oss-sec: by date
264 messages
starting Apr 01 09 and
ending Jun 30 09
Date index |
Thread index |
Author index
Wednesday, 01 April
CVE id rquest: xfig insecure tmp files Nico Golde
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Jan Lieskovsky
CVE request -- bibtex, pam_ssh Jan Lieskovsky
CVE request: PHP 5.2.9 Tomas Hoger
CVE request -- ghostscript Jan Lieskovsky
Re: CVE Request: Wireshark DoS Steven M. Christey
Re: CVE request: jhead Tomas Hoger
Thursday, 02 April
Re: CVE request -- ghostscript Robert Buchholz
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Tomas Hoger
Re: CVE request -- ghostscript Jan Lieskovsky
Friday, 03 April
Re: CVE request -- Linux kernel irda driver buffer security curmudgeon
Saturday, 04 April
CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
Sunday, 05 April
CVE request: kernel: NFS: Fix an Oops in encode_lookup() Eugene Teo
Monday, 06 April
CVE Request (xine-lib) Josh Bressers
CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Tuesday, 07 April
Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Thomas Biege
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Jamie Strandboge
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde
Wednesday, 08 April
CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo
Re: (Sort of urgent) CVE request -- ghostscript Jan Lieskovsky
Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau
Re: (Sort of urgent) CVE request -- ghostscript Steven M. Christey
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey
Re: CVE Request (xine-lib) Steven M. Christey
Re: CVE request -- bibtex, pam_ssh Steven M. Christey
Re: CVE request: PHP 5.2.9 Steven M. Christey
CVE-2008-5519: mod_jk session information leak vulnerability Vincent Danen
CVE request: apt Jamie Strandboge
Thursday, 09 April
Re: CVE request: PHP 5.2.9 Tomas Hoger
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Tomas Hoger
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Hanno Böck
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner
Solaris/OpenSolaris xscreensaver issue (CVE-2009-1276) Vincent Danen
Saturday, 11 April
CVE request: mpg123 Signedness Vulnerability Alex Legler
Monday, 13 April
CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Hanno Böck
CVE request: silverstripe - two sql injections Hanno Böck
Re: CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Tomas Hoger
Tuesday, 14 April
Re: CVE request: PHP 5.2.9 Christian Hoffmann
Wednesday, 15 April
Some fun with tcp_wrappers Tomas Hoger
Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Steven M. Christey
Thursday, 16 April
CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Tomas Hoger
CVE request: phpmyadmin < 3.1.3.2 Hanno Böck
Re: CVE request: phpmyadmin < 3.1.3.2 Hanno Böck
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Wietse Venema
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Re: Re: Some fun with tcp_wrappers Wietse Venema
FreeType malformed compressed data issue Steven M. Christey
Re: FreeType malformed compressed data issue Tavis Ormandy
CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) Vincent Danen
Friday, 17 April
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: CVE request: kernel: NFS: Fix an Oops in encode_lookup() Steven M. Christey
Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Steven M. Christey
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Steven M. Christey
Re: CVE request: apt Jamie Strandboge
Sunday, 19 April
CVE request: kernel: cifs: fix unicode string area word alignment in session setup Eugene Teo
Monday, 20 April
CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Tuesday, 21 April
Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE Request -- libmodplug Jan Lieskovsky
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Re: CVE request: apt Steven M. Christey
CVE id request: amule Nico Golde
CVE-2009-1192 kernel: agp: zero pages before sending to userspace Eugene Teo
Wednesday, 22 April
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo
CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo
Thursday, 23 April
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner
CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability Vincent Danen
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey
Friday, 24 April
