oss-sec: by thread
279 messages
starting Oct 01 18 and
ending Dec 31 18
Date index |
Thread index |
Author index
- Django security release issued: 2.1.2 Carlton Gibson (Oct 01)
- Re: Django security release issued: 2.1.2 Solar Designer (Oct 01)
- Re: Django security release issued: 2.1.2 Alex Gaynor (Oct 01)
- Re: Django security release issued: 2.1.2 Solar Designer (Oct 01)
- Re: CVE Request - Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 (and certain versions of v2.1.3 - prior to June 3, 2015) Henri Salo (Oct 02)
- arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Will Deacon (Oct 02)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Henri Salo (Oct 02)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Florian Weimer (Oct 03)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Marcus Meissner (Oct 03)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Seth Arnold (Oct 03)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Florian Weimer (Oct 03)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Salvatore Bonaccorso (Oct 06)
- Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor Henri Salo (Oct 02)
- CVE-2018-14656: Linux kernel: arbitrary kernel memory dump into the dmesg log Vladis Dronov (Oct 04)
- [NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail Daniel Gruno (Oct 04)
- CVE update - fixed in Apache Ranger 1.2.0 Velmurugan Periasamy (Oct 04)
- [SECURITY] CVE-2011-3600 Apache OFBiz XML-RPC XXE Vulnerability Taher Alkhateeb (Oct 05)
- [SECURITY] CVE-2018-8033 Apache OFBiz XXE Vulnerability in HttpEngine Taher Alkhateeb (Oct 05)
- [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler (Oct 05)
- CVE-2018-17977: CentOS ipsec remote denial of service vulnerability luo (Oct 05)
- [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser Andreas Lehmkuehler (Oct 06)
- CVE-2018-17456 Git RCE via .gitmodules joernchen (Oct 06)
- Qemu: integer overflow issues P J P (Oct 07)
- CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts Nick Roessler (Oct 08)
- net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Magnus Klaaborg Stubman (Oct 10)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Salvatore Bonaccorso (Oct 09)
- Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) Alexander Bergmann (Oct 08)
- Linux kernel: "Meltdown leaks with Global kernel mapping" Solar Designer (Oct 09)
- Re: Linux kernel: "Meltdown leaks with Global kernel mapping" Dave Hansen (Oct 11)
- ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leonid Isaev (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Bob Friesenhahn (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alex Gaynor (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Doran Moppert (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 16)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 17)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 17)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Emilio Pozuelo Monfort (Oct 11)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Brandon Perry (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alan Coopersmith (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Ian Zimmerman (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leo Famulari (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 11)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leonid Isaev (Oct 09)
- [CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability Tim Allison (Oct 09)
- Multiple vulnerabilities in Jenkins Daniel Beck (Oct 10)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins Daniel Beck (Dec 05)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Dec 09)
- Re: Multiple vulnerabilities in Jenkins Daniel Beck (Dec 09)
- ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073) Tavis Ormandy (Oct 10)
- jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar (Oct 11)
- Re: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability Larry W. Cashdollar (Oct 13)
- CVE-2018-10933: libssh: authentication bypass in server code Marcus Meissner (Oct 16)
- Re: CVE-2018-10933: libssh: authentication bypass in server code Minh Tuan Luong (Oct 17)
- ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption P J P (Oct 17)
- CVE-2018-12617 Qemu: qemu-guest-agent: Integer overflow in qmp_guest_file_read may lead to crash P J P (Oct 17)
