oss-sec: by thread
658 messages
starting Apr 01 17 and
ending Jun 30 17
Date index |
Thread index |
Author index
- podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp) Agostino Sarubbo (Apr 01)
- podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp) Agostino Sarubbo (Apr 01)
- podofo: four null pointer dereference Agostino Sarubbo (Apr 01)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Vladis Dronov (Apr 04)
- Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer (Apr 01)
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Solar Designer (Apr 01)
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Martin Prpic (Apr 03)
- <Possible follow-ups>
- Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov (May 10)
- CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create P J P (Apr 03)
- CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik (Apr 03)
- CVE Request - XStream: DoS when unmarshalling void Jörg Schaible (Apr 03)
- Re: CVE Request - XStream: DoS when unmarshalling void Andrej Nemec (Apr 12)
- CVE-2017-2667: Hammer CLI SSL certificate verification disabled Dominic Cleal (Apr 04)
- Xen Security Advisory 212 (CVE-2017-7228) - x86: broken check in memory_exchange() permits PV guest breakout Xen . org security team (Apr 04)
- [CVE-2017-5649] Apache Geode information disclosure vulnerability Anthony Baker (Apr 04)
- [SECURITY ADVISORY] curl: --write-out out of buffer read Daniel Stenberg (Apr 04)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Marcus Meissner (Apr 04)
- Re: Linux kernel ping socket / AF_LLC connect() sin_family race Kurt Seifried (Apr 04)
- Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Tim Graham (Apr 04)
- Blind SQL Injection and persistent XSS in Wordpress plugin image-gallery-with-slideshow v1.5.2 Larry W. Cashdollar (Apr 05)
- [OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) Tristan Cacqueray (Apr 05)
- libxslt math.random issue Marcus Meissner (Apr 05)
- Re: libxslt math.random issue Florian Weimer (Apr 05)
- Message not available
- Re: libxslt math.random issue Frank Ch. Eigler (Apr 07)
- Re: Re: libxslt math.random issue Florian Weimer (Apr 07)
- Message not available
- Re: libxslt math.random issue Hanno Böck (Apr 06)
- Re: libxslt math.random issue Marcus Meissner (Apr 06)
- Re: libxslt math.random issue Florian Weimer (Apr 05)
- CVE Request: Interger overflow vulnerability in ptp_unpack_OPL function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)
- CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) 王永科 (Apr 06)
- CVE-2017-2672: Foreman image password disclosure in audit log Dominic Cleal (Apr 06)
- WebKitGTK+ Security Advisory WSA-2017-0003 Carlos Alberto Lopez Perez (Apr 06)
- CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 07)
- Re: CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo (Apr 29)
- CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization Matthias Gerstner (Apr 07)
- [CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda (Apr 07)
- Request CVE ID for information disclosure present in ForgeRock OpenIDM 4.0.0 and 4.5.0 Oliveira Lima (Apr 07)
- CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
- CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo (Apr 10)
- CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c Agostino Sarubbo (Apr 10)
- libtiff: divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) Agostino Sarubbo (Apr 10)
- libtiff: multiple UBSAN crashes Agostino Sarubbo (Apr 10)
- libaacplus: signed integer overflow, left shift and assertion failure Agostino Sarubbo (Apr 10)
- imagemagick: undefined behavior in coders/rle.c Agostino Sarubbo (Apr 10)
- elfutils: heap-based buffer overflow in handle_gnu_hash (readelf.c) Agostino Sarubbo (Apr 10)
- elfutils: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) Agostino Sarubbo (Apr 10)
- elfutils: memory allocation failure in __libelf_decompress (elf_compress.c) Agostino Sarubbo (Apr 10)
- elfutils: heap-based buffer overflow in check_group (elflint.c) Agostino Sarubbo (Apr 10)
- elfutils: heap-based buffer overflow in check_symtab_shndx (elflint.c) Agostino Sarubbo (Apr 10)
- elfutils: heap-based buffer overflow in check_sysv_hash (elflint.c) Agostino Sarubbo (Apr 10)
- elfutils: memory allocation failure in xcalloc (xmalloc.c) Agostino Sarubbo (Apr 10)
- binutils: two NULL pointer dereference in elflink.c Agostino Sarubbo (Apr 10)
- Re: binutils: two NULL pointer dereference in elflink.c Marcus Meissner (Apr 10)
- alloca in inline functions can be dangerous Jason A. Donenfeld (Apr 10)
- Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)
- Re: alloca in inline functions can be dangerous Andreas Lausch-Waas (Apr 15)
- Re: alloca in inline functions can be dangerous Florian Weimer (Apr 14)
- Re: alloca in inline functions can be dangerous Leandro Pereira (Apr 10)
- web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords Salvatore Bonaccorso (Apr 10)
- [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
- [SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service Mark Thomas (Apr 10)
- [SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
- [SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure Mark Thomas (Apr 10)
- CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication Aki Tuomi (Apr 11)
- libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 12)
- Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 14)
- Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 15)
- Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Leo Famulari (Apr 15)
- Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Nick Boyce (Apr 15)
- Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 16)
- Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo (Apr 15)
- Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman (Apr 14)
- ISC announces three BIND vulnerabilities Michael McNally (Apr 12)
- libsndfile: invalid memory READ and invalid memory WRITE in flac_buffer_copy (flac.c) Agostino Sarubbo (Apr 13)
- Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár (Apr 14)
- MantisBT - Full admin access vulnerability 7b4xrw+5q6jtt69cnwlw (Apr 16)
- Re: MantisBT - Full admin access vulnerability - CVE-2017-7615 Damien Regad (Apr 16)
- Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 16)
- Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Greg KH (Apr 17)
- Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler (Apr 18)
- Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Greg KH (Apr 17)
- CVE-2017-5645: Apache Log4j socket receiver deserialization vulnerability Matt Sicker (Apr 17)
- Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)
- Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Solar Designer (Apr 17)
- Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda (Apr 17)
- Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Solar Designer (Apr 17)
- Additional information for packagers concerning recent BIND security vulnerabilities ISC Security Officer (Apr 17)
- [ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call (Apr 17)
- [ANNOUNCE] Chunking and content-length vulnerability in ATS - CVE-2017-5659 Bryan Call (Apr 17)
- [CVE-2017-5662] Apache Batik information disclosure vulnerability Simon Steiner (Apr 18)
- [CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner (Apr 18)
- Re: Apache XML Graphics FOP information disclosure vulnerability Ian Zimmerman (Apr 18)
- New security advisories for Apache CXF Colm O hEigeartaigh (Apr 18)
- CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow Solar Designer (Apr 18)
- [SECURITY ADVISORY] curl: TLS session resumption client cert bypass (again) Daniel Stenberg (Apr 18)
- CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host P J P (Apr 19)
- CVE-2017-7874 versus CVE-2009-1185 ? Sebastian Krahmer (Apr 19)
- Re: CVE-2017-7874 versus CVE-2009-1185 ? Marcus Meissner (Apr 19)
- CVE-2017-7718 Qemu: display: cirrus: OOB read access issue P J P (Apr 19)
- CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin (Apr 19)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 19)
- Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski (Apr 24)
- CVE-2017-7979: Linux kernel: local DoS via packet action API Fabian Grünbichler (Apr 20)
- Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 20)
- Re: CVE-2017-8283 Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover (Apr 27)
- CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Andrej Nemec (Apr 20)
- Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (Apr 20)
- Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage (May 17)
- CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines P J P (Apr 21)
- CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Xiaobo Xiang (Apr 22)
- libcroco: heap overflow and undefined behavior Agostino Sarubbo (Apr 23)
- Re: libcroco: heap overflow and undefined behavior Marcus Meissner (Apr 24)
- imageworsener: divide-by-zero in iwgif_record_pixel (imagew-gif.c) Agostino Sarubbo (Apr 23)
- imageworsener: multiple vulnerabilities Agostino Sarubbo (Apr 23)
- <Possible follow-ups>
- imageworsener: multiple vulnerabilities Agostino Sarubbo (May 23)
- remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn (Apr 24)
- Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox (May 08)
- Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried (May 08)
- CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 24)
- Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 26)
- Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec (Apr 25)
- Re: CVE request: remote heap overflow in linux networking stack Solar Designer (Apr 24)
- SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 24)
- Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Kurt Seifried (Apr 24)
- Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Stuart Gathman (Apr 25)
- Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dimitrios Glynos (Apr 25)
- Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
- Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski (Apr 26)
- [ANNOUNCE] CVE-2015-7559 - DoS in client via shutdown command Dejan Bosanac (Apr 25)
- CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c Andrej Nemec (Apr 25)
- CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr P J P (Apr 25)
- [OSSA-2017-004] federated user gets wrong role (CVE-2017-2673) Tristan Cacqueray (Apr 25)
- CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas (Apr 25)
- CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Chris Douglas (Apr 25)
- CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 P J P (Apr 26)
