oss-sec: by author
437 messages
starting Nov 01 17 and
ending Nov 03 17
Date index |
Thread index |
Author index
????
CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks ???? (Nov 01)
Aaron Patterson
[CVE-2017-0903] Unsafe Object Deserialization Vulnerability in RubyGems Aaron Patterson (Oct 09)
Adam Maris
Re: Info Leak in the Linux Kernel via Bluetooth Adam Maris (Dec 06)
Adam Shannon
Re: Fw: Security risk of vim swap files Adam Shannon (Oct 31)
Agostino Sarubbo
binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023) Agostino Sarubbo (Oct 27)
binutils: infinite loop in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo (Oct 04)
binutils: heap-based buffer overflow in parse_die (dwarf1.c) Agostino Sarubbo (Oct 04)
binutils: NULL pointer dereference in bfd_hash_hash (hash.c) Agostino Sarubbo (Oct 04)
binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c) Agostino Sarubbo (Oct 04)
binutils: invalid memory read in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo (Oct 27)
binutils: NULL pointer dereference in concat_filename (dwarf2.c) Agostino Sarubbo (Oct 04)
binutils: divide-by-zero in decode_line_info (dwarf2.c) Agostino Sarubbo (Oct 04)
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Agostino Sarubbo (Nov 01)
Ailin Nemui
Irssi 1.0.5: CVE-2017-15228, CVE-2017-15227, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723 Ailin Nemui (Oct 22)
Akira Ajisaka
[SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (Nov 08)
Alan Coopersmith
Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723 Alan Coopersmith (Oct 04)
Alexander Potapenko
CVE-2017-14991 in the Linux Kernel: local infoleak via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 Alexander Potapenko (Oct 09)
amon
MuPDF mutools Out-of-Bounds Write Vulnerability (CVE-2017-15587) amon (Oct 18)
Amos Jeffries
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Amos Jeffries (Nov 11)
Andrea Cosentino
[SECURITY] New security advisory CVE-2017-12633 released for Apache Camel Andrea Cosentino (Nov 15)
[SECURITY] New security advisory CVE-2017-12634 released for Apache Camel Andrea Cosentino (Nov 15)
Andrej Nemec
CVE-2017-12629 Solr: Code execution via entity expansion Andrej Nemec (Oct 13)
Andrey Bazhenov
[CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal Andrey Bazhenov (Oct 05)
Andrey Konovalov
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Nov 08)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Dec 12)
Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov (Nov 06)
Andy LoPresto
[ANNOUNCE] Apache NiFi CVE-2017-12623 Andy LoPresto (Oct 09)
Anthony Liguori
Re: (linux-)distros list use statistics Anthony Liguori (Nov 13)
Antoine Beaupré
Re: exiv2: multiple memory safety issues Antoine Beaupré (Nov 23)
Antonio Sanso
CVE-2017-15700 - Apache Sling Authentication Service vulnerability Antonio Sanso (Dec 18)
Apostolis Hardalias
Re: Fw: Security risk of vim swap files Apostolis Hardalias (Oct 31)
Arina Ielchiieva
[SECURITY] CVE-2017-12630 Apache Drill XSS vulnerability Arina Ielchiieva (Dec 18)
Armis Security
Info Leak in the Linux Kernel via Bluetooth Armis Security (Dec 06)
at zhou
signed integer overflow in common_timer_get on linux 4.15.0-rc1 at zhou (Dec 07)
Bastian Blank
CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank (Oct 17)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank (Oct 21)
Ben Tasker
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 18)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker (Oct 20)
Bill Farner
[CVE-2016-4437] Apache Aurora information disclosure vulnerability Bill Farner (Nov 01)
Blibbet
Re: Recommendations GnuPG-2 replacement Blibbet (Dec 07)
Bob Friesenhahn
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Bob Friesenhahn (Nov 08)
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Bob Friesenhahn (Nov 01)