Re: CVE request: kernel: missing capabilities in fs_mask Steven M. Christey
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Steven M. Christey
Re: CVE request: mpg123 Signedness Vulnerability Steven M. Christey
Re: CVE request: PHP 5.2.9 Steven M. Christey
Re: Re: Some fun with tcp_wrappers Steven M. Christey
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey
Saturday, 25 April
Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
VDBs (was Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask) security curmudgeon
CVE-2008-5619 update Raphael Geissert
Monday, 27 April
Re: CVE request? buffer overflow in CIFS in 2.6.* Mark J Cox
Re: CVE Request -- libmodplug Jan Lieskovsky
Re: oss-security CNA Josh Bressers
Tuesday, 28 April
Re: Re: Some fun with tcp_wrappers Tomas Hoger
Wednesday, 29 April
Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French
Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Re: CVE Request -- libmodplug Jan Lieskovsky
ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Greg KH
Friday, 01 May
CVE request (sort of): Quagga BGP crasher Florian Weimer
Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide
CVE Request: clamav-milter on Ubuntu Jamie Strandboge
Re: CVE request (sort of): Quagga BGP crasher Florian Weimer
CVE request: file security issue Vincent Danen
Sunday, 03 May
CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case Eugene Teo
CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex Eugene Teo
Monday, 04 May
Re: ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request (sort of): Quagga BGP crasher Florian Weimer
Tuesday, 05 May
Old cscope buffer overflow Tomas Hoger
CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Vincent Danen
Wednesday, 06 May
CVE request: moin Steffen Joeris
CVE id request: coccinelle Steffen Joeris
Re: oss-security CNA Steven M. Christey
Re: CVE request: file security issue Steven M. Christey
Re: Old cscope buffer overflow Steven M. Christey
Re: ipsec-tools 0.7.2 Steven M. Christey
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Steven M. Christey
Re: CVE request (sort of): Quagga BGP crasher Steven M. Christey
Re: Old cscope buffer overflow Tomas Hoger
Re: Old cscope buffer overflow Steven M. Christey
Thursday, 07 May
[oCERT-2009-001] Pango integer overflow in heap allocation size calculations Will Drewry
Friday, 08 May
OpenSC 0.11.8 released with security update Andreas Jellinghaus
Monday, 11 May
[oCERT-2009-004] AjaxTerm session id collision Andrea Barisani
Tuesday, 12 May
CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck
CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Jan Lieskovsky
Re: ipsec-tools 0.7.2 Tomas Hoger
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Tomas Hoger
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck
CVE Request (evolution) Josh Bressers
Wednesday, 13 May
php mb_ereg_replace() Sebastian Krahmer
CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo
Re: php mb_ereg_replace() Christian Hoffmann
Re: php mb_ereg_replace() Oden Eriksson
Re: php mb_ereg_replace() Steven M. Christey
Re: php mb_ereg_replace() Christian Hoffmann
Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo
Thursday, 14 May
CVE Request: XEN local denial of service Marcus Meissner
Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Jeff Layton
Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey
utmp reliability? Marcus Meissner
CVE Request for libsndfile Jamie Strandboge
CVE Request for cacti Henri Salo
Friday, 15 May
Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner
CVE Request -- Eggdrop Jan Lieskovsky
ptrace race CVE ID? Michael K. Johnson
Re: ptrace race CVE ID? dann frazier
Re: ptrace race CVE ID? Michael K. Johnson
Re: ptrace race CVE ID? Steven M. Christey
Monday, 18 May
Two OpenSSL DTLS remote DoS Mark J Cox
CVE id request: slim Nico Golde
Re: CVE Request for cacti Robert Buchholz
Re: Two OpenSSL DTLS remote DoS Mark J Cox
Re: CVE Request for cacti Henri Salo
Tuesday, 19 May
CVE id request: nsd Nico Golde
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo
Wednesday, 20 May
CVE request: coppermine <= 1.4.22 Hanno Böck
CVE request: ctorrent Vincent Danen
CVE request: transmission <1.61 CSRF Marcus Meissner
Thursday, 21 May
Re: CVE Request for cacti Steven M. Christey
