oss-sec: by thread
437 messages
starting Oct 01 17 and
ending Dec 29 17
Date index |
Thread index |
Author index
- Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 09)
- Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
- Re: clamav: Out of bounds read and segfault in xar parser Eddie Chapman (Oct 01)
- Re: clamav: Out of bounds read and segfault in xar parser Joel Esler (Oct 03)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 02)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Michael Niedermayer (Oct 08)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 09)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Qhdwns123 (Dec 17)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 09)
- Re: The Internet Bug Bounty: Data Processing (hackerone.com) Michael Niedermayer (Oct 08)
- Re: CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Greg KH (Oct 02)
- [ANNOUNCE] CVE-2017-12620: Apache OpenNLP XXE vulnerability Joern Kottmann (Oct 02)
- CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation John Torakis (Oct 02)
- dnsmasq: CVE-2017-14491 to CVE-2017-14496 and CVE-2017-13704 Simon Kelley (Oct 02)
- Graphicsmagick: NULL Pointer Dereference in DICOM Decoder (CVE-2017-14994) Terry Chia (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
- <Possible follow-ups>
- Re: Linux kernel CVEs not mentioned on oss-security Yves-Alexis Perez (Oct 03)
- Re: Linux kernel CVEs not mentioned on oss-security Fabian Keil (Oct 09)
- Re: Linux kernel CVEs not mentioned on oss-security Stiepan (Oct 09)
- CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Xu, Meng (Oct 03)
- Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Salvatore Bonaccorso (Oct 03)
- Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Jan Schaumann (Oct 03)
- Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Kurt Seifried (Oct 03)
- <Possible follow-ups>
- Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory (Oct 03)
- Announce: OpenSSH 7.6 released Damien Miller (Oct 03)
- [SECURITY ADVISORY] curl: FTP PWD response parser out of bounds read Daniel Stenberg (Oct 03)
- binutils: heap-based buffer overflow in parse_die (dwarf1.c) Agostino Sarubbo (Oct 04)
- binutils: NULL pointer dereference in bfd_hash_hash (hash.c) Agostino Sarubbo (Oct 04)
- binutils: NULL pointer dereference in concat_filename (dwarf2.c) Agostino Sarubbo (Oct 04)
- binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c) Agostino Sarubbo (Oct 04)
- binutils: divide-by-zero in decode_line_info (dwarf2.c) Agostino Sarubbo (Oct 04)
- binutils: infinite loop in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo (Oct 04)
- Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 04)
- Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 Henri S. (Oct 08)
- Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 10)
- Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723 Alan Coopersmith (Oct 04)
- [CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal Andrey Bazhenov (Oct 05)
- [CVE-2017-14604] .desktop vulnerability again Yves-Alexis Perez (Oct 05)
- Re: [CVE-2017-14604] .desktop vulnerability again Michael Orlitzky (Nov 08)
- Re: [CVE-2017-14604] .desktop vulnerability again Robert Watson (Nov 09)
- Re: [CVE-2017-14604] .desktop vulnerability again Simon McVittie (Nov 09)
- CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes P J P (Oct 05)
- Stored XSS vulnerabilities in Flyspray chbi (Oct 07)
- Re: Stored XSS vulnerabilities in Flyspray chbi (Oct 10)
- Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 07)
- Re: Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 10)
- 答复: [oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉 (Oct 08)
- OpenEXR : CVE-2017-14988 : DOS in Header::readfrom NOIRFATE (Oct 09)
- ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype NOIRFATE (Oct 09)
- CVE-2017-14991 in the Linux Kernel: local infoleak via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 Alexander Potapenko (Oct 09)
- [SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw) Patrick Hunt (Oct 09)
- [ANNOUNCE] Apache NiFi CVE-2017-12623 Andy LoPresto (Oct 09)
- [CVE-2017-0903] Unsafe Object Deserialization Vulnerability in RubyGems Aaron Patterson (Oct 09)
- CVE-2017-1000255: Linux: powerpc: kernel memory overwrite in transactional memory handling Michael Ellerman (Oct 10)
- CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 10)
- CVE request: Two DoS vulneribilities in libextractor Leon Zhao (Oct 10)
- Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 10)
- Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 12)
- Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner (Oct 11)
- Re: Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner (Oct 17)
- Multiple vulnerabilities in Jenkins Daniel Beck (Oct 11)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Nov 17)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins Daniel Beck (Nov 08)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Nov 17)
- Multiple vulnerabilities in Jenkins Daniel Beck (Dec 13)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 11)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 17)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 23)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 17)
- Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Shea Levy (Oct 11)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Kurt Seifried (Oct 11)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Hunger (Oct 12)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Roman Medina-Heigl Hernandez (Oct 12)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Hunger (Oct 12)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Graham Christensen (Oct 12)
- Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Kurt Seifried (Oct 11)
- CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key Wade Mealing (Oct 11)
- CVE-2017-15268. Qemu: I/O: potential memory exhaustion via websock connection to VNC P J P (Oct 11)
- Xen Security Advisory 238 - DMOP map/unmap missing argument checks Xen . org security team (Oct 12)
- Xen Security Advisory 239 - hypervisor stack leak in x86 I/O intercept code Xen . org security team (Oct 12)
- Xen Security Advisory 237 - multiple MSI mapping issues on x86 Xen . org security team (Oct 12)
- Xen Security Advisory 241 - Stale TLB entry due to page type release race Xen . org security team (Oct 12)
- Xen Security Advisory 242 - page type reference leak on x86 Xen . org security team (Oct 12)
- Xen Security Advisory 243 - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Oct 12)
- Xen Security Advisory 244 - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team (Oct 12)
- CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions P J P (Oct 12)
- CVE-2017-12188 Kernel: KVM: MMU potential stack buffer overrun during page walks P J P (Oct 12)
- CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Kees Cook (Oct 12)
- CVE-2017-12629 Solr: Code execution via entity expansion Andrej Nemec (Oct 13)
- Advisory X41-2017-010: Command Execution in Shadowsocks-libev X41 D-Sec GmbH Advisories (Oct 13)
- Re: Advisory X41-2017-010: Command Execution in Shadowsocks-libev Salvatore Bonaccorso (Oct 27)
- Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks X41 D-Sec GmbH Advisories (Oct 13)
- CVE-2017-15299: Linux kernel: incorrect update of uninstantiated keys can crash a kernel Vladis Dronov (Oct 16)
- wpa_supplicant/hostapd: WPA packet number reuse with replayed messages and key reinstallation Jouni Malinen (Oct 16)
- distros list downtime Solar Designer (Oct 16)
- CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank (Oct 17)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 18)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 18)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 19)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold (Oct 19)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 20)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 20)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 21)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Solar Designer (Oct 21)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 21)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Simon McVittie (Oct 21)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold (Oct 20)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank (Oct 21)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 18)
- Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 18)
- Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 17)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike (Oct 19)
- Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
- MuPDF mutools Out-of-Bounds Write Vulnerability (CVE-2017-15587) amon (Oct 18)
- Xen Security Advisory 235 (CVE-2017-15596) - add-to-physmap error paths fail to release lock on ARM Xen . org security team (Oct 18)
- Xen Security Advisory 237 (CVE-2017-15590) - multiple MSI mapping issues on x86 Xen . org security team (Oct 18)
- Xen Security Advisory 241 (CVE-2017-15588) - Stale TLB entry due to page type release race Xen . org security team (Oct 18)
- Xen Security Advisory 242 (CVE-2017-15593) - page type reference leak on x86 Xen . org security team (Oct 18)
- Xen Security Advisory 239 (CVE-2017-15589) - hypervisor stack leak in x86 I/O intercept code Xen . org security team (Oct 18)
- Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Oct 18)
- <Possible follow-ups>
- Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Nov 15)
- Xen Security Advisory 244 (CVE-2017-15594) - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team (Oct 18)
- WebKitGTK+ Security Advisory WSA-2017-0008 Carlos Alberto Lopez Perez (Oct 18)
- [RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure Julien Ahrens (Oct 18)
- [ANNOUNCE] [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) Shalin Shekhar Mangar (Oct 19)
- CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
- Re: CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
- Announce: Apache James 3.0.1 security release Tellier Benoit (Oct 19)
- [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder 连一汉 (Oct 20)
- CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak in glob with GLOB_TILDE Eddie Chapman (Oct 21)
