oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

264 messages starting Apr 01 09 and ending Jun 30 09
Date index | Thread index | Author index

Wednesday, 01 April

CVE id rquest: xfig insecure tmp files Nico Golde
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Jan Lieskovsky
CVE request -- bibtex, pam_ssh Jan Lieskovsky
CVE request: PHP 5.2.9 Tomas Hoger
CVE request -- ghostscript Jan Lieskovsky
Re: CVE Request: Wireshark DoS Steven M. Christey
Re: CVE request: jhead Tomas Hoger

Thursday, 02 April

Re: CVE request -- ghostscript Robert Buchholz
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Tomas Hoger
Re: CVE request -- ghostscript Jan Lieskovsky

Friday, 03 April

Re: CVE request -- Linux kernel irda driver buffer security curmudgeon

Saturday, 04 April

CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner

Sunday, 05 April

CVE request: kernel: NFS: Fix an Oops in encode_lookup() Eugene Teo

Monday, 06 April

CVE Request (xine-lib) Josh Bressers
CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo

Tuesday, 07 April

Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Thomas Biege
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Jamie Strandboge
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde

Wednesday, 08 April

CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo
Re: (Sort of urgent) CVE request -- ghostscript Jan Lieskovsky
Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau
Re: (Sort of urgent) CVE request -- ghostscript Steven M. Christey
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey
Re: CVE Request (xine-lib) Steven M. Christey
Re: CVE request -- bibtex, pam_ssh Steven M. Christey
Re: CVE request: PHP 5.2.9 Steven M. Christey
CVE-2008-5519: mod_jk session information leak vulnerability Vincent Danen
CVE request: apt Jamie Strandboge

Thursday, 09 April

Re: CVE request: PHP 5.2.9 Tomas Hoger
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Tomas Hoger
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Hanno Böck
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner
Solaris/OpenSolaris xscreensaver issue (CVE-2009-1276) Vincent Danen

Saturday, 11 April

CVE request: mpg123 Signedness Vulnerability Alex Legler

Monday, 13 April

CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Hanno Böck
CVE request: silverstripe - two sql injections Hanno Böck
Re: CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Tomas Hoger

Tuesday, 14 April

Re: CVE request: PHP 5.2.9 Christian Hoffmann

Wednesday, 15 April

Some fun with tcp_wrappers Tomas Hoger
Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Steven M. Christey

Thursday, 16 April

CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Tomas Hoger
CVE request: phpmyadmin < 3.1.3.2 Hanno Böck
Re: CVE request: phpmyadmin < 3.1.3.2 Hanno Böck
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
FreeType malformed compressed data issue Steven M. Christey
Re: FreeType malformed compressed data issue Tavis Ormandy
CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) Vincent Danen

Friday, 17 April

Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: CVE request: kernel: NFS: Fix an Oops in encode_lookup() Steven M. Christey
Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Steven M. Christey
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Steven M. Christey
Re: CVE request: apt Jamie Strandboge

Sunday, 19 April

CVE request: kernel: cifs: fix unicode string area word alignment in session setup Eugene Teo

Monday, 20 April

CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo

Tuesday, 21 April

Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE Request -- libmodplug Jan Lieskovsky
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Re: CVE request: apt Steven M. Christey
CVE id request: amule Nico Golde
CVE-2009-1192 kernel: agp: zero pages before sending to userspace Eugene Teo

Wednesday, 22 April

Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo
CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo

Thursday, 23 April

Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner
CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability Vincent Danen
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey

Friday, 24 April

Re: CVE request: kernel: missing capabilities in fs_mask Steven M. Christey
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Steven M. Christey
Re: CVE request: mpg123 Signedness Vulnerability Steven M. Christey
Re: CVE request: PHP 5.2.9 Steven M. Christey
Re: Re: Some fun with tcp_wrappers Steven M. Christey
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey

Saturday, 25 April

Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
VDBs (was Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask) security curmudgeon
CVE-2008-5619 update Raphael Geissert

Monday, 27 April

Re: CVE request? buffer overflow in CIFS in 2.6.* Mark J Cox
Re: CVE Request -- libmodplug Jan Lieskovsky
Re: oss-security CNA Josh Bressers

Tuesday, 28 April

Re: Re: Some fun with tcp_wrappers Tomas Hoger

Wednesday, 29 April

Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French
Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Re: CVE Request -- libmodplug Jan Lieskovsky
ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Greg KH