GraphicsMagick 1.3.27 is available Bob Friesenhahn (Dec 10)
Brad Spengler
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Brad Spengler (Nov 14)
Bram Moolenaar
Re: Security risk of server side text editing ... Bram Moolenaar (Nov 17)
Re: Re: Security risk of server side text editing ... Bram Moolenaar (Nov 28)
Re: Security risk of server side text editing ... Bram Moolenaar (Nov 28)
Brian Fox
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Brian Fox (Dec 17)
Re: [security] Re: [oss-security] Sonatype Nexus Repository Manager 2.x weak password encryption Brian Fox (Dec 17)
Carlos Alberto Lopez Perez
WebKitGTK+ Security Advisory WSA-2017-0010 Carlos Alberto Lopez Perez (Dec 19)
WebKitGTK+ Security Advisory WSA-2017-0008 Carlos Alberto Lopez Perez (Oct 18)
WebKitGTK+ Security Advisory WSA-2017-0009 Carlos Alberto Lopez Perez (Nov 10)
Chad Dougherty
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Chad Dougherty (Nov 22)
Charlie Brady
Re: Net::Ping::External command injections Charlie Brady (Nov 07)
chbi
Stored XSS vulnerabilities in Flyspray chbi (Oct 07)
Re: Stored XSS vulnerabilities in Flyspray chbi (Oct 10)
Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 07)
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 10)
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 18)
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 09)
Re: Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 10)
Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi (Oct 17)
Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3 chbi (Oct 30)
Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi (Oct 04)
Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 01)
Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi (Oct 09)
Christian Brabandt
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 05)
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 06)
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 03)
Re: Fw: Security risk of vim swap files Christian Brabandt (Nov 02)
Christos Zoulas
Re: Re: Security risk of server side text editing in general and vim.tiny specifically Christos Zoulas (Nov 03)
Colm O hEigeartaigh
New security advisory CVE-2017-12624 released for Apache CXF Colm O hEigeartaigh (Nov 14)
coypu
nvi denial of service coypu (Nov 08)
Damien Miller
Announce: OpenSSH 7.6 released Damien Miller (Oct 03)
Dan Carpenter
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Dan Carpenter (Dec 08)
Daniel Beck
Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck (Dec 06)
Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 17)
Jenkins stored cross-site scripting vulnerability Daniel Beck (Dec 05)
Multiple vulnerabilities in Jenkins Daniel Beck (Nov 08)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Nov 17)
Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck (Nov 16)
Multiple vulnerabilities in Jenkins Daniel Beck (Dec 13)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 17)
Re: Multiple vulnerabilities in Jenkins Daniel Beck (Nov 17)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 11)
Multiple vulnerabilities in Jenkins Daniel Beck (Oct 11)
Multiple vulnerabilities in Jenkins plugins Daniel Beck (Oct 23)
Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck (Dec 11)
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Nov 17)
Daniel Kahn Gillmor
Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor (Dec 18)
Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor (Dec 18)
Daniel Micay
Re: nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Daniel Micay (Nov 03)
Re: Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Daniel Micay (Dec 08)
Daniel Stenberg
[SECURITY ADVISORY] curl: IMAP FETCH response out of bounds read Daniel Stenberg (Oct 22)
[SECURITY ADVISORY] curl: FTP PWD response parser out of bounds read Daniel Stenberg (Oct 03)
Dave Horsfall