- LAME 3.100 released with security fixes Henri Salo (Oct 21)
- Netlink XFRM socket subsystem NULL pointer dereference Noam Rathaus (Oct 22)
- Re: Netlink XFRM socket subsystem NULL pointer dereference Marius Bakke (Oct 22)
- Re: Netlink XFRM socket subsystem NULL pointer dereference Solar Designer (Oct 22)
- Re: Netlink XFRM socket subsystem NULL pointer dereference Marius Bakke (Oct 22)
- Irssi 1.0.5: CVE-2017-15228, CVE-2017-15227, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723 Ailin Nemui (Oct 22)
- [SECURITY ADVISORY] curl: IMAP FETCH response out of bounds read Daniel Stenberg (Oct 22)
- [KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability Egidio Romano (Oct 23)
- Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Juan Diego (Oct 24)
- Re: Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Solar Designer (Oct 24)
- Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code Xen . org security team (Oct 24)
- Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Solar Designer (Oct 24)
- [ oss-security ] CVE-2016-10517: CSRF in redis < 3.2.7 Thomas Calderon (Oct 25)
- Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Oct 25)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 05)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Solar Designer (Nov 05)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 07)
- Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 05)
- CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika Shalin Shekhar Mangar (Oct 26)
- Two vulnerabilities patched in GNU Wget: CVE-2017-13089, CVE-2017-13090 NCSC-FI Vulnerability Co-ordination (Oct 27)
- binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023) Agostino Sarubbo (Oct 27)
- binutils: invalid memory read in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo (Oct 27)
- Drupal backup_migrate information leak (was Fw: Database mishandling at defectivebydesign.org) Hanno Böck (Oct 29)
- Magento: Leaking of config file local.xml Hanno Böck (Oct 30)
- Re: Magento: Leaking of config file local.xml Michael Orlitzky (Oct 30)
- CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3 chbi (Oct 30)
- Quagga: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages Salvatore Bonaccorso (Oct 30)
- Fw: Security risk of vim swap files Hanno Böck (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
- Re: Fw: Security risk of vim swap files Apostolis Hardalias (Oct 31)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Adam Shannon (Oct 31)
- Re: Fw: Security risk of vim swap files Gordo Lowrey (Oct 31)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
- Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
- Re: Security risk of vim swap files Matthias Luft (Nov 07)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Tim (Oct 31)
- Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
- Re: Fw: Security risk of vim swap files Tim (Nov 01)
- Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
- Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
- Re: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Security risk of vim swap files Jakub Wilk (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
- Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
- Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Oct 31)
- Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
- Re: Fw: Security risk of vim swap files Matthias Weckbecker (Nov 21)
- <Possible follow-ups>
- Re: Fw: Security risk of vim swap files Z5T1 (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Florent Rougon (Nov 01)
- Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 02)
- Re: Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 02)
- Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Scott Court (Nov 03)
- Re: Re: Fw: Security risk of vim swap files Nick Bowler (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 05)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 05)
- Re: Fw: Security risk of vim swap files Scott Court (Nov 05)
- Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 05)
- Re: Fw: Security risk of vim swap files Seth Arnold (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 07)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
- Re: Fw: Security risk of vim swap files Solar Designer (Nov 06)
- Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 05)
- Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
- Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 06)
- Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
- [CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking Jesus Camacho Rodriguez (Oct 31)
- CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks ???? (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Bob Friesenhahn (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Agostino Sarubbo (Nov 01)
- Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Solar Designer (Nov 01)
- [CVE-2016-4437] Apache Aurora information disclosure vulnerability Bill Farner (Nov 01)
- CVE-2017-15095: further deserialisation attacks against jackson-databind (follow-up to CVE-2017-7525) Doran Moppert (Nov 01)