- Multiple vulnerabilities in Jenkins Daniel Beck (Apr 26)
- kedpm: Information leak via the command history file Antoine Beaupré (Apr 26)
- Re: kedpm: Information leak via the command history file Emilio Pozuelo Monfort (Apr 27)
- Re: kedpm: Information leak via the command history file Antoine Beaupré (Apr 27)
- Re: kedpm: Information leak via the command history file Emilio Pozuelo Monfort (Apr 27)
- CVE-2017-8288: gnome-shell may leave extensions enabled in the lock screen Emilio Pozuelo Monfort (Apr 27)
- CVE Request: Two memory corruption vulnerabilities ldns 1.7 Stephan Zeisberg (Apr 27)
- Re: CVE Request: Two memory corruption vulnerabilities ldns 1.7 Andrej Nemec (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Kash Pande (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Solar Designer (Apr 27)
- Re: MITRE is adding data intake to its CVE ID process Kurt Seifried (Apr 27)
- CVE-2017-8291 ghostscript remote code execution Marcus Meissner (Apr 27)
- <Possible follow-ups>
- Re: CVE-2017-8291 ghostscript remote code execution security (Apr 27)
- Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution David Black (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution redrain root (Apr 29)
- Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
- Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier (Apr 28)
- CVE-2017-8301: TLS verification vulnerability in LibreSSL 2.5.1 - 2.5.3 Jakub Jirutka (Apr 27)
- CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program 李琪 (Apr 28)
- Re: mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo (Apr 29)
- Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo (Apr 29)
- Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo (Apr 29)
- Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo (Apr 29)
- Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
- Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo (Apr 29)
- Re: libming: listmp3: left shift in listmp3.c Agostino Sarubbo (Apr 29)
- Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo (Apr 29)
- SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V. (Apr 29)
- imageworsener: memory allocation failure in my_mallocfn (imagew-cmd.c) Agostino Sarubbo (Apr 30)
- imageworsener: two left shift Agostino Sarubbo (Apr 30)
- imageworsener: heap-based buffer overflow in iw_process_cols_to_intermediate (imagew-main.c) Agostino Sarubbo (Apr 30)
- Arbitrary file upload vulnerability in Wordpress plugin flickr-picture-backup v0.7 Larry W. Cashdollar (Apr 30)
- radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks Salvatore Bonaccorso (Apr 30)
- libsndfile: global buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
- libsndfile: invalid memory read in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
- libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo (May 01)
- rzip: heap-based buffer overflow in read_buf (stream.c) Agostino Sarubbo (May 01)
- libsndfile: global buffer overflow in i2les_array (pcm.c) Agostino Sarubbo (May 01)
- ettercap: etterfilter: heap-based buffer overflow write Agostino Sarubbo (May 01)
- libmad: assertion failure in layer3.c Agostino Sarubbo (May 01)
- libmad: heap-based buffer overflow in mad_layer_III (layer3.c) Agostino Sarubbo (May 01)
- libmad: heap-based buffer overflow in mad_bit_skip (bit.c) Agostino Sarubbo (May 01)
- telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Agostino Sarubbo (May 01)
- libarchive: two heap-based buffer overflow read Agostino Sarubbo (May 01)
- terminal emulators' processing of escape sequences Solar Designer (May 01)
- Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
- Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
- Re: terminal emulators' processing of escape sequences Michal Zalewski (May 01)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 01)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 03)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 16)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 16)
- Re: terminal emulators' processing of escape sequences Yui Hirasawa (May 19)
- Re: terminal emulators' processing of escape sequences Jason A. Donenfeld (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 16)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- AW: terminal emulators' processing of escape sequences Fiedler Roman (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 17)
- Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor (May 18)
- Re: terminal emulators' processing of escape sequences Tavis Ormandy (May 19)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 17)
- Re: terminal emulators' processing of escape sequences Marc Lehmann (May 17)
- rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman (May 17)
- Re: terminal emulators' processing of escape sequences Dominique Martinet (May 17)
- Re: terminal emulators' processing of escape sequences Robert Święcki (May 01)
- Re: terminal emulators' processing of escape sequences Steve Kemp (May 02)
- Re: terminal emulators' processing of escape sequences Solar Designer (May 02)
- Re: terminal emulators' processing of escape sequences Guido Berhoerster (May 03)
- Re: terminal emulators' processing of escape sequences Shiz (May 08)
- Re: terminal emulators' processing of escape sequences Ryan Munz (May 08)