Re: phusion passenger CVE-2017-1000384 Dave Horsfall (Nov 17)
David A. Wheeler
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 13)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler (Nov 09)
Dhiru Kholia
Re: Recommendations GnuPG-2 replacement Dhiru Kholia (Dec 22)
Dmitry V. Levin
Re: tftpd-hpa - insecure chroot() Dmitry V. Levin (Nov 03)
Dollar Strike
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike (Oct 19)
Doran Moppert
CVE-2017-15095: further deserialisation attacks against jackson-databind (follow-up to CVE-2017-7525) Doran Moppert (Nov 01)
Eddie Chapman
CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak in glob with GLOB_TILDE Eddie Chapman (Oct 21)
Re: clamav: Out of bounds read and segfault in xar parser Eddie Chapman (Oct 01)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Eddie Chapman (Nov 14)
Egidio Romano
[KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability Egidio Romano (Oct 23)
Eric Blake
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Eric Blake (Nov 08)
Fabian Keil
Re: Linux kernel CVEs not mentioned on oss-security Fabian Keil (Oct 09)
feer james
CVE Request -- Arbitrary command execution in mercurial repo with a git submodule feer james (Dec 07)
Fiedler Roman
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
AW: Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 06)
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
AW: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 13)
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman (Nov 03)
Florent Rougon
Re: Re: Fw: Security risk of vim swap files Florent Rougon (Nov 01)
Florian Weimer
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Florian Weimer (Nov 06)
Gordo Lowrey
Re: Fw: Security risk of vim swap files Gordo Lowrey (Oct 31)
Graham Christensen
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Graham Christensen (Oct 12)
Greg KH
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 07)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 08)
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH (Dec 08)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH (Nov 13)
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH (Dec 07)
Re: New Linux kernel XFRM privilege escalation Greg KH (Nov 24)
Re: CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Greg KH (Oct 02)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
Re: Linux kernel CVEs not mentioned on oss-security Greg KH (Oct 03)
gremlin
Re: tftpd-hpa - insecure chroot() gremlin (Nov 06)
tftpd-hpa - insecure chroot() gremlin (Nov 02)
Guido Vranken
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 22)
Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken (Nov 21)
halfdog
Recommendations GnuPG-2 replacement halfdog (Dec 06)
Re: Recommendations GnuPG-2 replacement halfdog (Dec 15)
Gain Access to SSH Group via ssh-agent and OpenSSL halfdog (Dec 25)
Re: Recommendations GnuPG-2 replacement halfdog (Dec 17)
Re: Recommendations GnuPG-2 replacement halfdog (Dec 15)
Re: Recommendations GnuPG-2 replacement halfdog (Dec 18)
Re: Recommendations GnuPG-2 replacement halfdog (Dec 18)
Hanno Böck
Magento: Leaking of config file local.xml Hanno Böck (Oct 30)
nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck (Nov 03)
Fw: Security risk of vim swap files Hanno Böck (Oct 31)
GIMP parser bugs (FLIMP and more) Hanno Böck (Dec 19)
ROBOT attack (WolfSSL, Bouncy Castle, Erlang) Hanno Böck (Dec 12)
Drupal backup_migrate information leak (was Fw: Database mishandling at defectivebydesign.org) Hanno Böck (Oct 29)
Hans Jerry Illikainen
Re: CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 15)
CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen (Dec 14)
Heiko Schlittermann
CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann (Nov 28)
Re: RCE in Exim reported Heiko Schlittermann (Nov 26)
Henri S.