- CVE-2017-12193 Linux kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation Wade Mealing (Nov 01)
- Linux Security Summit 2017 Summary James Morris (Nov 02)
- tftpd-hpa - insecure chroot() gremlin (Nov 02)
- Re: tftpd-hpa - insecure chroot() Dmitry V. Levin (Nov 03)
- Re: tftpd-hpa - insecure chroot() gremlin (Nov 06)
- Re: tftpd-hpa - insecure chroot() Dmitry V. Levin (Nov 03)
- Many issues in "module" / "track" music decoders... Lionel Debroux (Nov 02)
- Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Jakub Wilk (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Ian Zimmerman (Nov 03)
- nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck (Nov 03)
- Re: nvi crash recovery Jakub Wilk (Nov 03)
- Re: nvi crash recovery Jakub Wilk (Nov 04)
- Re: nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Daniel Micay (Nov 03)
- Re: Re: Security risk of server side text editing in general and vim.tiny specifically Christos Zoulas (Nov 03)
- AW: Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 06)
- nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 13)
- AW: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 13)
- <Possible follow-ups>
- Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Leonid Isaev (Nov 05)
- Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
- Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
- [CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file. 连一汉 (Nov 03)
- Foreman 1.2+ stored XSS in fact charts Tomer Brisker (Nov 05)
- CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM Michael Ellerman (Nov 06)
- Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Nov 06)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Nov 08)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Dec 12)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem Solar Designer (Nov 08)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Nov 08)
- Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen (Nov 06)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Florian Weimer (Nov 06)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams John Haxby (Nov 07)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen (Nov 08)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Eric Blake (Nov 08)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Bob Friesenhahn (Nov 08)
- Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Florian Weimer (Nov 06)
- Net::Ping::External command injections Matthias Weckbecker (Nov 07)
- Re: Net::Ping::External command injections Charlie Brady (Nov 07)
- Re: Net::Ping::External command injections Simon McVittie (Nov 07)
- Re: Net::Ping::External command injections Salvatore Bonaccorso (Nov 07)
- CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 08)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 09)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stiepan (Nov 10)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Amos Jeffries (Nov 11)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stuart Gathman (Nov 11)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Brad Spengler (Nov 14)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Eddie Chapman (Nov 14)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 14)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 07)
- Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 07)
- [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (Nov 08)
- Back in Time: CVE-2017-16667: shell injection in notify-send Salvatore Bonaccorso (Nov 08)
- nvi denial of service coypu (Nov 08)
- Re: nvi denial of service Jakub Wilk (Nov 09)
- WebKitGTK+ Security Advisory WSA-2017-0009 Carlos Alberto Lopez Perez (Nov 10)
- (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Anthony Liguori (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)
- Re: (linux-)distros list use statistics Solar Designer (Nov 13)
- New security advisory CVE-2017-12624 released for Apache CXF Colm O hEigeartaigh (Nov 14)
- [OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) Tristan Cacqueray (Nov 14)
- Apache CouchDB CVE-2017-12635 and CVE-2017-12636 Joan Touzet (Nov 14)
- CVE-2017-15115: Linux kernel: sctp: use-after-free in sctp_cmp_addr_exact() Vladis Dronov (Nov 15)
- [SECURITY] New security advisory CVE-2017-12634 released for Apache Camel Andrea Cosentino (Nov 15)
- [SECURITY] New security advisory CVE-2017-12633 released for Apache Camel Andrea Cosentino (Nov 15)
- collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
- Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
- CVE-2017-16834: pnp4nagios root privilege escalation via insecure permissions Michael Orlitzky (Nov 15)
- Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 16)
- Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 17)
- CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P (Nov 16)
- Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine Ian Zimmerman (Nov 21)
- Re: Security risk of server side text editing ... Bram Moolenaar (Nov 17)
- Re: Security risk of server side text editing ... Solar Designer (Nov 22)
- Re: Re: Security risk of server side text editing ... Kurt Seifried (Nov 22)