- Re: terminal emulators' processing of escape sequences Simon Lees (May 17)
- Re: terminal emulators' processing of escape sequences Yves-Alexis Perez (May 01)
- RuboCop: insecure use of /tmp Jakub Wilk (May 01)
- Integer Overflow in rxvt Jason A. Donenfeld (May 01)
- Re: Integer Overflow in rxvt Jason A. Donenfeld (May 01)
- Re: Integer Overflow in rxvt Jason A. Donenfeld (May 16)
- Re: Integer Overflow in rxvt Jason A. Donenfeld (May 01)
- Xen Security Advisory 214 - grant transfer allows PV guest to elevate privileges Xen . org security team (May 02)
- Xen Security Advisory 213 - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team (May 02)
- Xen Security Advisory 215 - possible memory corruption via failsafe callback Xen . org security team (May 02)
- CVE-2017-7645 Linux kernel: nfsd: remote DoS Ari Kauppi (May 02)
- CVE-2017-7895 Linux kernel: nfsd: Remote arbitrary memory read Ari Kauppi (May 02)
- CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer P J P (May 03)
- CVE-2017-8379 Qemu: input: host memory lekage via keyboard P J P (May 03)
- CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write P J P (May 03)
- [oss-security]Sourcetree arbitrary command execution redrain root (May 03)
- Re: [oss-security]Sourcetree arbitrary command execution Adrien Nader (May 03)
- [CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs (May 03)
- [CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs (May 03)
- MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
- Re: MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár (May 03)
- rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 03)
- Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)
- Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso (May 07)
- Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer (May 08)
- Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner (May 05)
- Re: rpcbomb: remote rpcbind denial-of-service Guido Vranken (May 04)
- Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold (May 03)
- [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 03)
- Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Sam Pizzey (May 03)
- Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Kash Pande (May 07)
- Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski (May 07)
- libpcre: heap-based buffer overflow write in pcre2test.c Agostino Sarubbo (May 07)
- Reminder about CVE process? Perry E. Metzger (May 08)
- Re: Reminder about CVE process? Cliff Perry (May 08)
- CVE updates: fixes in Apache Atlas 0.7.1-incubating Madhan Neethiraj (May 08)
- libetpan: NULL dereference vulnerability Perry E. Metzger (May 08)
- lxterminal: insecurely uses /tmp for a socket file Medical Wei (May 08)
- lrzip: divide-by-zero in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
- lrzip: NULL pointer dereference in bufRead::get (libzpaq.h) Agostino Sarubbo (May 09)
- lrzip: NULL pointer dereference in join_pthread (stream.c) Agostino Sarubbo (May 09)
- lrzip: invalid memory read in lzo_decompress_buf (stream.c) Agostino Sarubbo (May 09)
- lrzip: heap-based buffer overflow write in read_1g (stream.c) Agostino Sarubbo (May 09)
- lrzip: use-after-free in read_stream (stream.c) Agostino Sarubbo (May 09)
- Numerous FreeTDS crashes fixed on master Brandon Perry (May 09)
- Re: Numerous FreeTDS crashes fixed on master Brandon Perry (May 10)
- CVE-2016-6799: Internal system information leak Simon MacDonald (May 09)
- CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 09)
- Re: CVE Request: Denial of Service in Dropbox lepton Seth Arnold (May 09)
- Message not available
- Re: CVE Request: Denial of Service in Dropbox lepton Insu Yun (May 10)
- Message not available
- Re: CVE Request: Denial of Service in Dropbox lepton Seth Arnold (May 09)
- Re: generic kde LPE Simon McVittie (May 10)
- Re: Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch (May 17)
- Re: Dolibarr ERP & CRM - Multiple Issues Brandon Perry (May 17)
- CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov (May 12)
- Re: Multiple crashes in OpenEXR Henri Salo (May 12)
- Re: Multiple crashes in OpenEXR Brandon Perry (May 12)
- Re: Multiple crashes in OpenEXR Brandon Perry (May 22)
- Re: Multiple crashes in OpenEXR Brandon Perry (May 12)
- Re: Kernel 4.1.y might not contain patches for CVE-2016-10229 Greg KH (May 14)
- Re: Invalid writes and reads in libxml2 Manh Dung Nguyen (May 21)
- Re: CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Guido Berhoerster (May 15)
- Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
- Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
- Re: Defense in depth patch for rxvt-unicode Marc Lehmann (May 17)
- Re: Defense in depth patch for rxvt-unicode Jason A. Donenfeld (May 18)
- Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 20)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn (May 23)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham (May 22)
- Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari (May 20)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Perry E. Metzger (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 23)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Jeremy Stanley (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Martin (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Martin (May 22)
