oss-sec: by thread
637 messages
starting Apr 01 16 and
ending Jun 30 16
Date index |
Thread index |
Author index
- Cross-site request forgery (CSRF) vulnerability in administrate gem Tute Costa (Apr 01)
- Re: ext4 data corruption due to punch hole races cve-assign (Apr 01)
- <Possible follow-ups>
- Re: ext4 data corruption due to punch hole races Yves-Alexis Perez (Apr 02)
- Re: ext4 data corruption due to punch hole races Theodore Ts'o (Apr 02)
- Re: ext4 data corruption due to punch hole races Ben Hutchings (Apr 02)
- Re: ext4 data corruption due to punch hole races Theodore Ts'o (Apr 02)
- Re: ext4 data corruption due to punch hole races Theodore Ts'o (Apr 02)
- CVE Request: Squid HTTP Proxy Amos Jeffries (Apr 01)
- Re: CVE Request: Squid HTTP Proxy cve-assign (Apr 01)
- OpenZFS (Linux, FreeBSD, illumos) fails to transmit holes Kash Pande (Apr 03)
- Re: [security] CVE requests for Drupal contributed modules (from 2016-009 to 2016-014) David Snopek (Apr 04)
- CVE-2016-2191: optipng: invalid write Hans Jerry Illikainen (Apr 04)
- CVE request - Go - DLL loading, Big int Jason Buberel (Apr 05)
- Re: CVE request - Go - DLL loading, Big int cve-assign (Apr 05)
- root escalation from any user on clusters managed with OAR Vincent Danjean (Apr 05)
- CVE Request - xchat/hexchat doesn't properly verify SSL certificates Andrej Nemec (Apr 05)
- Re: CVE Request - xchat/hexchat doesn't properly verify SSL certificates cve-assign (Apr 06)
- CVE request: Remote command execution/XSS vulnerability after login in IPFire's web user interface Michael Tremer (Apr 05)
- CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Hector Marco-Gisbert (Apr 06)
- Pulp 2.8.2 release for CVE-2016-3095 Randy Barlow (Apr 06)
- Fwd: CVE Request: Linux: usbnet: memory corruption triggered by invalid USB descriptor Andrey Konovalov (Apr 06)
- CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 07)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 08)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 09)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 08)
- Re: CVE-2016-3619 libtiff: Out-of-bounds Read in the bmp2tiff tool Alan Coopersmith (Apr 07)
- CVE-2016-3620 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
- CVE-2016-3621 libtiff: Out-of-bounds Read in the bmp2tiff tool 王梅 (Apr 07)
- CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 王梅 (Apr 07)
- <Possible follow-ups>
- CVE-2016-3622 libtiff: Divide By Zero in the tiff2rgba tool 张开翔 (Apr 07)
- [CVE-2016-3972]DotCMS Directory traversal vulnerability xiong piaox (Apr 07)
- [CVE-2016-3971]DotCMS xss vulnerability xiong piaox (Apr 07)
- CVE-2016-3623 libtiff: Divide By Zero in the rgb2ycbcr tool 王梅 (Apr 07)
- CVE-2016-3624 libtiff: Out-of-bounds Write in the rgb2ycbcr tool 王梅 (Apr 07)
- CVE-2016-3625 libtiff: Out-of-bounds Read in the tiff2bw tool 王梅 (Apr 07)
- CVE-2016-3945 libtiff: Out-of-bounds Write in the tiff2rgba tool 王梅 (Apr 07)
- CVE-2016-3632 - libtiff 4.0.6 illegel write 张开翔 (Apr 08)
- CVE Request: systemd / journald created world readable journal files Marcus Meissner (Apr 09)
- <Possible follow-ups>
- Re: CVE Request: systemd / journald created world readable journal files cve-assign (Apr 09)
- CVE-2015-3268: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 09)
- CVE-2016-2170: Apache OFBiz information disclosure vulnerability jleroux () apache org (Apr 09)
- CVE request: imlib2 integer overflow Matthias Geerdsen (Apr 09)
- Re: CVE request: imlib2 integer overflow cve-assign (Apr 10)
- CVE request: cronic - predictable temporary files Matthias Geerdsen (Apr 09)
- Re: CVE request: cronic - predictable temporary files cve-assign (Apr 10)
- CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() Matthias Geerdsen (Apr 09)
- Re: CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate() cve-assign (Apr 10)
