oss-sec: by thread
284 messages
starting Jul 02 18 and
ending Sep 28 18
Date index |
Thread index |
Author index
- Re: Apache CXF 3.2.6 and 3.1.16 are released David Karlsen (Jul 02)
- accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Simon McVittie (Jul 02)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Matthias Gerstner (Jul 03)
- Re: accountsservice: insufficient path check in user_change_icon_file_authorized_cb() Jakub Wilk (Jul 02)
- cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner (Jul 02)
- Re: cinnamon: possible symlink attack in cinnamon-settings-users.py Matthias Gerstner (Jul 02)
- coverity scan of qmail -- 53 potential defects (with false positives) Georgi Guninski (Jul 03)
- Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jul 03)
- Apache CXF Fediz 1.4.4 is released Colm O hEigeartaigh (Jul 04)
- [SECURITY] CVE-2018-8026: XXE vulnerability due to Apache Solr configset upload (exchange rate provider config / enum field config / TIKA parsecontext) Uwe Schindler (Jul 04)
- Statistics for distros lists updated for Q2 Kristian Fiskerstrand (Jul 04)
- BIND Operational Notification: Extremely large zone transfers can result in corrupted journal files or server process termination Michael McNally (Jul 04)
- mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 06)
- Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH (Jul 06)
- Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Solar Designer (Jul 06)
- <Possible follow-ups>
- Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook zrlw (Jul 06)
- Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook Greg KH (Jul 06)
- [OSSN-0084] Data retained after deletion of a ScaleIO volume Luke Hinds (Jul 10)
- [Annoucement] CVE-2018-1337 Plaintext Password Disclosure in Secured Channel Emmanuel Lecharny (Jul 10)
- CVE-2018-1331: Apache Storm remote code execution vulnerability Bobby Evans (Jul 10)
- [SECURITY ADVISORY] curl SMTP send heap buffer overflow Daniel Stenberg (Jul 10)
- polkit: CVE-2018-1116: polkitd trusting client-supplied UID allows spoofed authentication dialogs Matthias Gerstner (Jul 11)
- CVE-2018-8007: Apache CouchDB administrative privilege escalation Dave Cottlehuber (Jul 11)
- CVE-2018-10895: Remote code execution due to CSRF in qutebrowser Florian Bruhin (Jul 11)
- CVE-2018-5739: ISC Kea 1.4.0 failure to release memory may exhaust system resources Michael McNally (Jul 11)
- CVE-2018-1334 Apache Spark local privilege escalation vulnerability Sean Owen (Jul 12)
- CVE-2018-8024 Apache Spark XSS vulnerability in UI Sean Owen (Jul 12)
- Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 halfdog (Jul 12)
- Fastbin double free in MP4v2 2.0.0 Ruikai Liu (Jul 13)
- CVE-2018-13405: Linux kernel: fs/inode.c:inode_init_owner() function mishandled a file creation in setgid directories Vladis Dronov (Jul 13)
- Integer underflow/overflow in MP4v2 2.0.0 Ruikai Liu (Jul 16)
- Type confusion in MP4v2 2.0.0 Ruikai Liu (Jul 17)
- [CVE-2018-1000211] Public apps can't revoke OAuth access & refresh tokens in Doorkeeper Justin Bull (Jul 17)
- CVE-2018-1333: Apache HTTP Server HTTP/2 DoS Mark Cox (Jul 18)
- CVE-2018-8011: Apache HTTP Server mod_md DoS Mark Cox (Jul 18)
- Out-of-bounds memory access in MP4v2 2.0.0 Ruikai Liu (Jul 18)
- CVE-2018-14055: privilege escalation in ZNC Alexey Sokolov (Jul 18)
- CVE-2018-14056: path traversal in ZNC Alexey Sokolov (Jul 18)
- CVE-2018-8042: Passwords for Hadoop credential stores are visible in Ambari Agent standard out in Apache Ambari Robert Levas (Jul 18)
- Multiple vulnerabilities in Jenkins Daniel Beck (Jul 18)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Jul 18)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins Daniel Beck (Aug 15)
- [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons Denis Magda (Jul 19)
- [CVE-2018-8018] Possible Execution of Arbitrary Code via Apache Ignite GridClientJdkMarshaller Denis Magda (Jul 19)
- CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle (Jul 20)
- Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Emilio Pozuelo Monfort (Jul 20)