- Re: How to request a CVE for open source projects Anthony Sasadeusz (May 22)
- Re: CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Sergio Pena (May 30)
- Re: independent volunteers on distros list Josh Bressers (May 29)
- CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass (erratum) Pavel Kankovsky (Jun 06)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function kseifried () redhat com (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Hanno Böck (May 30)
- Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux kseifried () redhat com (May 30)
- Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory (Jun 14)
- Re: CVE request form not working Agostino Sarubbo (May 31)
- Re: CVE request form not working Peter Bex (May 31)
- Re: I found Crash in tcpdump and radare2. Hanno Böck (May 31)
- Re: I found Crash in tcpdump and radare2. Solar Designer (May 31)
- Re: Information on recent sqlite3 issues? Andreas Stieger (May 31)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Kurt Seifried (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 01)
- Re: Information on recent sqlite3 issues? Moritz Muehlenhoff (Jun 04)
- Re: Information on recent sqlite3 issues? Salvatore Bonaccorso (Jun 05)
- Re: Information on recent sqlite3 issues? Nicholas Luedtke (Jun 01)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 22)
- Re: Information on recent sqlite3 issues? Johannes Segitz (Jun 01)
- Re: Information on recent sqlite3 issues? Agostino Sarubbo (May 31)
- Re: unresponsive distros Liguori, Anthony (Jun 01)
- Re: unresponsive distros Solar Designer (Jun 01)
- Re: unresponsive distros Liguori, Anthony (Jun 01)
- Re: unresponsive distros Liguori, Anthony (Jun 01)
- Re: unresponsive distros Solar Designer (Jun 01)
- Re: unresponsive distros Solar Designer (Jun 01)
- Re: unresponsive distros Solar Designer (Jun 01)
- Re: What happens in order to get CVE numbers kseifried () redhat com (Jun 02)
- Re: What happens in order to get CVE numbers Leo Famulari (Jun 02)
- Re: What happens in order to get CVE numbers Qhdwns123 (Jun 02)
- Re: What happens in order to get CVE numbers Kurt Seifried (Jun 02)
- Re: What happens in order to get CVE numbers Qhdwns123 (Jun 02)
- Re: Arbitrary terminal access via sudo on Linux Kurt Seifried (Jun 02)
- Re: Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
- Re: Arbitrary terminal access via sudo on Linux Qualys Security Advisory (Jun 06)
- Re: Arbitrary terminal access via sudo on Linux Todd C. Miller (Jun 02)
- Re: TIOCSTI not going away Karel Zak (Jun 03)
- Re: TIOCSTI not going away Lizzie Dixon (Jun 03)
- Re: TIOCSTI not going away Solar Designer (Jun 29)
- Re: TIOCSTI not going away Nick Kralevich (Jun 29)
- Re: TIOCSTI not going away Todd C. Miller (Jun 29)
- Re: TIOCSTI not going away Christos Zoulas (Jun 29)
- Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui (Jun 07)
- Re: Vixie/ISC Cron group crontab to root escalation Ian Zimmerman (Jun 08)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith (Jun 12)
- Re: Vixie/ISC Cron group crontab to root escalation Solar Designer (Jun 09)
- Re: Vixie/ISC Cron group crontab to root escalation Salvatore Bonaccorso (Jun 09)
- <Possible follow-ups>
- Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk (Jun 13)
- Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman (Jun 13)
- Re: How long does DWF usually take to issue cve? Kurt Seifried (Jun 08)
- Re: Is not memory allocation failure a bug? Marcus Meissner (Jun 08)
- Re: Is not memory allocation failure a bug? Bob Friesenhahn (Jun 08)
- Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)
- Re: Is not memory allocation failure a bug? Kurt Seifried (Jun 08)
- Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)
- Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár (Jun 12)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt H Maier (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() kseifried () redhat com (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Seth Arnold (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Feng Cao (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Brian May (Jun 15)
- Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris (Jun 15)
- Re: Security bug report read-protected Johannes Bauer (Jun 09)
- Re: Security bug report read-protected Andreas Stieger (Jun 09)
- Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 14)
- Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer (Jun 15)
- Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal (Jun 15)
- Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Adam Maris (Jun 13)
- Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko (Jun 20)
- Re: Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister (Jun 13)
- Re: OpenJDK: java(1): untrusted search path Stiepan (Jun 13)
- Re: CVE request: sthttpd remote heap buffer overflow Andrej Nemec (Jun 15)
- Re: CVE request: sthttpd remote heap buffer overflow Thomas Deutschmann (Jun 29)
- Re: Do I have to inform someone about CVE? Solar Designer (Jun 15)
- Re: Do I have to inform someone about CVE? Kurt Seifried (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Andrej Nemec (Jun 15)
- Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