- CVE request: imlib2 - GIF loader: OOB read Matthias Geerdsen (Apr 09)
- Re: CVE request: imlib2 - GIF loader: OOB read cve-assign (Apr 10)
- CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse(). Matthias Geerdsen (Apr 10)
- Re: CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse cve-assign (Apr 10)
- CVE request: libcrypto++ - Timing Attack Counter Measure Matthias Geerdsen (Apr 10)
- Re: CVE request: libcrypto++ - Timing Attack Counter Measure cve-assign (Apr 10)
- Infinite loops parsing malicious DER certificates in libtasn1 4.7 Pascal Cuoq (Apr 11)
- Re: Infinite loops parsing malicious DER certificates in libtasn1 4.7 cve-assign (Apr 13)
- CVE request: Qemu: net: buffer overflow in stellaris_enet emulator P J P (Apr 11)
- Re: CVE request: Qemu: net: buffer overflow in stellaris_enet emulator cve-assign (Apr 12)
- Large amount of uninitialized values in svg parsing and processing Gustavo Grieco (Apr 11)
- CVE Request: Qemu: net: buffer overflow in MIPSnet emulator P J P (Apr 11)
- Re: CVE Request: Qemu: net: buffer overflow in MIPSnet emulator cve-assign (Apr 12)
- CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Matthias Geerdsen (Apr 11)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso (Apr 21)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Marc Deslauriers (Apr 21)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases cve-assign (Apr 23)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso (Apr 21)
- CVE request: Poppler < 0.40.0 Felipe (Apr 11)
- Re: CVE request: Poppler < 0.40.0 cve-assign (Apr 23)
- CVE-2016-3990 : out-of-bounds write in horizontalDifference8() in tiffcp tool 张开翔 (Apr 12)
- CVE-2016-3991 : out-of-bounds write in loadImage() in tiffcrop tool 张开翔 (Apr 12)
- CVE-Request for brltty auth bypass Sebastian Krahmer (Apr 12)
- Re: CVE-Request for brltty auth bypass Dave Mielke (Apr 12)
- Re: CVE-Request for brltty auth bypass cve-assign (Apr 13)
- 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 12)
- Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 13)
- Re: 39 XSS vulnerabilities in 35 wordpress plugins. Larry W. Cashdollar (Apr 14)
- CVE Request: Linux kernel: incorrect restoration of machine specific registers from signal handler. Wade Mealing (Apr 13)
- CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c P J P (Apr 13)
- Re: CVE request Qemu: i386: leakage of stack memory to guest in kvmvapic.c cve-assign (Apr 14)
- CVE for nodejs node-uuid Kurt Seifried (Apr 13)
- Re: CVE for nodejs node-uuid cve-assign (Apr 13)
- CVE request:SQL injection in TeamPass das das (Apr 14)
- Re: CVE request:SQL injection in TeamPass das das (Apr 28)
- Re: CVE request:SQL injection in TeamPass Solar Designer (Apr 28)
- Re: CVE request:SQL injection in TeamPass das das (Apr 28)
- Xen Security Advisory 174 (CVE-2016-3961) - hugetlbfs use may crash PV Linux guests Xen . org security team (Apr 14)
- CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Salvatore Bonaccorso (Apr 14)
- Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation cve-assign (Apr 14)
- Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Loganaden Velvindron (Apr 19)
- CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi (Apr 14)
- Re: CVE request: OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution Naser Farhadi (Apr 14)
- CVE request - Pulp < 2.3.0 shipped the same authentication CA key/cert to all users Randy Barlow (Apr 15)
- CVE request: Varnish 3 before 3.0.7 was vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL Régis Leroy (Apr 16)
- Unauthenticated XSS Vulnerability in kento-post-view-counter Wordpress Plugin 2.8 shravan kumar (Apr 16)
- CSRF and Stored XSS in Kento post viewer counter wordpress Plugin 2.8 shravan kumar (Apr 16)
