecht (Mar 05)
- Re: Certificate pinning and the browser PKI Daniel Kahn Gillmor (Mar 07)
- CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Prathan Phongthiproek (Mar 05)
- Re: CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Henri Salo (Mar 06)
- CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Martin Prpic (Mar 06)
- Mono TLS vulnerabilities Jo Shields (Mar 07)
- Re: Mono TLS vulnerabilities cve-assign (Mar 17)
- Multiple vulnerabilities in Untangle NGFW 9-11 Hutton (Mar 08)
- Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke (Mar 09)
- Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. cve-assign (Mar 10)
- Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke (Mar 10)
- Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. cve-assign (Mar 10)
- CVE-2014-8172 John Haxby (Mar 09)
- Please assign a CVE to this recent cups-filters vulnerability Fabio Olive Leite (Mar 09)
- Instant v2.0 SQL Injection Vulnerability Steevee a.k.a Stefanus (Mar 09)
- Re: Instant v2.0 SQL Injection Vulnerability cve-assign (Mar 10)
- Re: Instant v2.0 SQL Injection Vulnerability Solar Designer (Mar 10)
- Re: Instant v2.0 SQL Injection Vulnerability cve-assign (Mar 10)
- Xen Security Advisory 124 - Non-standard PCI device functionality may render pass-through insecure Xen . org security team (Mar 10)
- Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team (Mar 10)
- <Possible follow-ups>
- Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team (Mar 31)
- Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption due to x86 emulator flaw Xen . org security team (Mar 10)
- CVE Request: PHP 5.6.6 changelog Francisco Alonso (Mar 10)
- Re: CVE Request: PHP 5.6.6 changelog Francisco Alonso (Mar 11)
- Re: Re: CVE Request: PHP 5.6.6 changelog Joshua Rogers (Mar 11)
- Re: CVE Request: PHP 5.6.6 changelog cve-assign (Mar 15)
- Re: CVE Request: PHP 5.6.6 changelog Francisco Alonso (Mar 11)
- less invalid memory access fixed (CVE-2014-9488) Hanno Böck (Mar 10)
- Xen Security Advisory 119 (CVE-2015-2152) - HVM qemu unexpectedly enabling emulated VGA graphics backends Xen . org security team (Mar 12)
- Assign a CVE for Python's restkit Please Donald Stufft (Mar 12)
- Re: Assign a CVE for Python's restkit Please Donald Stufft (Mar 22)
- Re: Assign a CVE for Python's restkit Please cve-assign (Mar 23)
- CVE request: lftp saves unknown host's fingerprint in known_hosts without any prompt Vasyl Kaigorodov (Mar 12)
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 12)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay (Mar 13)
- Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Mar 13)
- Disabling reading of kernel log buffer reading for user halfdog (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Jann Horn (Mar 13)
- Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks (Mar 13)
- Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Mar 13)
- <Possible follow-ups>
- Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Mar 13)
- [OSSA 2015-005] Nova console Cross-Site WebSocket hijacking (CVE-2015-0259) Tristan Cacqueray (Mar 13)
- CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 16)
- RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
- catdoc has bugs Dean Pierce (Mar 13)
- CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version Henri Salo (Mar 14)
- CVE Request: XSS issue in MantisBT permalink_page.php Damien Regad (Mar 14)
- Re: CVE Request: XSS issue in MantisBT permalink_page.php cve-assign (Mar 14)
- CVE Request for python-requests session fixation vulnerability Ian Cordasco (Mar 14)
- Re: CVE Request for python-requests session fixation vulnerability cve-assign (Mar 14)
- CVE Request for information leak in Etherpad exports Jeremy Stanley (Mar 14)
- Re: CVE Request for information leak in Etherpad exports cve-assign (Mar 14)
- CVE Request - Apache Solr 4.10 Puneeth Gowda (Mar 15)
- Moodle security issues made public Marina Glancy (Mar 15)
- CVE Request: Cap'n Proto: Several issues Salvatore Bonaccorso (Mar 15)
- Re: CVE Request: Cap'n Proto: Several issues cve-assign (Mar 16)
- CVE Request: memory leak in openssl "hostname" TLS Extension Marcus Meissner (Mar 16)
- Re: CVE Request: memory leak in openssl "hostname" TLS Extension Vitezslav Cizek (Mar 16)
- Re: CVE Request: memory leak in openssl "hostname" TLS Extension cve-assign (Mar 16)
- CVE-2015-0263 and CVE-2015-0264 - Apache Camel medium disclosure vulnerability Christian Mueller (Mar 16)
- Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 16)
- Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 16)
- Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 18)
- Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Christian Rebischke (Mar 18)
- Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer (Mar 18)
- [CVE-2015-0250] Apache Batik information disclosure vulnerability Luis Bernardo (Mar 17)
- Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith (Mar 17)
- Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Sven Schwedas (Mar 17)
- Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith (Mar 17)
- Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Sven Schwedas (Mar 17)
- Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) Peter Kjellström (Mar 17)
- Re: Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) cve-assign (Mar 17)