- <Possible follow-ups>
- Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
- re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)
- Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 19)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 19)
- Re: Qualys Security Advisory - The Stack Clash Marcus Meissner (Jun 19)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 19)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 20)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash nospam (Jun 21)
- Re: Re: Qualys Security Advisory - The Stack Clash Franz Pletz (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 25)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 28)
- Re: Qualys Security Advisory - The Stack Clash Josh Bressers (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Stuart Henderson (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Florian Weimer (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 19)
- Re: Qualys Security Advisory - The Stack Clash Agostino Sarubbo (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash PaX Team (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 19)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay (Jun 21)
- Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy (Jun 23)
- Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law (Jun 19)
- Re: CVE-request: heap-buffer-overflow in jasper Emilio Pozuelo Monfort (Jun 21)
- Re:Re: [oss-security] CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 21)
- <Possible follow-ups>
- CVE-request: heap-buffer-overflow in jasper xiaoqixue_1 (Jun 20)
- <Possible follow-ups>
- Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team (Jun 20)
- Re: 4 remote vulnerabilities in OpenVPN Solar Designer (Jun 21)
- Re: 4 remote vulnerabilities in OpenVPN Guido Vranken (Jun 21)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 22)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger (Jun 29)
- Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
- Re: stackguard fix in Red Hat and Ubuntu kernels Greg KH (Jun 22)
- Re: stackguard fix in Red Hat and Ubuntu kernels Vasily Averin (Jun 22)
- Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner (Jun 22)
- Re: stackguard fix in Red Hat and Ubuntu kernels Eduardo Valentin (Jun 22)
- Re: stackguard fix in Red Hat and Ubuntu kernels Greg KH (Jun 22)
- Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Florian Weimer (Jun 22)
- Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie (Jun 23)
- Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)
- Re: CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy (Jun 23)
- Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari (Jun 23)
- Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 23)
- Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
- Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
- Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds (Jun 24)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler (Jun 24)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Mansour Moufid (Jun 26)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Kurt Seifried (Jun 26)
- RE: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Christey, Steven M. (Jun 26)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth Kurt Seifried (Jun 26)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team (Jun 27)
- civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Solar Designer (Jun 26)
- Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kurt Seifried (Jun 26)
- Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kyle R (Jun 27)
- Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn (Jun 24)
- Re: CVE for the TSIG issue in knot? Ondřej Surý (Jun 24)
- Re: CVE for the TSIG issue in knot? Solar Designer (Jun 24)
- Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Greg KH (Jun 26)
- Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Brad Spengler (Jun 26)
- Re: malicious hypervisor threat was ignored but it is real Solar Designer (Jun 27)
- Re: CoreOS membership to linux-distros Kurt Seifried (Jun 27)
- Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
- Re: CoreOS membership to linux-distros Sven Dowideit (Jun 27)
- Re: CoreOS membership to linux-distros Dominique Martinet (Jun 28)
- Re: CoreOS membership to linux-distros Sven Dowideit (Jun 28)
- Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
- Re: lame: multiple vulnerabilities Dr. Thomas Orgis (Jun 28)
- Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
- Re: lame: multiple vulnerabilities Agostino Sarubbo (Jun 28)
- Re: lame: multiple vulnerabilities Hanno Böck (Jun 28)
- Re: accepting new members to (linux-)distros lists Simon McVittie (Jun 28)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jun 28)
- Re: accepting new members to (linux-)distros lists Sven Dowideit (Jun 28)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
- Re: accepting new members to (linux-)distros lists Seth Arnold (Jun 30)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jun 30)
- Re: accepting new members to (linux-)distros lists Seth Arnold (Jun 30)
- Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)
- Re: ISC announces two BIND vulnerabilities Solar Designer (Jun 30)
- Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez (Jun 30)