- CSRF and Stored XSS in a WORDPRESS Plugin LeenkMe version 2.5.0. shravan kumar (Apr 16)
- Reflected XSS Vulnerability in Wordpress Custom-metas plugin 1.5.1 shravan kumar (Apr 16)
- Unauthenticated XSS Vulnerability in WORDPRESS FAQ WD plugin 1.0.14. shravan kumar (Apr 16)
- Re: CVE Request: cpio -- directory traversal none (Apr 17)
- CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value Berry (Apr 17)
- CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Message not available
- Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Re: CVE request: GnuPG classic & GnuPG modern cve-assign (Apr 21)
- Re: CVE request: GnuPG classic & GnuPG modern Stefan Kanthak (Apr 18)
- Message not available
- Re: Qemu: usb: Infinite loop vulnerability in usb_ehci using siTD process cve-assign (Apr 18)
- Re: CVE request: opam - missing certificate validation cve-assign (Apr 19)
- Re: CVE Request: Linux kernel: remote buffer overflow in usbip P J P (Apr 19)
- Re: CVE Request: Linux kernel: remote buffer overflow in usbip Greg KH (Apr 19)
- Re: CVE Request: Linux kernel: remote buffer overflow in usbip Ignat Korchagin (Apr 19)
- Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks cve-assign (Apr 21)
- Re: CVE Request: Privilege escalation in webdav Nathan Van Gheem (Apr 19)
- Re: CVE Request: Privilege escalation in webdav - Plone cve-assign (Apr 19)
- Re: CVE Request: Unauthorized disclosure of site content - Plone cve-assign (Apr 19)
- Re: CVE Request: Bypass Restricted Python - Plone cve-assign (Apr 19)
- Re: CVE Request: Squid HTTP Caching Proxy multiple issues cve-assign (Apr 20)
- Re: s/party/hack like it's 1999 Solar Designer (Apr 21)
- Re: CVE Request: jq: heap buffer overflow in tokenadd() function cve-assign (Apr 23)
- Re: CVE Request: jq: stack exhaustion using jv_dump_term() function cve-assign (Apr 24)
- Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign (Apr 25)
- Re: CVE requests: Multiple Wireshark vulnerabilities cve-assign (Apr 30)
- Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP cve-assign (Apr 27)
- Re: CVE Request: vtun: denial-of-service: high CPU usage after SIGHUP Salvatore Bonaccorso (Apr 30)
- Re: CVE Request: Out-of-bands write issue found in qemu P J P (Apr 26)
- Re: CVE Request: Out-of-bands write issue found in qemu P J P (May 02)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)
- ?????? [oss-security] 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Bob Friesenhahn (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 cve-assign (Jun 06)
- <Possible follow-ups>
- CVE-2015-5207 - Bypass of Access Restrictions in Apache Cordova iOS Tony Homer (Apr 27)
- Re: [CVE Requests] PHP issues cve-assign (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Apr 28)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (Apr 30)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Brian May (May 10)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Gustavo Grieco (May 15)
- Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions Adam Maris (Jun 06)
- Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions cve-assign (Jun 06)
- Re: buffer overflow and information leak in OCaml < 4.03.0 cve-assign (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files Gustavo Grieco (Apr 29)
- Re: CVE request: Mplayer/Mencoder integer overflow parsing gif files cve-assign (Apr 29)
- Re: CVE request: three issues in libksba cve-assign (Apr 29)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request: three issues in libksba cve-assign (May 10)
- Re: Re: CVE request: three issues in libksba Andreas Stieger (May 10)
- Re: CVE request - Quassel IRC denial of service cve-assign (Apr 30)
- Re: CVE Request: libpam-sshauth: local root privilege escalation cve-assign (May 01)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Vagrant Cascadian (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Scott Balneaves (May 03)