- Re: Re: Security risk of server side text editing ... Scott Court (Nov 27)
- Re: Security risk of server side text editing ... Solar Designer (Nov 27)
- Re: Security risk of server side text editing ... Bram Moolenaar (Nov 28)
- Re: Re: Security risk of server side text editing ... Simon McVittie (Nov 27)
- Re: Re: Security risk of server side text editing ... Bram Moolenaar (Nov 28)
- Re: Re: Security risk of server side text editing ... Leonid Isaev (Nov 28)
- Re: Re: Security risk of server side text editing ... Scott Court (Dec 01)
- Re: Re: Security risk of server side text editing ... Kurt Seifried (Nov 22)
- Re: Security risk of server side text editing ... Solar Designer (Nov 22)
- phusion passenger CVE-2017-1000384 Kurt Seifried (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Jakub Wilk (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Dave Horsfall (Nov 17)
- Re: phusion passenger CVE-2017-1000384 Tomas Hoger (Nov 21)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 21)
- Re: phusion passenger CVE-2017-1000384 Jakub Wilk (Nov 17)
- Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
- CVE-2017-16882: Icinga core root privilege escalation via insecure permissions Michael Orlitzky (Nov 19)
- Re: distros list archive Solar Designer (Nov 20)
- Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 21)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Michal Zalewski (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Chad Dougherty (Nov 22)
- Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex (Nov 22)
- Clickjacking vulnerability in CSRF error page pfSense Securify B.V. (Nov 22)
- xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager Salvatore Bonaccorso (Nov 23)
- Re: exiv2: multiple memory safety issues Raphael Hertzog (Nov 23)
- Re: exiv2: multiple memory safety issues Antoine Beaupré (Nov 23)
- OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406) Luke Hinds (Nov 23)
- New Linux kernel XFRM privilege escalation Marcus Meissner (Nov 24)
- Re: New Linux kernel XFRM privilege escalation Greg KH (Nov 24)
- Re: New Linux kernel XFRM privilege escalation Marcus Meissner (Nov 24)
- Re: New Linux kernel XFRM privilege escalation Greg KH (Nov 24)
- RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 24)
- Re: RCE in Exim reported Phil Pennock (Nov 25)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- Re: RCE in Exim reported Heiko Schlittermann (Nov 26)
- Re: RCE in Exim reported Leo Famulari (Nov 26)
- CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann (Nov 28)
- PowerDNS Security Advisories 2017-03, 2017-04, 2017-05, 2017-06 and 2017-07 Remi Gacogne (Nov 27)
- Information Leak in mincore() in the Linux Kernel CVE-2017-16994 Marcus Meissner (Nov 27)
- Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking Xen . org security team (Nov 28)
- Xen Security Advisory 247 - Missing p2m error checking in PoD code Xen . org security team (Nov 28)
- CVE-2017-16612 libXcursor: heap overflows when parsing malicious files Matthieu Herrb (Nov 28)
- CVE-2017-16611 libXfont Open files with O_NOFOLLOW Matthieu Herrb (Nov 28)
- CVE-2017-15118 Qemu: stack buffer overflow in NBD server triggered via long export name P J P (Nov 28)
- CVE-2017-15119 Qemu: DoS via large option request P J P (Nov 28)
- [ANN] Apache Struts 2.5.14.1 GA with Security Fixes Release Lukasz Lenart (Dec 01)
- Re: libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c) Salvatore Bonaccorso (Dec 01)
- ZKTime Web Software 2.0.1.12280 CVE-2017-17057 Cross Site Scripting Himanshu Mehta (Dec 03)
- CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 P J P (Dec 04)
- CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface oststrom (public) (Dec 04)
- CVE-2017-8824 linux: use-after-free in DCCP code Mohamed Ghannam (Dec 04)
- CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings P J P (Dec 04)
- Jenkins stored cross-site scripting vulnerability Daniel Beck (Dec 05)
- [OSSA 2017-005.1] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ERRATA Tristan Cacqueray (Dec 05)
- [OSSA-2017-006] Nova FilterScheduler doubles resource allocations during rebuild with new image (CVE-2017-17051) Jeremy Stanley (Dec 05)
- Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks Xen . org security team (Dec 06)
- Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck (Dec 06)
- Info Leak in the Linux Kernel via Bluetooth Armis Security (Dec 06)
- Re: Info Leak in the Linux Kernel via Bluetooth Adam Maris (Dec 06)
- Recommendations GnuPG-2 replacement halfdog (Dec 06)
- <Possible follow-ups>
- Re: Recommendations GnuPG-2 replacement oss-security (Dec 07)
- Re: Recommendations GnuPG-2 replacement halfdog (Dec 15)
- Re: Recommendations GnuPG-2 replacement Jeremy Stanley (Dec 07)
- Re: Recommendations GnuPG-2 replacement halfdog (Dec 15)
- Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 07)
- Re: Recommendations GnuPG-2 replacement Peter Bex (Dec 07)
- Re: Recommendations GnuPG-2 replacement Blibbet (Dec 07)
- Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 07)
- Re: Recommendations GnuPG-2 replacement halfdog (Dec 17)
- Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor (Dec 18)
- Re: Recommendations GnuPG-2 replacement halfdog (Dec 18)
- Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor (Dec 18)
- Re: Recommendations GnuPG-2 replacement Leonid Isaev (Dec 18)
- Re: Recommendations GnuPG-2 replacement halfdog (Dec 18)
- Re: Recommendations GnuPG-2 replacement Leonid Isaev (Dec 19)
- Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 22)
- Re: Recommendations GnuPG-2 replacement Dhiru Kholia (Dec 22)
- Re: Recommendations GnuPG-2 replacement Peter Bex (Dec 07)
- Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 07)
- Re: Re: Recommendations GnuPG-2 replacement Ludovic Courtès (Dec 08)
- Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 08)
- Re: Re: Recommendations GnuPG-2 replacement Jeffrey Walton (Dec 10)
- Re: Recommendations GnuPG-2 replacement Phil Pennock (Dec 10)
- Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 10)
- Re: Re: Recommendations GnuPG-2 replacement Phil Pennock (Dec 10)
- Re: Re: Recommendations GnuPG-2 replacement Ludovic Courtès (Dec 08)
- CVE Request -- Arbitrary command execution in mercurial repo with a git submodule feer james (Dec 07)
- Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso (Dec 10)
- signed integer overflow in common_timer_get on linux 4.15.0-rc1 at zhou (Dec 07)
- <Possible follow-ups>
- Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH (Dec 07)
- Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Dan Carpenter (Dec 08)
- Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH (Dec 08)
- Re: Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Daniel Micay (Dec 08)
- Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Dan Carpenter (Dec 08)
- [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana (Dec 10)
- GraphicsMagick 1.3.27 is available Bob Friesenhahn (Dec 10)
- PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
- Re: PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
- Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck (Dec 11)
- Qualys Security Advisory - Buffer overflow in glibc's ld.so Qualys Security Advisory (Dec 11)
- [ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library) Lukasz Lenart (Dec 12)
- Xen Security Advisory 249 - broken x86 shadow mode refcount overflow check Xen . org security team (Dec 12)
- Xen Security Advisory 250 - improper x86 shadow mode refcount error handling Xen . org security team (Dec 12)
- Xen Security Advisory 248 - x86 PV guests may gain access to internally used pages Xen . org security team (Dec 12)
- Xen Security Advisory 251 - improper bug check in x86 log-dirty handling Xen . org security team (Dec 12)
- ROBOT attack (WolfSSL, Bouncy Castle, Erlang) Hanno Böck (Dec 12)
- [SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability Nazeer Shaik (Dec 13)
- Bugs in iscsiuio Qualys Security Advisory (Dec 13)
- CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 14)
- Re: CVE-2017-17670: vlc: type conversion vulnerability Stiepan (Dec 15)
- Re: CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 15)
- Re: CVE-2017-17670: vlc: type conversion vulnerability Stiepan (Dec 15)
- CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam (Dec 15)
- Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert (Dec 17)
- Re: Sonatype Nexus Repository Manager 2.x weak password encryption Stefano Brivio (Dec 17)
- Re: Sonatype Nexus Repository Manager 2.x weak password encryption Brian Fox (Dec 17)
- Re: Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert (Dec 17)
- Re: Sonatype Nexus Repository Manager 2.x weak password encryption Stefano Brivio (Dec 17)
- Portus, missing LDAP server authentication Raphael Geissert (Dec 17)
- Re: Portus, missing LDAP server authentication Kiall Mac Innes (Dec 17)
- Re: Portus, missing LDAP server authentication Marcus Meissner (Dec 17)
- Gitlab, LDAP integration vulnerable to MITM attack Raphael Geissert (Dec 17)
- [GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack Kwang (GitLab Support) (Dec 21)
- Net::LDAP ruby gem, missing certificate validation Raphael Geissert (Dec 17)
- [SECURITY] CVE-2017-12630 Apache Drill XSS vulnerability Arina Ielchiieva (Dec 18)
- overly broad IPC details sharing on Linux Kernel? Marcus Meissner (Dec 18)
- CVE-2017-15700 - Apache Sling Authentication Service vulnerability Antonio Sanso (Dec 18)
- CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction P J P (Dec 19)
- CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server P J P (Dec 19)
- GIMP parser bugs (FLIMP and more) Hanno Böck (Dec 19)
- Re: GIMP parser bugs (FLIMP and more) Salvatore Bonaccorso (Dec 19)
- WebKitGTK+ Security Advisory WSA-2017-0010 Carlos Alberto Lopez Perez (Dec 19)
- Linux >=4.9: eBPF memory corruption bugs Jann Horn (Dec 21)
- Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso (Dec 23)
- Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso (Dec 24)
- Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso (Dec 23)
- Gain Access to SSH Group via ssh-agent and OpenSSL halfdog (Dec 25)
- Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 28)
- Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 29)