- Linux kernel: BPF verifier bug leads to out-of-bounds access (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12) Jann Horn (Oct 17)
- Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 18)
- Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)
- <Possible follow-ups>
- Re: Using quilt on untrusted RPM spec files Jakub Wilk (Oct 22)
- Re: Using quilt on untrusted RPM spec files Stuart D. Gathman (Oct 23)
- Re: Travis CI MITM RCE Jakub Wilk (Oct 18)
- Re: Travis CI MITM RCE zugtprgfwprz (Oct 20)
- <Possible follow-ups>
- Re: Travis CI MITM RCE Jakub Wilk (Oct 27)
- Re: Re: Travis CI MITM RCE Daniel Kahn Gillmor (Oct 29)
- Re: Re: Travis CI MITM RCE Jakub Wilk (Oct 31)
- Re: Re: Travis CI MITM RCE Daniel Kahn Gillmor (Oct 29)
- Attempting to patch ghostscript-9.25 Ken Moffat (Oct 20)
- Re: Attempting to patch ghostscript-9.25 Jordan Glover (Oct 20)
- Re: Attempting to patch ghostscript-9.25 Ken Moffat (Oct 20)
- Re: Attempting to patch ghostscript-9.25 Jordan Glover (Oct 20)
- Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hanno Böck (Oct 21)
- Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Salvatore Bonaccorso (Oct 23)
- GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Andrew Sandoval (Oct 22)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 22)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Ramon de C Valle (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Solar Designer (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jeff Law (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Jordan Glover (Oct 24)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Mikhail Klementev (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Yann Droneaud (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Matthew Fernandez (Oct 23)
- Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions Florian Weimer (Oct 22)
- GLib (2.20.0+): GVariant, GDBus and GMarkup out of bounds reads, DoS and unbounded recursion Philip Withnall (Oct 23)
- CVE-2018-11804: Apache Spark build/mvn runs zinc, and can expose information from build machines Sean Owen (Oct 24)
- Fwd: CVE-2018-11785 and CVE-2018-11792, was "[ANNOUNCE] Apache Impala 3.0.1 release" Jim Apple (Oct 24)
- Xen Security Advisory 278 v1 - x86: Nested VT-x usable even when disabled Xen . org security team (Oct 24)
- X.Org security advisory: October 25, 2018 Matthieu Herrb (Oct 25)
- Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Hanno Böck (Oct 28)
- Re: Squid Proxy multiple vulnerabilities Amos Jeffries (Oct 29)
- Re: Squid Proxy multiple vulnerabilities 面和毅 (Oct 29)
- Re: Squid Proxy multiple vulnerabilities Karol Babioch (Oct 31)
- Re: Squid Proxy multiple vulnerabilities Karol Babioch (Nov 09)
- Script sandbox bypass in multiple Jenkins plugins Daniel Beck (Oct 29)
- Re: Script sandbox bypass in multiple Jenkins plugins Daniel Beck (Dec 09)
- Linux kernel: TLB flush happens too late on mremap (CVE-2018-18281; fixed in 4.9.135, 4.14.78, 4.18.16, 4.19) Jann Horn (Oct 29)
- [CVE-2018-16468] Loofah XSS Vulnerability Mike Dalessio (Oct 30)
- Re: Linux kernel: CVE-2017-18344: arbitrary-read vulnerability in the timer subsystem Andrey Konovalov (Oct 30)
- [SECURITY ADVISORY] curl - SASL password overflow via integer overflow Daniel Stenberg (Oct 30)
- [SECURITY ADVISORY] curl - use-after-free in handle close Daniel Stenberg (Oct 30)
- [SECURITY ADVISORY] curl - warning message out-of-buffer read Daniel Stenberg (Oct 31)
- glusterfs: multiple flaws Siddharth Sharma (Oct 31)
- Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Solar Designer (Oct 31)
- Re: Linux 4.19.0-rc3 Bluetooth out-of-bounds-read and use-after-free Greg KH (Oct 31)
- CVE-2018-11759 Apache Tomcat JK (mod_jk) Connector path traversal Mark Thomas (Oct 31)
- CVE-2018-18849 Qemu: lsi53c895a: OOB msg buffer access leads to DoS P J P (Oct 31)
- Xen Security Advisory 278 v2 (CVE-2018-18883) - x86: Nested VT-x usable even when disabled Xen . org security team (Nov 01)
- Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth Thomas B . Rücker (Nov 01)
- CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 01)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 06)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 06)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 09)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 09)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 12)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Marc Deslauriers (Nov 12)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Billy Brumley (Nov 02)
- <Possible follow-ups>
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Cesar Pereida Garcia (Nov 06)
- Re: CVE-2018-5407: new side-channel vulnerability on SMT/Hyper-Threading architectures Solar Designer (Nov 02)
- CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations P J P (Nov 02)
- CVE-2018-18439, CVE-2018-18440 - U-Boot verified boot bypass vulnerabilities Andrea Barisani (Nov 02)
- [CVE-2018-16470] Possible DoS vulnerability in Rack Aaron Patterson (Nov 05)
- [CVE-2018-16471] Possible XSS vulnerability in Rack Aaron Patterson (Nov 05)
- libiec61850 stack based buffer overflow - CVE-2018-18957 Dhiraj Mishra (Nov 06)
- [SECURITY] CVE-2018-17184 Apache Syncope Francesco Chicchiriccò (Nov 06)
- [SECURITY] CVE-2018-17186 Apache Syncope Francesco Chicchiriccò (Nov 06)
- Xen Security Advisory 282 v1 - guest use of HLE constructs may lock up host Xen . org security team (Nov 06)
- CVE-2018-18954 QEMU: ppc64: Out-of-bounds r/w stack access in pnv_lpc_do_eccb P J P (Nov 06)
- PowerDNS Security Advisories 2018-03, 2018-04, 2018-05, 2018-06 and 2018-07 Remi Gacogne (Nov 06)
- [SECURITY] CVE-2018-1314: Hive explain query not being authorized Daniel Dai (Nov 08)
- [SECURITY] CVE-2018-11777: Blocking local resource access in HiveServer2 Daniel Dai (Nov 08)
- PowerDNS Security Advisories for dnsdist 2018-08 Remi Gacogne (Nov 08)
- null-pointer dereference in poppler library Dhiraj Mishra (Nov 10)
- Re: null-pointer dereference in poppler library Dhiraj Mishra (Nov 11)
- [SECURITY] [CVE-2018-17187] Apache Qpid Proton-J transport TLS wrapper hostname verification mode not implemented Robbie Gemmell (Nov 12)
- Linux kernel: broken uid/gid mapping for nested user namespaces with >5 ranges (CVE-2018-18955; since 4.15; fixed in 4.18.19 and 4.19.2) Jann Horn (Nov 15)
- CVE-2018-17190: Unsecured Apache Spark standalone executes user code Sean Owen (Nov 18)
- REJECT request filed for CVE-2018-11210 against tinyxml2 Florian Weimer (Nov 19)
- CVE-2018-19364 Qemu: 9pfs: Use-after-free due to race condition while updating fid path P J P (Nov 20)
- Xen Security Advisory 275 v2 - insufficient TLB flushing / improper large page mappings with AMD IOMMUs Xen . org security team (Nov 20)
- Xen Security Advisory 279 v2 - x86: DoS from attempting to use INVPCID with a non-canonical addresses Xen . org security team (Nov 20)
- Xen Security Advisory 277 v2 - x86: incorrect error handling for guest p2m page removals Xen . org security team (Nov 20)
- Xen Security Advisory 276 v2 - resource accounting issues in x86 IOREQ server handling Xen . org security team (Nov 20)
- Xen Security Advisory 280 v2 - Fix for XSA-240 conflicts with shadow paging Xen . org security team (Nov 20)
- Arbitrary file upload vulnerability in jQuery-Picture-Cut v1.1beta Larry W. Cashdollar (Nov 20)
- Arbitrary file upload vulnerability in jQuery Upload File v4.0.2 Larry W. Cashdollar (Nov 20)
- Arbitrary File Upload File Upload Vulnerability in php-traditional-server v1.2.2 Larry W. Cashdollar (Nov 20)
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0008 Michael Catanzaro (Nov 22)
- CVE-2018-8009: Apache Hadoop distributed cache archive vulnerability Akira Ajisaka (Nov 22)
- PHP imap_open() script injection Hanno Böck (Nov 22)
- Re: PHP imap_open() script injection Salvatore Bonaccorso (Nov 25)
- Re: PHP imap_open() script injection sjw (Dec 05)
- Re: PHP imap_open() script injection Salvatore Bonaccorso (Nov 25)
- Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Hanno Böck (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Ian Zimmerman (Nov 23)
- Re: Re: Crashes and memory safety bugs in dcraw Bob Friesenhahn (Nov 23)
- Re: Crashes and memory safety bugs in dcraw Marcus Meissner (Nov 27)
- Re: Crashes and memory safety bugs in dcraw Agostino Sarubbo (Nov 23)
- CVE-2018-16862: Linux kernel: cleancache: deleted files infoleak Vladis Dronov (Nov 23)
- fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 23)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Greg KH (Nov 23)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 23)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 24)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Dhiraj Mishra (Dec 02)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Wei Wu (Dec 02)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Daniel Borkmann (Nov 23)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Yves-Alexis Perez (Nov 23)
- Re: fwd: [vs-plain] Kernel heap overflow in bpf leading to LPE (exploit provided) Greg KH (Nov 23)
- Path traversal in mozilla PDF.js [Unpatched] Dhiraj Mishra (Nov 24)
- catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo (Nov 25)
- CVE-2018-19489 QEMU: 9pfs: crash due to race condition in renaming files P J P (Nov 25)
- PowerDNS Security Advisory 2018-09 Remi Gacogne (Nov 26)
- CVE-2018-11766: Apache Hadoop privilege escalation vulnerability Akira Ajisaka (Nov 27)
- CVE-2018-19591: glibc if_nametoindex may not close descriptor Florian Weimer (Nov 27)
- [CVE-2018-16476] Broken Access Control vulnerability in Active Job Rafael Mendonça França (Nov 27)
- [CVE-2018-16477] Bypass vulnerability in Active Storage Rafael Mendonça França (Nov 27)
- memory safety bugs in bc Hanno Böck (Nov 28)
- Re: memory safety bugs in bc Marcus Meissner (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Hanno Böck (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Daniel Kahn Gillmor (Nov 29)
- Re: memory safety bugs in bc Marcus Meissner (Nov 29)
- CVE-2018-19665 Qemu: bt: integer overflow in Bluetooth routines allows memory corruption P J P (Nov 29)
- UAF write in usb_audio_probe Mathias Payer (Dec 03)
- Re: UAF write in usb_audio_probe Marcus Meissner (Dec 04)
- PolicyKit: CVE-2018-19788: Improper handling of user with uid > INT_MAX leading to authentication bypass Salvatore Bonaccorso (Dec 03)
- CVE-2018-16867 QEMU: dev-mtp: path traversal in usb_mtp_write_data of the Media Transfer Protocol (MTP) P J P (Dec 06)
- [ANNOUNCE] Apache Ignite 2.7.0 Vulnerable Dependecies Updates Dmitriy Pavlov (Dec 07)
- Enigmail XSA issue with WKD and HTTP authentication Hanno Böck (Dec 07)
- Invalid free in cairo_ft_apply_variations Michael Catanzaro (Dec 07)
- mpg321: Out-of-bounds Write Ren Kimura (Dec 08)
- Re: mpg321: Out-of-bounds Write Matthew Fernandez (Dec 08)
- Re: mpg321: Out-of-bounds Write Ren Kimura (Dec 10)
- Message not available
- Re: mpg321: Out-of-bounds Write Ren Kimura (Dec 10)
- Message not available
- Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 10)
- RE: libvnc and tightvnc vulnerabilities Pavel Cheremushkin (Dec 10)
- Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 10)
- Re: libvnc and tightvnc vulnerabilities Solar Designer (Dec 13)
- RE: libvnc and tightvnc vulnerabilities Pavel Cheremushkin (Dec 10)
- Re: Multiple telnet.c overflows Alan Coopersmith (Dec 11)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Bob Friesenhahn (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 12)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 13)
- Re: Multiple telnet.c overflows Hacker Fantastic (Dec 14)
- Re: Multiple telnet.c overflows Tavis Ormandy (Dec 12)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 12)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Greg KH (Dec 13)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Yves-Alexis Perez (Dec 13)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Brad Spengler (Dec 14)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Solar Designer (Dec 14)
- Re: Linux kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397; since 4.11; fixed in 4.14.87 and 4.19.7) Jann Horn (Dec 14)
- Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Solar Designer (Dec 12)
- Re: CVE Request: mini-httpd (<= v1.30) is affected by a response discrepancy information exposure (CWE-204) Salvatore Bonaccorso (Dec 12)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array saar amar (Dec 18)
- Re: Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array Agostino Sarubbo (Dec 18)
- Re: CVE-2018-20124 QEMU: rdma: OOB access when building scatter-gather array P J P (Dec 18)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Vincent Lefevre (Dec 31)
- Re: Asserts considered harmful (or GMP spills its sensitive information) Jeffrey Walton (Dec 31)