- Re: CVE Request: libpam-sshauth: local root privilege escalation Salvatore Bonaccorso (May 03)
- Re: CVE request: DoS in multiple versions of GraphicsMagick Bob Friesenhahn (May 01)
- Re: CVE request: DoS in multiple versions of GraphicsMagick cve-assign (Jun 02)
- Re: CVE Request: Jansson: stack exhaustion parsing a JSON file cve-assign (May 02)
- Re: CVE Request: Jansson: stack exhaustion parsing a JSON file Gustavo Grieco (May 03)
- Re: CVE request: atheme: security fixes cve-assign (May 02)
- Re: CVE request: atheme: security fixes Max Teufel (May 03)
- Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen (May 03)
- Re: OpenSSL Security Advisory [3rd May 2016] Solar Designer (May 03)
- Re: OpenSSL Security Advisory [3rd May 2016] Gsunde Orangen (May 03)
- Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli (May 03)
- Re: OpenSSL Security Advisory [3rd May 2016] Alan J. Wylie (May 04)
- Re: OpenSSL Security Advisory [3rd May 2016] Albert Veli (May 04)
- Re: OpenSSL Security Advisory [3rd May 2016] Solar Designer (May 03)
- Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode cve-assign (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Solar Designer (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Karim Valiev (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Tim (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Brandon Dees (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Seth Arnold (May 03)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Jeremy Stanley (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Kurt Seifried (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon McVittie (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 John Lightsey (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Bob Friesenhahn (May 20)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Simon Lees (May 20)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Thomas Klausner (May 19)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Sven Kieske (May 20)
- Re: ImageMagick Is On Fire -- CVE-2016-3714 Karim Valiev (May 03)
- Re: CVE Request: information leak in devio of Linux kernel cve-assign (May 03)
- Re: Dotclear 2.9.1 XSS vulnerability by SVG Aymeric (May 04)
- Re: libonion 0.8 contains security fixes Adrien Nader (May 04)
- Re: libonion 0.8 contains security fixes Solar Designer (May 04)
- Re: broken RSA keys Solar Designer (May 04)
- Re: broken RSA keys Solar Designer (May 04)
- Re: broken RSA keys Alexander Cherepanov (May 04)
- Re: broken RSA keys Stanislav Datskovskiy (May 04)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Alexander Cherepanov (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Solar Designer (May 12)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Solar Designer (May 05)
- Re: broken RSA keys Daniel Kahn Gillmor (May 07)
- Re: broken RSA keys Simon McVittie (May 05)
- Re: broken RSA keys Solar Designer (May 04)
- Re: broken RSA keys Alexander Cherepanov (May 04)
- Re: broken RSA keys Alexander Cherepanov (May 04)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Hanno Böck (May 05)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: broken RSA keys Alexander Cherepanov (May 05)
- Re: broken RSA keys Ben Laurie (May 11)
- Re: broken RSA keys Stanislav Datskovskiy (May 05)
- Re: CVE Request: information leak in wilc1000 module of Linux kernel Greg KH (May 04)
- Re: CVE Request: kernel information leak vulnerability in llc module cve-assign (May 04)
- Re: CVE Request: kernel information leak vulnerability in rtnetlink cve-assign (May 04)
- Re: CVE Request: No Demangling During Analysis of Untrusted Binaries cve-assign (May 04)