- CVE Request: WebKitGTK+ late TLS certificate verification Michael Catanzaro (Mar 17)
- Re: CVE Request: WebKitGTK+ late TLS certificate verification cve-assign (Mar 18)
- CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner (Mar 23)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law (Mar 18)
- Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign (Mar 18)
- CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas (Mar 18)
- CVE Request: Linux kernel execution in the early microcode loader. Quentin Casasnovas (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 19)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay (Mar 18)
- Re: CVE Request: Linux kernel execution in the early microcode loader. cve-assign (Mar 20)
- Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer (Mar 18)
- CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel (Mar 18)
- OpenSSL sec. advisory mancha (Mar 19)
- cve-assign delays Steven M. Christey (Mar 19)
- Re: cve-assign delays Kurt Seifried (Mar 19)
- CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 Pere Orga (Mar 19)
- Xerces-C Security Advisory [CVE-2015-0252] Cantor, Scott (Mar 19)
- OpenDaylight security advisory: CVE-2015-1778 authentication bypass, CVE-2015-1611 CVE-2015-1612 topology spoofing via LLDP David Jorm (Mar 19)
- membership request to the closed linux-distros security mailing list Sona Sarmadi (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Solar Designer (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Stuart Henderson (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Marcus Meissner (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Daniel Micay (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Kurt Seifried (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Florian Weimer (Mar 22)
- Re: membership request to the closed linux-distros security mailing list John Haxby (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Alan Coopersmith (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Florian Weimer (Mar 22)
- Re: membership request to the closed linux-distros security mailing list Anthony Liguori (Mar 20)
- Re: membership request to the closed linux-distros security mailing list Solar Designer (Mar 20)
- CVE request: denial of service in Quassel Pierre Schweitzer (Mar 20)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- Re: CVE request: denial of service in Quassel cve-assign (Mar 27)
- Re: CVE request: denial of service in Quassel Pierre Schweitzer (Mar 27)
- CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
- Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree Salvatore Bonaccorso (Mar 21)
- CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Justin Steven (Mar 21)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Russ Allbery (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Amos Jeffries (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Michael Samuel (Mar 21)
- Re: CVE for Kali Linux Florian Weimer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Donald Stufft (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Kristian Fiskerstrand (Mar 22)
- Re: CVE for Kali Linux Jeremy Stanley (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Stephen Kitt (Mar 22)
- Re: CVE for Kali Linux Daniel Micay (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Russ Allbery (Mar 22)
- Re: CVE for Kali Linux David A. Wheeler (Mar 22)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Marcus Meissner (Mar 23)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 23)
- Re: CVE for Kali Linux Marcus Meissner (Mar 23)
- Re: CVE for Kali Linux Marcus Meissner (Mar 24)
- Re: CVE for Kali Linux Alexander Cherepanov (Mar 24)
- Re: CVE for Kali Linux Kurt Seifried (Mar 21)
- Re: CVE for Kali Linux Daniel Micay (Mar 21)
- Re: CVE for Kali Linux cve-assign (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Solar Designer (Mar 22)
- Re: CVE for Kali Linux Kurt Seifried (Mar 22)
- Re: CVE for Kali Linux Justin Steven (Mar 21)
- rsyslog/logs/1 minute off (another RISKS thing) Kurt Seifried (Mar 21)
- Dulwich security issue Jelmer Vernooij (Mar 22)
- CVE-Request -- openEMR v. 4.2.0 -- Multiple stored/reflecting XSS- and SQLi vulns Steffen Rösemann (Mar 22)
- OpenSSL DoS tester now available (CVE-2015-0291) mancha (Mar 22)
- CVE requests for shibboleth service provider Yves-Alexis Perez (Mar 23)
- Re: CVE requests for shibboleth service provider cve-assign (Mar 23)
- Re: CVE requests for shibboleth service provider Yves-Alexis Perez (Mar 23)
- Re: CVE requests for shibboleth service provider cve-assign (Mar 23)
- CVE Request: gd buffer read overflow in gd_gif_in.c Francisco Alonso (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c Moritz Muehlenhoff (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c cve-assign (Mar 23)
- CVE Request: Linux kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer Petr Matousek (Mar 23)
- CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Kurt Seifried (Mar 23)
- Re: CVE request: Two vulnerabilities in Tor cve-assign (Mar 24)
- Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso (Mar 23)
- CVE request: Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities Henri Salo (Mar 23)
- CVE-2015-0841: off-by-one error in network code of monopd/libcapsinetwork Florian Weimer (Mar 23)