- Re: CVE request: Wesnoth arbitrary code execution/sandbox escape Iris Morelle (Jul 22)
- CVE-2018-10900: NetworkManager-vpnc-1.2.4 local privilege escalation Lubomir Rintel (Jul 20)
- [CVE] CVE-2018-11756 PHP Runtime for Apache OpenWhisk Rodric Rabbah (Jul 20)
- [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk Rodric Rabbah (Jul 20)
- CVE-2018-8031 Apache TomEE Webapp XSS Jonathan Gallimore (Jul 23)
- [CVE-2018-10906] libfuse: restriction bypass of the "allow_other" option when SELinux is active Nikolaus Rath (Jul 24)
- Xen Security Advisory 274 - Linux: Uninitialized state in PV syscall return path Xen . org security team (Jul 25)
- [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432) Matthew Thode (Jul 25)
- Fw: New cabextract 1.7 and libmspack 0.7 release Hanno Böck (Jul 26)
- Re: Fw: New cabextract 1.7 and libmspack 0.7 release Salvatore Bonaccorso (Jul 28)
- Squirrelmail XSS security fix Hanno Böck (Jul 26)
- CVE-2017-12610: Authenticated Kafka clients may impersonate other users Rajini Sivaram (Jul 26)
- CVE-2018-1288: Authenticated Kafka clients may interfere with data replication Rajini Sivaram (Jul 26)
- Re: Pointer misuse unziping files with busybox Salvatore Bonaccorso (Jul 26)
- Re: Pointer misuse unziping files with busybox Justin Ferguson (Jul 29)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 30)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jul 31)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Sep 25)
- [SECURITY] New security advisory CVE-2018-8027 released for Apache Camel Andrea Cosentino (Jul 31)
- Xen Security Advisory 274 v2 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team (Jul 31)
- blueman before version 2.0.6 is not enforcing authorization for polkit action org.blueman.network.setup Matthias Gerstner (Jul 31)
- Django security releases issued: 1.11.15 and 2.0.8 Tim Graham (Aug 01)
- [SBA-ADV-20180425-01] CVE-2015-5243 rediscovered: phpWhois before 5.1.0 PHP Code Injection SBA Research Advisory (Aug 01)
- Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)
- Re: Stored XSS vulnerabilities in Tiki <= 18.1 chbi (Aug 02)
- Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 02)
- Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 09)
- Re: Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Simon McVittie (Aug 09)
- Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Aug 09)
- Heap-based buffer overflow in zutils zcat Ben Hutchings (Aug 05)
- Re: Heap-based buffer overflow in zutils zcat Ben Hutchings (Aug 22)
- Re: Heap-based buffer overflow in zutils zcat Antonio Diaz Diaz (Aug 23)
- Re: Heap-based buffer overflow in zutils zcat Ben Hutchings (Aug 22)
- Requesting CVE number for Qt Creator / Botan issue Thiago Macieira (Aug 06)
- Re: Requesting CVE number for Qt Creator / Botan issue Henri Salo (Aug 06)
- CVE-2017-12614 XSS Vulnerability in Airflow < 1.9 Ash Berlin-Taylor (Aug 06)
- CVE-2018-6556: lxc-user-nic allows for open() of arbitrary paths Stéphane Graber (Aug 06)
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0006 Michael Catanzaro (Aug 08)
- CVE-2018-11769: Apache CouchDB Remote Code Execution (affects versions 1.x and ≤2.1.2) Joan Touzet (Aug 08)
- Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen (Aug 08)
- Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jens Timmerman (Aug 08)
- Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jouni Malinen (Aug 08)
- Re: Unauthenticated EAPOL-Key decryption in wpa_supplicant Jens Timmerman (Aug 08)
- Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett (Aug 08)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- RE: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Reinis Rozitis (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) David T. (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Kurt H Maier (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Solar Designer (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Matthew Garrett (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Dave Horsfall (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Amos Jeffries (Aug 09)