Friday, 01 May

CVE request (sort of): Quagga BGP crasher Florian Weimer
Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide
CVE Request: clamav-milter on Ubuntu Jamie Strandboge
Re: CVE request (sort of): Quagga BGP crasher Florian Weimer
CVE request: file security issue Vincent Danen

Sunday, 03 May

CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case Eugene Teo
CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex Eugene Teo

Monday, 04 May

Re: ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request (sort of): Quagga BGP crasher Florian Weimer

Tuesday, 05 May

Old cscope buffer overflow Tomas Hoger
CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Vincent Danen

Wednesday, 06 May

CVE request: moin Steffen Joeris
CVE id request: coccinelle Steffen Joeris
Re: oss-security CNA Steven M. Christey
Re: CVE request: file security issue Steven M. Christey
Re: Old cscope buffer overflow Steven M. Christey
Re: ipsec-tools 0.7.2 Steven M. Christey
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Steven M. Christey
Re: CVE request (sort of): Quagga BGP crasher Steven M. Christey
Re: Old cscope buffer overflow Tomas Hoger
Re: Old cscope buffer overflow Steven M. Christey

Thursday, 07 May

[oCERT-2009-001] Pango integer overflow in heap allocation size calculations Will Drewry

Friday, 08 May

OpenSC 0.11.8 released with security update Andreas Jellinghaus

Monday, 11 May

[oCERT-2009-004] AjaxTerm session id collision Andrea Barisani

Tuesday, 12 May

CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck
CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Jan Lieskovsky
Re: ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Tomas Hoger
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck
CVE Request (evolution) Josh Bressers

Wednesday, 13 May

php mb_ereg_replace() Sebastian Krahmer
CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo
Re: php mb_ereg_replace() Christian Hoffmann
Re: php mb_ereg_replace() Oden Eriksson
Re: php mb_ereg_replace() Steven M. Christey
Re: php mb_ereg_replace() Christian Hoffmann
Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo

Thursday, 14 May

CVE Request: XEN local denial of service Marcus Meissner
Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Jeff Layton
Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey
utmp reliability? Marcus Meissner
CVE Request for libsndfile Jamie Strandboge
CVE Request for cacti Henri Salo

Friday, 15 May

Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE Request -- Eggdrop Jan Lieskovsky
ptrace race CVE ID? Michael K. Johnson
Re: ptrace race CVE ID? dann frazier
Re: ptrace race CVE ID? Michael K. Johnson
Re: ptrace race CVE ID? Steven M. Christey

Monday, 18 May

Two OpenSSL DTLS remote DoS Mark J Cox
CVE id request: slim Nico Golde
Re: CVE Request for cacti Robert Buchholz
Re: Two OpenSSL DTLS remote DoS Mark J Cox
Re: CVE Request for cacti Henri Salo

Tuesday, 19 May

CVE id request: nsd Nico Golde
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo

Wednesday, 20 May

CVE request: coppermine <= 1.4.22 Hanno Böck
CVE request: ctorrent Vincent Danen
CVE request: transmission <1.61 CSRF Marcus Meissner

Thursday, 21 May

Re: CVE Request for cacti Steven M. Christey
Re: CVE request: moin Steven M. Christey
Re: CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Steven M. Christey
Re: CVE Request: clamav-milter on Ubuntu Steven M. Christey
Linux kernels and security issues? Hanno Böck
Re: CVE Request -- libmodplug Steven M. Christey
Re: CVE Request -- libmodplug Steven M. Christey
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Steven M. Christey
Re: CVE request: ctorrent Steven M. Christey
Re: CVE request: transmission <1.61 CSRF Steven M. Christey
Re: CVE id request: nsd Steven M. Christey
Re: CVE id request: slim Steven M. Christey
Re: CVE Request: XEN local denial of service Steven M. Christey
Re: CVE Request (evolution) Steven M. Christey
Re: CVE id request: coccinelle Steven M. Christey
Re: CVE id request: slim Eygene Ryabinkin

Friday, 22 May

Re: CVE Request: XEN local denial of service Eugene Teo
Re: Linux kernels and security issues? Marcus Meissner
Re: CVE id request: slim Steven M. Christey
Re: Linux kernels and security issues? Moritz Muehlenhoff
Re: Linux kernels and security issues? dann frazier
[oCERT-2009-006] Android improper package verification when using shared uids Will Drewry

Monday, 25 May

Re: CVE Request for libsndfile Robert Buchholz
CVE-2009-0161 dupe of CVE-2009-0642 Nico Golde

Tuesday, 26 May

Re: CVE-2009-0161 dupe of CVE-2009-0642 Steven M. Christey
Re: CVE Request for libsndfile Steven M. Christey