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 Henri S. (Oct 08)
Henri Salo
LAME 3.100 released with security fixes Henri Salo (Oct 21)
Himanshu Mehta
ZKTime Web Software 2.0.1.12280 CVE-2017-17057 Cross Site Scripting Himanshu Mehta (Dec 03)
Hunger
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Hunger (Oct 12)
Ian Zimmerman
Re: Security risk of server side text editing in general and vim.tiny specifically Ian Zimmerman (Nov 03)
Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine Ian Zimmerman (Nov 21)
Re: Security risk of vim swap files Ian Zimmerman (Nov 06)
Isuru Udana
[CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana (Dec 10)
Jakub Wilk
Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 05)
Re: phusion passenger CVE-2017-1000384 Jakub Wilk (Nov 17)
Re: Fw: Security risk of vim swap files Jakub Wilk (Oct 31)
Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
Re: Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 03)
Re: Security risk of server side text editing in general and vim.tiny specifically Jakub Wilk (Nov 03)
Re: nvi crash recovery Jakub Wilk (Nov 04)
Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 07)
Re: Fw: Security risk of vim swap files Jakub Wilk (Nov 01)
Re: Security risk of vim swap files Jakub Wilk (Nov 06)
Re: nvi denial of service Jakub Wilk (Nov 09)
Re: nvi crash recovery Jakub Wilk (Nov 03)
James Morris
Linux Security Summit 2017 Summary James Morris (Nov 02)
Jann Horn
Linux >=4.9: eBPF memory corruption bugs Jann Horn (Dec 21)
Jan Pokorný
Re: Fw: Security risk of vim swap files Jan Pokorný (Nov 01)
Jan Schaumann
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Jan Schaumann (Oct 03)
Jason Cooper
Re: Fw: Security risk of vim swap files Jason Cooper (Oct 31)
Jeffrey Walton
Re: Re: Recommendations GnuPG-2 replacement Jeffrey Walton (Dec 10)
Re: Fw: Security risk of vim swap files Jeffrey Walton (Nov 01)
Jeremy Stanley
Re: Recommendations GnuPG-2 replacement Jeremy Stanley (Dec 07)
[OSSA-2017-006] Nova FilterScheduler doubles resource allocations during rebuild with new image (CVE-2017-17051) Jeremy Stanley (Dec 05)
Jesus Camacho Rodriguez
[CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking Jesus Camacho Rodriguez (Oct 31)
Joan Touzet
Apache CouchDB CVE-2017-12635 and CVE-2017-12636 Joan Touzet (Nov 14)
Joel Esler
Re: clamav: Out of bounds read and segfault in xar parser Joel Esler (Oct 03)
Re: clamav: md5 collision based detection avoidance, Was: Out of bounds read and segfault in xar parser Joel Esler (Oct 04)
Joern Kottmann
[ANNOUNCE] CVE-2017-12620: Apache OpenNLP XXE vulnerability Joern Kottmann (Oct 02)
John Haxby
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams John Haxby (Nov 07)
John Lightsey
Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 28)
Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 21)
Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey (Dec 29)
Re: phusion passenger CVE-2017-1000384 John Lightsey (Nov 17)
John Torakis
CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation John Torakis (Oct 02)
Jonas 'Sortie' Termansen
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen (Nov 08)
Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen (Nov 06)
Jouni Malinen
wpa_supplicant/hostapd: WPA packet number reuse with replayed messages and key reinstallation Jouni Malinen (Oct 16)
Juan Diego
Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Juan Diego (Oct 24)
Julien Ahrens
[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure Julien Ahrens (Oct 18)
Kees Cook
CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Kees Cook (Oct 12)
Kiall Mac Innes
Re: Portus, missing LDAP server authentication Kiall Mac Innes (Dec 17)
klondike
Re: clamav: md5 collision based detection avoidance, Was: Out of bounds read and segfault in xar parser klondike (Oct 03)
Kristian Fiskerstrand
Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
Re: (linux-)distros list use statistics Kristian Fiskerstrand (Nov 13)
Kurt H Maier
Re: Fw: Security risk of vim swap files Kurt H Maier (Oct 31)
Kurt Seifried
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried (Oct 03)
Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 01)
Re: Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 02)
phusion passenger CVE-2017-1000384 Kurt Seifried (Nov 17)
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Kurt Seifried (Oct 03)
Re: Re: Security risk of server side text editing ... Kurt Seifried (Nov 22)
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Kurt Seifried (Oct 11)
Re: Fw: Security risk of vim swap files Kurt Seifried (Nov 05)
Re: Fw: Security risk of vim swap files Kurt Seifried (Oct 31)