- Re: Linux TCP implementation vulnerable to Denial of Service (CVE 2018-5390) Stiepan (Aug 09)
- CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named Michael McNally (Aug 08)
- Knot Resolver 2.4.1 security release Petr Špaček (Aug 09)
- cobbler CVE-2018-10931: CobblerXMLRPCInterface exports internal only functions over XMLRPC Cedric Buissart (Aug 09)
- CVE-2018-11770: Apache Spark standalone master, Mesos REST APIs not controlled by authentication Sean Owen (Aug 13)
- CVE-2018-14424: Use-after-free in GDM Chris Coulson (Aug 14)
- X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv X41 D-Sec GmbH Advisories (Aug 14)
- X41 D-Sec GmbH Security Advisory X41-2018-002: Multiple Vulnerabilities in OpenSC X41 D-Sec GmbH Advisories (Aug 14)
- X41 D-Sec GmbH Security Advisory X41-2018-003: Multiple Vulnerabilities in pam_pkcs11 X41 D-Sec GmbH Advisories (Aug 14)
- X41 D-Sec GmbH Security Advisory X41-2018-004: Multiple Vulnerabilities in Yubico libykneomgr X41 D-Sec GmbH Advisories (Aug 14)
- X41 D-Sec GmbH Security Advisory X41-2018-005: Multiple Vulnerabilities in Apple smartcardservices X41 D-Sec GmbH Advisories (Aug 14)
- CVE-2018-14722: btrfsmaintenance: Code execution Marcus Meissner (Aug 14)
- Xen Security Advisory 273 v1 (CVE-2018-3620,CVE-2018-3646) - L1 Terminal Fault speculative side channel Xen . org security team (Aug 14)
- Xen Security Advisory 268 v2 - Use of v2 grant tables may cause crash on ARM Xen . org security team (Aug 14)
- Xen Security Advisory 269 v2 - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team (Aug 14)
- Xen Security Advisory 270 v2 - Linux netback driver OOB access in hash handling Xen . org security team (Aug 14)
- Xen Security Advisory 271 v2 (CVE-2018-14007) - XAPI HTTP directory traversal Xen . org security team (Aug 14)
- Xen Security Advisory 272 v2 - oxenstored does not apply quota-maxentity Xen . org security team (Aug 14)
- CVE-2018-5391: Linux kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) Vladis Dronov (Aug 14)
- Xen Security Advisory 274 v3 (CVE-2018-14678) - Linux: Uninitialized state in x86 PV failsafe callback path Xen . org security team (Aug 15)
- OpenSSH Username Enumeration Qualys Security Advisory (Aug 15)
- Re: OpenSSH Username Enumeration Matthew Daley (Aug 16)
- Re: OpenSSH Username Enumeration Salvatore Bonaccorso (Aug 17)
- Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 17)
- Re: OpenSSH Username Enumeration Dariusz Tytko (Aug 23)
- Re: OpenSSH Username Enumeration Solar Designer (Aug 23)
- Re: OpenSSH Username Enumeration Qualys Security Advisory (Aug 23)
- [CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability Stefan Bodewig (Aug 16)
- spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Doran Moppert (Aug 16)
- Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Florian Weimer (Aug 17)
- Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Frediano Ziglio (Aug 17)
- Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Jeffrey Walton (Aug 17)
- Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Frediano Ziglio (Aug 17)
- Re: spice CVE-2018-10873: post-auth crash or potential heap corruption when demarshalling Florian Weimer (Aug 17)
- Rule for releasing fixes for embargoed bugs Dominique Martinet (Aug 17)
- Re: Rule for releasing fixes for embargoed bugs Marcus Meissner (Aug 17)
- Re: Rule for releasing fixes for embargoed bugs Dominique Martinet (Aug 17)
- Re: Rule for releasing fixes for embargoed bugs Amos Jeffries (Aug 17)
- Re: Rule for releasing fixes for embargoed bugs Marcus Meissner (Aug 17)
- Xen Security Advisory 269 v3 (CVE-2018-15468) - x86: Incorrect MSR_DEBUGCTL handling lets guests enable BTS Xen . org security team (Aug 20)
- Xen Security Advisory 268 v3 (CVE-2018-15469) - Use of v2 grant tables may cause crash on ARM Xen . org security team (Aug 20)
- Xen Security Advisory 272 v3 (CVE-2018-15470) - oxenstored does not apply quota-maxentity Xen . org security team (Aug 20)