Wednesday, 27 May

CVE assignment notification (pam_krb5 CVE-2009-1384) Jan Lieskovsky

Thursday, 28 May

CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Jan Lieskovsky
CVE id request: drupal Nico Golde

Friday, 29 May

CVE request: Wireshark Stefan Behte
CVE request: kernel: splice local denial of service Marcus Meissner
CVE Request (irssi) Josh Bressers
Re: CVE request: Wireshark Steven M. Christey
Re: CVE Request -- Eggdrop Steven M. Christey

Saturday, 30 May

Re: CVE request: kernel: splice local denial of service Jon Oberheide

Tuesday, 02 June

Re: Two OpenSSL DTLS remote DoS Tomas Hoger
Re: CVE request: kernel: splice local denial of service Miklos Szeredi
CVE request: two denial of service bugs in strongswan Thomas Biege
CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658 Jan Lieskovsky
Re: CVE request: kernel: splice local denial of service Eugene Teo
CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service Eugene Teo

Wednesday, 03 June

CVE request: kernel: sparc64: Fix crash with /proc/iomem Eugene Teo
CVE request: "billion laughs" attack against Apache APR Joe Orton
CVE Request: ModSecurity / apache2 mod_security 2.5.9 Marcus Meissner
CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Marcus Meissner
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Tomas Hoger
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Steven M. Christey
Re: CVE Request: ModSecurity / apache2 mod_security 2.5.9 Steven M. Christey

Thursday, 04 June

CVE id request: dokuwiki Nico Golde
CVE Request (gstreamer-plugins-good) Josh Bressers

Friday, 05 June

CVE Request (apr-util) Josh Bressers

Saturday, 06 June

Re: CVE request: "billion laughs" attack against Apache APR Eygene Ryabinkin
Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Steven M. Christey
Re: CVE Request (gstreamer-plugins-good) Steven M. Christey
Re: CVE id request: drupal Steven M. Christey
Re: CVE Request (apr-util) Steven M. Christey
Re: CVE id rquest: xfig insecure tmp files Steven M. Christey
Re: CVE request: kernel: splice local denial of service Steven M. Christey
Re: CVE request: two denial of service bugs in strongswan Steven M. Christey
Re: CVE request: kernel: sparc64: Fix crash with /proc/iomem Steven M. Christey
Re: CVE request: "billion laughs" attack against Apache APR Steven M. Christey
Re: CVE id request: dokuwiki Steven M. Christey
Re: CVE Request (irssi) Steven M. Christey

Sunday, 07 June

Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau

Monday, 08 June

Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Thomas Biege
xfig-3.2.5 diff (CVE-2009-1962) Sebastian Krahmer

Tuesday, 09 June

Predictable Math.random() in browsers Florian Weimer
CVE-2009-1389 kernel: r8169: fix crash when large packets are received Eugene Teo

Wednesday, 10 June

Mutt 1.5.19 SSL chain verification flaw Tomas Hoger
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger

Thursday, 11 June

Re: CVE request: "billion laughs" attack against Apache APR Joe Orton

Friday, 12 June

Git daemon infinite loop Tomas Hoger
Re: xfig-3.2.5 diff (CVE-2009-1962) Nico Golde
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger

Monday, 15 June

CVE request for old Apache 2.2 issue Stefan Fritsch

Wednesday, 17 June

clamav CVE ids? Marcus Meissner
Re: clamav CVE ids? Tavis Ormandy
Re: clamav CVE ids? Hanno Böck

Friday, 19 June

libpng-1.2.37 fixes a security issue Patrick J. Volkerding
Re: libpng-1.2.37 fixes a security issue Michael S. Gilbert

Sunday, 21 June

CVE id request: strongswan Nico Golde
libtiff buffer underflow in LZWDecodeCompat Kees Cook

Monday, 22 June

incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde

Tuesday, 23 June

Re: libtiff buffer underflow in LZWDecodeCompat Vincent Danen

Wednesday, 24 June

Re: CVE id request: strongswan Steven M. Christey

Thursday, 25 June

Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Alan Boudreault

Monday, 29 June

nagios: remote code execution Tomas Hoger
CVE id request: compface Nico Golde
CVE id request: nagios Nico Golde
Re: CVE id request: compface Tomas Hoger
CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Jan Lieskovsky
CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS Eugene Teo

Tuesday, 30 June

CVE assignment notification -- CVE-2009-1889 Pidgin: DoS (OOM, crash) via specially-crafted ICQWebMessage Jan Lieskovsky

Previous period

Next period