- Re: CVE request - samsumg android phone TvoutService_C binder service DoS cve-assign (May 05)
- Re: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 cve-assign (May 05)
- Re: CVE Request: Squid HTTP caching proxy cve-assign (May 06)
- Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' cve-assign (May 07)
- Message not available
- Message not available
- Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud (May 09)
- Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Jann Horn (May 09)
- Message not available
- Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' Yann Droneaud (May 09)
- Re: CVE Request: Linux: IB/security: Restrict use of the write() interface' ira.weiny (May 12)
- Re: CVE Request: wordpress and mediaelement cve-assign (May 07)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 08)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign (May 09)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 11)
- Re: dosfstools / fsck.vfat: Several invalid memory accesses cve-assign (May 14)
- Re: CVE Request: kernel information leak vulnerability in Linux sound module cve-assign (May 09)
- Re: Re: CVE Request: kernel information leak vulnerability in Linux sound module Steve Beattie (May 10)
- <Possible follow-ups>
- GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- Re: GraphicsMagick Response To "ImageTragick" Bob Friesenhahn (May 09)
- Re: GraphicsMagick Response To "ImageTragick" John Lightsey (May 09)
- Re: GraphicsMagick Response To "ImageTragick" David Chan (May 12)
- Re: GraphicsMagick Response To "ImageTragick" Simon McVittie (May 09)
- <Possible follow-ups>
- Xen Security Advisory 179 (CVE-2016-3710,CVE-2016-3712) - QEMU: Banked access to VGA memory (VBE) uses inconsistent bounds checks Xen . org security team (May 10)
- Re: BitKeeper /tmp vulns Michael Scherer (May 10)
- Re: BitKeeper /tmp vulns Kurt Seifried (May 10)
- Re: BitKeeper /tmp vulns Michael Scherer (May 10)
- Re: BitKeeper /tmp vulns Larry McVoy (May 10)
- Re: BitKeeper /tmp vulns Michael Scherer (May 10)
- Re: BitKeeper /tmp vulns Kurt Seifried (May 10)
- Re: CVE request: libksba out-of-bouds read remote DOS issue fixed in 1.3.4 cve-assign (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Takashi Iwai (May 11)
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer cve-assign (May 11)
- <Possible follow-ups>
- Re: CVE Request: alsa: kernel information leak vulnerability in Linux sound/core/timer Kangjie Lu (May 11)
- Re: ImageMagick heap overflow and out of bounds read Andrej Nemec (May 17)
- Re: CVE Requests: Linux: use-after-free issue for ppp channel Baozeng Ding (May 15)
- Re: CVE Requests: Linux: use-after-free issue for ppp channel cve-assign (May 15)
- Re: Reflected XSS in three Wordpress plugins. Henri Salo (May 12)
- Re: CVE Request - OpenJPEG: Security Fixes Moritz Muehlenhoff (May 12)
- Re: CVE Request - OpenJPEG: Security Fixes cve-assign (May 12)
- <Possible follow-ups>
- Re: Re: CVE Request - OpenJPEG: Security Fixes WinsonLiu (May 12)
- Re: Linux Kernel bpf related UAF cve-assign (May 12)
- Re: Linux Kernel bpf related UAF Marco Grassi (May 12)
- Re: Re: Linux Kernel bpf related UAF Daniel Borkmann (Jun 14)
- <Possible follow-ups>
- Re: CVE Request : Use-after-free in openjpeg cve-assign (May 12)
- Re: CVE request for vulnerability in OpenStack Keystone cve-assign (May 17)
- Re: CVE Request: null pointer deref in openslp, can be triggered remotely cve-assign (May 18)
- Re: Re: CVE Request: null pointer deref in openslp, can be triggered remotely Huzaifa Sidhpurwala (May 18)
- Re: CVE request: -- Linux kernel: Null pointer dereference in tipc_nl_publ_dump cve-assign (May 21)
- Re: CVE request: OpenNTPD not verifying CN during HTTPS constraints request cve-assign (May 29)
- Re: CVE request: /tmp usage race condition in onionshare cve-assign (May 24)
- Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump Solar Designer (May 24)
- Re: CVE request: Multiple vunerabilities in libdwarf & dwarfdump cve-assign (May 24)
- Re: CVE Request: Qemu: scsi: mptsas infinite loop in mptsas_fetch_requests cve-assign (May 24)
- Re: Fwd: CVE for PHP 5.5.36 issues cve-assign (May 26)
- Re: CVE-Request: TYPO3 Extbase Missing Access Check cve-assign (May 25)
- Re: CVE Request: roundcube: XSS vulnerability in mail content page cve-assign (May 26)
- Re: CVE Requests: libimobiledevice and libusbmuxd cve-assign (May 26)
- Re: Security issues addressed in GraphicsMagick SVG reader Stefan Cornelius (May 31)
- Re: Security issues addressed in GraphicsMagick SVG reader Bob Friesenhahn (May 31)
- Re: CVE request: Mplayer/Mencoder read out-of-bounds parsing a mp3 file cve-assign (May 29)
- Re: CVE Request: libgd - gdCtxPrintf memory leak cve-assign (May 29)
- Re: CVE Request Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl cve-assign (May 30)
- Re: ImageMagick CVEs cve-assign (Jun 02)
- Re: "The Blind SQL Injection Issue" explanation Solar Designer (Jun 01)
- Re: CVE Request Qemu: scsi: esp: OOB write when using non-DMA mode in get_cmd cve-assign (Jun 02)
- Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Adam Maris (Jun 02)
- Re: CVE Request: bad USB host adapter implementation can corrupt memory/brick machine Marcus Meissner (Jun 02)
- Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites cve-assign (Jun 02)
- Re: CVE request: DoS in phantomjs 2.1.1 rasterizing websites Gustavo Grieco (Jun 04)
- Re: CVE request: mat doesn't remove metadata in embedded images in PDFs cve-assign (Jun 02)
- Re: CVE request: mat doesn't remove metadata in embedded images in PDFs Holger Levsen (Jun 02)
- <Possible follow-ups>
- Xen Security Advisory 178 (CVE-2016-4963) - Unsanitised driver domain input in libxl device handling Xen . org security team (Jun 06)
- Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump cve-assign (Jun 03)
- Re: CVE Request: rds: fix an infoleak in rds_inc_info_copy cve-assign (Jun 03)
- Re: CVE Request: Dnsmasq denial of service cve-assign (Jun 03)
- Re: expat hash collision fix too predictable? cve-assign (Jun 03)
- Re: Re: expat hash collision fix too predictable? Daniel Micay (Jun 04)
- Re: expat hash collision fix too predictable? Sebastian Pipping (Jun 04)
- Re: expat hash collision fix too predictable? cve-assign (Jun 04)
- Re: expat hash collision fix too predictable? Sebastian Pipping (Jun 04)
- Re: Libtorrent http_parser.cpp denial of service cve-assign (Jun 04)
- Re: Requesting CVE for ImageMagick DoS cve-assign (Jun 05)
- Re: CVE Request: GnuTLS: GNUTLS-SA-2016-1: File overwrite by setuid programs Adam Maris (Jun 07)
- Re: CVE Request Qemu: scsi: esp: OOB r/w access while processing ESP_FIFO cve-assign (Jun 08)
- Re: Please reject duplicate CVE for libxml2 Salvatore Bonaccorso (Jun 07)
- Re: CVE Request: wireshark releases Andreas Stieger (Jun 09)
- Re: CVE Request: wireshark releases cve-assign (Jun 09)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Alex Gaynor (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Gsunde Orangen (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Marcus Meissner (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Roman Drahtmueller (Jun 09)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 09)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Billy Brumley (Jun 08)
- Re: CVE-2016-2178: OpenSSL DSA follows a non-constant time codepath for certain operations Alex Gaynor (Jun 08)
- Re: CVE Request: ruby openssl hostname verification issue cve-assign (Jun 09)
- Re: CVE Request: ruby openssl hostname verification issue Marcus Meissner (Jun 15)