Kwang (GitLab Support)
[GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack Kwang (GitLab Support) (Dec 21)
Leo Famulari
Re: RCE in Exim reported Leo Famulari (Nov 26)
Leonid Isaev
Re: Recommendations GnuPG-2 replacement Leonid Isaev (Dec 18)
Re: Re: Security risk of server side text editing ... Leonid Isaev (Nov 28)
Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
Re: Security risk of server side text editing in general and vim.tiny specifically Leonid Isaev (Nov 05)
Re: Recommendations GnuPG-2 replacement Leonid Isaev (Dec 19)
Re: Fw: Security risk of vim swap files Leonid Isaev (Nov 01)
Leon Zhao
CVE request: Two DoS vulneribilities in libextractor Leon Zhao (Oct 10)
Lionel Debroux
Many issues in "module" / "track" music decoders... Lionel Debroux (Nov 02)
Ludovic Courtès
Re: Re: Recommendations GnuPG-2 replacement Ludovic Courtès (Dec 08)
Re: [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder Ludovic Courtès (Oct 20)
Lukasz Lenart
[ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library) Lukasz Lenart (Dec 12)
[ANN] Apache Struts 2.5.14.1 GA with Security Fixes Release Lukasz Lenart (Dec 01)
Luke Hinds
OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406) Luke Hinds (Nov 23)
Maier, Kurt H
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 07)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H (Nov 14)
Marcus Brinkmann
Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 08)
Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 10)
Re: Recommendations GnuPG-2 replacement Marcus Brinkmann (Dec 07)
Marcus Meissner
Re: Portus, missing LDAP server authentication Marcus Meissner (Dec 17)
overly broad IPC details sharing on Linux Kernel? Marcus Meissner (Dec 18)
New Linux kernel XFRM privilege escalation Marcus Meissner (Nov 24)
Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner (Oct 11)
Re: New Linux kernel XFRM privilege escalation Marcus Meissner (Nov 24)
Re: Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner (Oct 17)
Information Leak in mincore() in the Linux Kernel CVE-2017-16994 Marcus Meissner (Nov 27)
Marius Bakke
Re: Netlink XFRM socket subsystem NULL pointer dereference Marius Bakke (Oct 22)
Matthias Luft
Re: Security risk of vim swap files Matthias Luft (Nov 07)
Matthias Weckbecker
Re: Fw: Security risk of vim swap files Matthias Weckbecker (Nov 21)
Net::Ping::External command injections Matthias Weckbecker (Nov 07)
Matthieu Herrb
CVE-2017-16612 libXcursor: heap overflows when parsing malicious files Matthieu Herrb (Nov 28)
CVE-2017-16611 libXfont Open files with O_NOFOLLOW Matthieu Herrb (Nov 28)
Michael Ellerman
CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM Michael Ellerman (Nov 06)
CVE-2017-1000255: Linux: powerpc: kernel memory overwrite in transactional memory handling Michael Ellerman (Oct 10)
Michael Niedermayer
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Michael Niedermayer (Oct 08)
Michael Orlitzky
Re: Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 01)
CVE-2017-16834: pnp4nagios root privilege escalation via insecure permissions Michael Orlitzky (Nov 15)
Re: Magento: Leaking of config file local.xml Michael Orlitzky (Oct 30)
CVE-2017-16882: Icinga core root privilege escalation via insecure permissions Michael Orlitzky (Nov 19)
Re: Fw: Security risk of vim swap files Michael Orlitzky (Nov 06)
Re: [CVE-2017-14604] .desktop vulnerability again Michael Orlitzky (Nov 08)
Michal Zalewski
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Michal Zalewski (Nov 22)
Mohamed Ghannam
CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam (Dec 15)
CVE-2017-8824 linux: use-after-free in DCCP code Mohamed Ghannam (Dec 04)
Moritz Muehlenhoff
Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff (Oct 03)
Nazeer Shaik
[SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability Nazeer Shaik (Dec 13)
NCSC-FI Vulnerability Co-ordination
Two vulnerabilities patched in GNU Wget: CVE-2017-13089, CVE-2017-13090 NCSC-FI Vulnerability Co-ordination (Oct 27)
Nick Bowler
Re: Re: Fw: Security risk of vim swap files Nick Bowler (Nov 03)
Noam Rathaus
Netlink XFRM socket subsystem NULL pointer dereference Noam Rathaus (Oct 22)
NOIRFATE
ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype NOIRFATE (Oct 09)
OpenEXR : CVE-2017-14988 : DOS in Header::readfrom NOIRFATE (Oct 09)
oss-security
Re: Recommendations GnuPG-2 replacement oss-security (Dec 07)
oststrom (public)
CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface oststrom (public) (Dec 04)
Patrick Hunt
[SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw) Patrick Hunt (Oct 09)
Peter Bex