- Xen Security Advisory 270 v3 (CVE-2018-15471) - Linux netback driver OOB access in hash handling Xen . org security team (Aug 20)
- CVE-2018-10902 - linux kernel - double free in midi subsystem Wade Mealing (Aug 20)
- More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Alex Gaynor (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? AmitB (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Mateusz Lenik (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 27)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Aug 27)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Aug 28)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 29)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 03)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Brandon Perry (Sep 04)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 04)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 05)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Stuart Gathman (Sep 05)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Perry E. Metzger (Sep 05)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Jakub Wilk (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonid Isaev (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Sep 09)
- Message not available
- Re: Ghostscript 9.24 issues Tavis Ormandy (Sep 09)
- Re: Re: Ghostscript 9.24 issues Marcus Meissner (Sep 10)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Marcus Meissner (Sep 06)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Florian Weimer (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
- Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 24)
- Re: Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 25)
- Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 25)
- Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 26)
- Re: About OpenSSH "user enumeration" / CVE-2018-15473 Solar Designer (Aug 26)
- Re: Re: About OpenSSH "user enumeration" / CVE-2018-15473 Damien Miller (Aug 25)
- Re: Travis CI MITM RCE Phil Pennock (Aug 26)
- Re: Travis CI MITM RCE Jeremy Stanley (Aug 26)
- Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 28)
- Re: Travis CI MITM RCE zugtprgfwprz (Aug 30)
- Re: Travis CI MITM RCE vines (Aug 31)
- Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
- Re: Travis CI MITM RCE Daniel Kahn Gillmor (Aug 31)
- Re: Travis CI MITM RCE zugtprgfwprz (Sep 01)
- Re: Another OpenSSH "user enumeration" Marcus Meissner (Aug 28)
- Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Greg KH (Aug 28)
- Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Florian Weimer (Aug 28)
- Re: Linux kernel: CVE-2018-14619 kernel: crash (possible privesc) in kernel crypto subsystem. Wade Mealing (Sep 03)
- Re: CVE-2018-6554 and CVE-2018-6555: Linux kernel: irda memory leak and use after free Vladis Dronov (Sep 05)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Christopher Shannon (Sep 10)
- Re: [ANNOUNCE] CVE-2018-11775: ActiveMQ Client - Missing TLS Hostname Verification Solar Designer (Sep 10)
- Re: tdesktop leaks user IP address Daniel Kahn Gillmor (Sep 12)
- <Possible follow-ups>
- Re: Linux kernel: potential local priviledge escalation bug in vmacache code Vladis Dronov (Sep 19)
- Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso (Sep 19)
- Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso (Sep 19)
- Re: Linux kernel: potential local priviledge escalation bug in vmacache code Salvatore Bonaccorso (Sep 19)
- Re: tdesktop 1.3.14: index out of range Stuart D. Gathman (Sep 19)
- Re: tdesktop 1.3.14: index out of range Solar Designer (Sep 19)
- Re: ISC has issued new patch releases of BIND Solar Designer (Sep 20)
- Re: CVE-2018-8023: A remote attacker can exploit a vulnerability in the JWT implementation to gain unauthenticated access to Mesos Executor HTTP API. Ariel Zelivansky (Sep 22)
- Re: bounties Solar Designer (Sep 25)
- Re: bounties Jeremy Stanley (Sep 25)
- Re: bounties Justin Ferguson (Sep 26)
- Re: bounties Solar Designer (Sep 26)
- Re: bounties Justin Ferguson (Sep 26)
- Re: Using quilt on untrusted RPM spec files Randy Barlow (Sep 28)