- CVE request for OpenStack Compute (nova) Garth Mollett (Mar 23)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 24)
- Re: CVE request for OpenStack Compute (nova) Garth Mollett (Mar 24)
- Re: Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 24)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 25)
- Re: CVE request for OpenStack Compute (nova) Jeremy Stanley (Mar 25)
- Re: CVE request for OpenStack Compute (nova) cve-assign (Mar 24)
- CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Kurt Seifried (Mar 23)
- Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Dave Horsfall (Mar 23)
- Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Florian Weimer (Mar 24)
- CVE-2015-1820: ruby rest-client session fixation vulnerability Andy Brody (Mar 23)
- CVE request Qemu: malicious PRDT flow from guest to host P J P (Mar 23)
- 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 23)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Eric Windisch (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Trevor Jay (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 31)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried (Mar 24)
- Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer (Mar 24)
- CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder Petr Matousek (Mar 24)
- CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation P J P (Mar 24)
- Re: CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation cve-assign (Mar 24)
- CVE-2013-1666 description still missing Henri Salo (Mar 24)
- CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 24)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 26)
- Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 27)
- Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov (Mar 27)
- Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign (Mar 26)
- CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 25)
- Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 25)
- Re: CVS-Request: realmd code execution/auth bypass cve-assign (Mar 25)
- Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 30)
- Re: CVS-Request: realmd code execution/auth bypass cve-assign (Mar 30)
- Re: CVS-Request: realmd code execution/auth bypass cve-assign (Mar 25)
- Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer (Mar 25)
- Fwd: setroubleshoot root exploit (CVE-Request) Sebastian Krahmer (Mar 26)
- Re: Fwd: setroubleshoot root exploit (CVE-Request) Huzaifa Sidhpurwala (Mar 26)
- Re: Fwd: setroubleshoot root exploit (CVE-Request) Solar Designer (Mar 26)
- Re: Fwd: setroubleshoot root exploit (CVE-Request) Huzaifa Sidhpurwala (Mar 26)
- CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hector Marco (Mar 27)
- Re: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Solar Designer (Mar 27)
- CVE request: Erlang POODLE TLS vulnerability Hanno Böck (Mar 27)
- Re: CVE request: Erlang POODLE TLS vulnerability cve-assign (Mar 27)
- Fwd: Insecure file upload in Berta CMS Simon Waters (Mar 27)
- Re: Fwd: Insecure file upload in Berta CMS cve-assign (Mar 27)
- Re: Insecure file upload in Berta CMS Simon Waters (Mar 30)
- Re: Fwd: Insecure file upload in Berta CMS cve-assign (Mar 27)
- Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 Matthew Daley (Mar 27)
- Advisory: CVE-2014-9708: Appweb Web Server Matthew Daley (Mar 27)
- CVE Request: arj: free on invalid pointer due to to buffer overflow Salvatore Bonaccorso (Mar 28)
- Re: CVE Request: arj: free on invalid pointer due to to buffer overflow cve-assign (Mar 28)
- New Rootkit - Lightweight rootkit implemented by bash shell scripts v0.10 wzt wzt (Mar 28)
- CVE request (Debian specific): slapd: dangerous access rule in default config Yves-Alexis Perez (Mar 28)
- CVE request: XSS in roundcube before 1.1.0 Hanno Böck (Mar 29)
- Re: CVE request: XSS in roundcube before 1.1.0 Salvatore Bonaccorso (Mar 29)
- Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) Hanno Böck (Mar 29)
- Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) cve-assign (Mar 30)
- CVE request: 2 issues in inspircd Sébastien Delafond (Mar 29)
- CVE Request: CSRF in Realms Wiki Javantea (Mar 29)
- CVE Request: Remote Code Execution in Realms Wiki install.sh Javantea (Mar 29)
- Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817] Rich Felker (Mar 29)
- CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c Salvatore Bonaccorso (Mar 29)
- Re: CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c cve-assign (Mar 30)
- CVE Request: ikiwiki: cross-site scripting via openid_identifier Salvatore Bonaccorso (Mar 29)
- Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier cve-assign (Mar 30)
- <Possible follow-ups>
- CVE Request: ikiwiki: cross-site scripting via openid_identifier Vasyl Kaigorodov (Mar 30)
- Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier Simon McVittie (Mar 30)
- Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code Dave (Mar 30)
- CVE request: freebsd/sh stack overflow vulnerability wzt wzt (Mar 31)
- Xen Security Advisory 125 (CVE-2015-2752) - Long latency MMIO mapping operations are not preemptible Xen . org security team (Mar 31)
- Xen Security Advisory 127 (CVE-2015-2751) - Certain domctl operations may be abused to lock up the host Xen . org security team (Mar 31)
- Xen Security Advisory 126 (CVE-2015-2756) - Unmediated PCI command register access in qemu Xen . org security team (Mar 31)