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex (Nov 22)
Re: Recommendations GnuPG-2 replacement Peter Bex (Dec 07)
Phil Pennock
Re: RCE in Exim reported Phil Pennock (Nov 25)
RCE in Exim reported Phil Pennock (Nov 24)
Re: Re: Recommendations GnuPG-2 replacement Phil Pennock (Dec 10)
Re: RCE in Exim reported Phil Pennock (Nov 24)
Re: Recommendations GnuPG-2 replacement Phil Pennock (Dec 10)
P J P
CVE-2017-15268. Qemu: I/O: potential memory exhaustion via websock connection to VNC P J P (Oct 11)
CVE-2017-15119 Qemu: DoS via large option request P J P (Nov 28)
CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 P J P (Dec 04)
Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P (Nov 21)
CVE-2017-12188 Kernel: KVM: MMU potential stack buffer overrun during page walks P J P (Oct 12)
CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P (Nov 16)
CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server P J P (Dec 19)
CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings P J P (Dec 04)
CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes P J P (Oct 05)
CVE-2017-15118 Qemu: stack buffer overflow in NBD server triggered via long export name P J P (Nov 28)
CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions P J P (Oct 12)
CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction P J P (Dec 19)
Qhdwns123
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Qhdwns123 (Dec 17)
Qualys Security Advisory
Bugs in iscsiuio Qualys Security Advisory (Dec 13)
Qualys Security Advisory - Buffer overflow in glibc's ld.so Qualys Security Advisory (Dec 11)
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory (Oct 03)
Raphael Geissert
Net::LDAP ruby gem, missing certificate validation Raphael Geissert (Dec 17)
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert (Dec 17)
Gitlab, LDAP integration vulnerable to MITM attack Raphael Geissert (Dec 17)
Portus, missing LDAP server authentication Raphael Geissert (Dec 17)
Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert (Dec 17)
Raphael Hertzog
Re: exiv2: multiple memory safety issues Raphael Hertzog (Nov 23)
Reed Loden
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 09)
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden (Oct 02)
Remi Gacogne
Re: PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
PowerDNS Security Advisories 2017-03, 2017-04, 2017-05, 2017-06 and 2017-07 Remi Gacogne (Nov 27)
PowerDNS Security Advisory 2017-08 Remi Gacogne (Dec 11)
Rich Felker
CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
Re: CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker (Oct 19)
Robert Watson
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 20)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 18)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 19)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 21)
Re: [CVE-2017-14604] .desktop vulnerability again Robert Watson (Nov 09)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson (Oct 21)
Roman Medina-Heigl Hernandez
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Roman Medina-Heigl Hernandez (Oct 12)
Salvatore Bonaccorso
Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso (Dec 10)
Re: libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c) Salvatore Bonaccorso (Dec 01)
Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso (Dec 24)
Re: Net::Ping::External command injections Salvatore Bonaccorso (Nov 07)
Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 10)
Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso (Oct 12)
Quagga: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages Salvatore Bonaccorso (Oct 30)
Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
Re: GIMP parser bugs (FLIMP and more) Salvatore Bonaccorso (Dec 19)
Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso (Dec 23)
Re: Advisory X41-2017-010: Command Execution in Shadowsocks-libev Salvatore Bonaccorso (Oct 27)
Back in Time: CVE-2017-16667: shell injection in notify-send Salvatore Bonaccorso (Nov 08)
collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso (Nov 15)
Re: [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder Salvatore Bonaccorso (Nov 06)
Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Salvatore Bonaccorso (Oct 03)
xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager Salvatore Bonaccorso (Nov 23)
Scott Court
Re: Re: Security risk of server side text editing ... Scott Court (Nov 27)
Re: Fw: Security risk of vim swap files Scott Court (Nov 05)
Re: Re: Security risk of server side text editing ... Scott Court (Dec 01)
Re: Re: Fw: Security risk of vim swap files Scott Court (Nov 03)
Securify B.V.