- Re: CVE Request: haproxy remote denial of service via reqdeny cve-assign (Jun 09)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Jun 10)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala (Jun 12)
- Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack cve-assign (Jun 13)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jun 13)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Paul Wouters (Jun 14)
- Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack Huzaifa Sidhpurwala (Jun 12)
- Re: Ruby gem rack-mini-profiler CVE-2016-4442 Reed Loden (Jun 10)
- Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Jun 10)
- Re: Simple Machines Forums - PHP Object Injection cve-assign (Jun 18)
- Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Willy Tarreau (Jun 10)
- Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ Solar Designer (Jun 22)
- Re: MantisBT: XSS in custom fields management cve-assign (Jun 11)
- Re: MantisBT: XSS in custom fields management Damien Regad (Jun 11)
- Re: CVE Request for Denial of Service in pacman 5.0.1 cve-assign (Jun 14)
- Re: CVE request: several SOGo issues (DOS, XSS, information leakage) cve-assign (Jun 14)
- Re: Various invalid memory reads in ImageMagick (WPG, DDS, DCM) cve-assign (Jun 17)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 14)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Tim (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 17)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Marcus Meissner (Jun 23)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign (Jun 23)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client Cedric Buissart (Jun 15)
- Re: CVE request: Python HTTP header injection in urrlib2/urllib/httplib/http.client cve-assign (Jun 16)
- Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero Marcus Meissner (Jun 15)
- Re: CVE-2016-5320: libtiff 4.0.6 rgb2ycbcr: command excution Marcus Meissner (Jun 15)
- Re: CVE Request: heap overflow in Python zipimport module cve-assign (Jun 16)
- Re: Many invalid memory access issues in libarchive cve-assign (Jun 17)
- RE: CVE Request: 2015 squidguard reflected XSS CVE ID Requests (Jun 20)
- Re: CVE Request: 2015 squidguard reflected XSS cve-assign (Jun 21)
- Re: Jenkins plugins -- multiple fixes Daniel Beck (Jun 20)
- Re: SELinux troubles Tomas Hoger (Jun 21)
- Re: CVE Request Openstack-infra puppet-gerrit module xss vulnerability cve-assign (Jun 22)
- Re: CVE request: SQL injection in MovableType xml-rpc interface cve-assign (Jun 22)
- Re: CVE request: SQL injection in MovableType xml-rpc interface John Lightsey (Jun 22)
- Re: CVE for PHP 5.5.37 issues cve-assign (Jun 23)
- Re: Out of bounds read and signed integer overflow in libarchive cve-assign (Jun 24)
- Re: libical 0.47 SEGV on unknown address cve-assign (Jun 25)
- Re: libical 0.47 SEGV on unknown address Alan Coopersmith (Jun 25)
- Re: libical 0.47 SEGV on unknown address Brandon Perry (Jun 25)
- Re: CVE Request: Linux kernel HID: hiddev buffer overflows cve-assign (Jun 26)
- Re: CVE request: MatrixSSL lack of RSA-CRT hardening Hanno Böck (Jun 29)
- Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco (Jun 27)
- Re: Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi (Jun 28)
- Re: Apache Xerces getLastExtEntityInfo Use-After-Free Gustavo Grieco (Jun 28)
- Re: Apache Xerces getLastExtEntityInfo Use-After-Free Marco Grassi (Jun 28)
- Re: CVE Request: integer overflow in ALSA snd_compress_check_input cve-assign (Jun 28)
- Re: CVE request - python-docx 0.8.5 - XXE cve-assign (Jun 28)
- Re: CVE Request - PECL-HTTP 3.0.0 Buffer overflow cve-assign (Jun 29)
- <Possible follow-ups>
- Re: Debian Exim Spool Local Root Yves-Alexis Perez (Jun 30)
- Re: CVE Request: No demangling of untrusted binaries (2) cve-assign (Jun 30)
- Re: CVE Request: No demangling of untrusted binaries (2) Marcel Böhme (Jun 30)