Clickjacking vulnerability in CSRF error page pfSense Securify B.V. (Nov 22)
Seth Arnold
Re: Fw: Security risk of vim swap files Seth Arnold (Nov 06)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold (Oct 19)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold (Oct 20)
Shalin Shekhar Mangar
[ANNOUNCE] [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) Shalin Shekhar Mangar (Oct 19)
CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika Shalin Shekhar Mangar (Oct 26)
Shea Levy
Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Shea Levy (Oct 11)
Simon Kelley
dnsmasq: CVE-2017-14491 to CVE-2017-14496 and CVE-2017-13704 Simon Kelley (Oct 02)
Simon McVittie
Re: Net::Ping::External command injections Simon McVittie (Nov 07)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Simon McVittie (Oct 21)
Re: Fw: Security risk of vim swap files Simon McVittie (Nov 01)
Re: Re: Security risk of server side text editing ... Simon McVittie (Nov 27)
Re: [CVE-2017-14604] .desktop vulnerability again Simon McVittie (Nov 09)
Simon Waters (Surevine)
Re: Security risk of vim swap files Simon Waters (Surevine) (Oct 31)
Solar Designer
Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 07)
Re: Fw: Security risk of vim swap files Solar Designer (Nov 06)
Re: Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Solar Designer (Oct 24)
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Solar Designer (Oct 21)
Re: Security risk of vim swap files Solar Designer (Nov 06)
(linux-)distros list use statistics Solar Designer (Nov 13)
Re: Fw: Security risk of vim swap files Solar Designer (Nov 01)
Re: (linux-)distros list use statistics Solar Designer (Nov 13)
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Solar Designer (Oct 24)
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
Re: Fw: Security risk of vim swap files Solar Designer (Oct 31)
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Solar Designer (Nov 01)
Re: Security risk of server side text editing ... Solar Designer (Nov 22)
Re: Netlink XFRM socket subsystem NULL pointer dereference Solar Designer (Oct 22)
distros list downtime Solar Designer (Oct 16)
Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 22)
Re: distros list archive Solar Designer (Nov 20)
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 13)
Re: Recommendations GnuPG-2 replacement Solar Designer (Dec 07)
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Solar Designer (Nov 05)
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Solar Designer (Nov 08)
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer (Nov 03)
Re: (linux-)distros list use statistics Solar Designer (Nov 13)
Re: Security risk of server side text editing ... Solar Designer (Nov 27)
Re: Fw: Security risk of vim swap files Solar Designer (Nov 05)
Stefan Bühler
Re: Fw: Security risk of vim swap files Stefan Bühler (Oct 31)
Stefano Brivio
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Stefano Brivio (Dec 17)
Steffen Nurpmeso
Re: Fw: Security risk of vim swap files Steffen Nurpmeso (Oct 31)
Stiepan
Re: Linux kernel CVEs not mentioned on oss-security Stiepan (Oct 09)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stiepan (Nov 10)
Re: CVE-2017-17670: vlc: type conversion vulnerability Stiepan (Dec 15)
Stuart Gathman
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stuart Gathman (Nov 11)
Tellier Benoit
Announce: Apache James 3.0.1 security release Tellier Benoit (Oct 19)
Terry Chia
Graphicsmagick: NULL Pointer Dereference in DICOM Decoder (CVE-2017-14994) Terry Chia (Oct 03)
Thomas Calderon
[ oss-security ] CVE-2016-10517: CSRF in redis < 3.2.7 Thomas Calderon (Oct 25)
Tim
Re: Fw: Security risk of vim swap files Tim (Oct 31)
Re: Fw: Security risk of vim swap files Tim (Oct 31)
Re: Fw: Security risk of vim swap files Tim (Nov 01)
Tomas Hoger
Re: phusion passenger CVE-2017-1000384 Tomas Hoger (Nov 21)
Tomer Brisker
Foreman 1.2+ stored XSS in fact charts Tomer Brisker (Nov 05)
Tristan Cacqueray
[OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) Tristan Cacqueray (Nov 14)
[OSSA 2017-005.1] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ERRATA Tristan Cacqueray (Dec 05)
up201407890
Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Oct 25)
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 07)
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890 (Nov 05)
Vladis Dronov
CVE-2017-15115: Linux kernel: sctp: use-after-free in sctp_cmp_addr_exact() Vladis Dronov (Nov 15)
Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 17)
CVE-2017-15299: Linux kernel: incorrect update of uninstantiated keys can crash a kernel Vladis Dronov (Oct 16)
CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 10)
CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 07)
Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 18)
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov (Nov 13)
Wade Mealing
CVE-2017-12193 Linux kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation Wade Mealing (Nov 01)
CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key Wade Mealing (Oct 11)
X41 D-Sec GmbH Advisories
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks X41 D-Sec GmbH Advisories (Oct 13)
Advisory X41-2017-010: Command Execution in Shadowsocks-libev X41 D-Sec GmbH Advisories (Oct 13)
Xen . org security team
Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code Xen . org security team (Oct 24)
Xen Security Advisory 244 (CVE-2017-15594) - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team (Oct 18)
Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Oct 18)
Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Nov 15)
Xen Security Advisory 247 - Missing p2m error checking in PoD code Xen . org security team (Nov 28)
Xen Security Advisory 249 - broken x86 shadow mode refcount overflow check Xen . org security team (Dec 12)
Xen Security Advisory 243 - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team (Oct 12)
Xen Security Advisory 251 - improper bug check in x86 log-dirty handling Xen . org security team (Dec 12)
Xen Security Advisory 242 - page type reference leak on x86 Xen . org security team (Oct 12)
Xen Security Advisory 238 - DMOP map/unmap missing argument checks Xen . org security team (Oct 12)
Xen Security Advisory 239 - hypervisor stack leak in x86 I/O intercept code Xen . org security team (Oct 12)
Xen Security Advisory 244 - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team (Oct 12)
Xen Security Advisory 239 (CVE-2017-15589) - hypervisor stack leak in x86 I/O intercept code Xen . org security team (Oct 18)
Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks Xen . org security team (Dec 06)
Xen Security Advisory 241 - Stale TLB entry due to page type release race Xen . org security team (Oct 12)
Xen Security Advisory 242 (CVE-2017-15593) - page type reference leak on x86 Xen . org security team (Oct 18)
Xen Security Advisory 235 (CVE-2017-15596) - add-to-physmap error paths fail to release lock on ARM Xen . org security team (Oct 18)
Xen Security Advisory 241 (CVE-2017-15588) - Stale TLB entry due to page type release race Xen . org security team (Oct 18)
Xen Security Advisory 237 (CVE-2017-15590) - multiple MSI mapping issues on x86 Xen . org security team (Oct 18)
Xen Security Advisory 237 - multiple MSI mapping issues on x86 Xen . org security team (Oct 12)
Xen Security Advisory 250 - improper x86 shadow mode refcount error handling Xen . org security team (Dec 12)
Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking Xen . org security team (Nov 28)
Xen Security Advisory 248 - x86 PV guests may gain access to internally used pages Xen . org security team (Dec 12)
Xu, Meng
CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Xu, Meng (Oct 03)
Yves-Alexis Perez
Re: Linux kernel CVEs not mentioned on oss-security Yves-Alexis Perez (Oct 03)
[CVE-2017-14604] .desktop vulnerability again Yves-Alexis Perez (Oct 05)
Z5T1
Re: Fw: Security risk of vim swap files Z5T1 (Nov 01)
连一汉
[CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder 连一汉 (Oct 20)
答复: [oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉 (Oct 08)
[CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file. 连一汉 (Nov 03)