Re: CVE request: moin Steven M. Christey
Re: CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Steven M. Christey
Re: CVE Request: clamav-milter on Ubuntu Steven M. Christey
Linux kernels and security issues? Hanno Böck
Re: CVE Request -- libmodplug Steven M. Christey
Re: CVE Request -- libmodplug Steven M. Christey
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Steven M. Christey
Re: CVE request: ctorrent Steven M. Christey
Re: CVE request: transmission <1.61 CSRF Steven M. Christey
Re: CVE id request: nsd Steven M. Christey
Re: CVE id request: slim Steven M. Christey
Re: CVE Request: XEN local denial of service Steven M. Christey
Re: CVE Request (evolution) Steven M. Christey
Re: CVE id request: coccinelle Steven M. Christey
Re: CVE id request: slim Eygene Ryabinkin
Friday, 22 May
Re: CVE Request: XEN local denial of service Eugene Teo
Re: Linux kernels and security issues? Marcus Meissner
Re: CVE id request: slim Steven M. Christey
Re: Linux kernels and security issues? Moritz Muehlenhoff
Re: Linux kernels and security issues? dann frazier
[oCERT-2009-006] Android improper package verification when using shared uids Will Drewry
Monday, 25 May
Re: CVE Request for libsndfile Robert Buchholz
CVE-2009-0161 dupe of CVE-2009-0642 Nico Golde
Tuesday, 26 May
Re: CVE-2009-0161 dupe of CVE-2009-0642 Steven M. Christey
Re: CVE Request for libsndfile Steven M. Christey
Wednesday, 27 May
CVE assignment notification (pam_krb5 CVE-2009-1384) Jan Lieskovsky
Thursday, 28 May
CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Jan Lieskovsky
CVE id request: drupal Nico Golde
Friday, 29 May
CVE request: Wireshark Stefan Behte
CVE request: kernel: splice local denial of service Marcus Meissner
CVE Request (irssi) Josh Bressers
Re: CVE request: Wireshark Steven M. Christey
Re: CVE Request -- Eggdrop Steven M. Christey
Saturday, 30 May
Re: CVE request: kernel: splice local denial of service Jon Oberheide
Tuesday, 02 June
Re: Two OpenSSL DTLS remote DoS Tomas Hoger
Re: CVE request: kernel: splice local denial of service Miklos Szeredi
CVE request: two denial of service bugs in strongswan Thomas Biege
CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658 Jan Lieskovsky
Re: CVE request: kernel: splice local denial of service Eugene Teo
CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service Eugene Teo
Wednesday, 03 June
CVE request: kernel: sparc64: Fix crash with /proc/iomem Eugene Teo
CVE request: "billion laughs" attack against Apache APR Joe Orton
CVE Request: ModSecurity / apache2 mod_security 2.5.9 Marcus Meissner
CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Marcus Meissner
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Tomas Hoger
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Steven M. Christey
Re: CVE Request: ModSecurity / apache2 mod_security 2.5.9 Steven M. Christey
Thursday, 04 June
CVE id request: dokuwiki Nico Golde
CVE Request (gstreamer-plugins-good) Josh Bressers
Friday, 05 June
CVE Request (apr-util) Josh Bressers
Saturday, 06 June
Re: CVE request: "billion laughs" attack against Apache APR Eygene Ryabinkin
Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Steven M. Christey
Re: CVE Request (gstreamer-plugins-good) Steven M. Christey
Re: CVE id request: drupal Steven M. Christey
Re: CVE Request (apr-util) Steven M. Christey
Re: CVE id rquest: xfig insecure tmp files Steven M. Christey
Re: CVE request: kernel: splice local denial of service Steven M. Christey
Re: CVE request: two denial of service bugs in strongswan Steven M. Christey
Re: CVE request: kernel: sparc64: Fix crash with /proc/iomem Steven M. Christey
Re: CVE request: "billion laughs" attack against Apache APR Steven M. Christey
Re: CVE id request: dokuwiki Steven M. Christey
Re: CVE Request (irssi) Steven M. Christey
Sunday, 07 June
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau
Monday, 08 June
Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Thomas Biege
xfig-3.2.5 diff (CVE-2009-1962) Sebastian Krahmer
Tuesday, 09 June
Predictable Math.random() in browsers Florian Weimer
CVE-2009-1389 kernel: r8169: fix crash when large packets are received Eugene Teo
Wednesday, 10 June
Mutt 1.5.19 SSL chain verification flaw Tomas Hoger
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger
Thursday, 11 June
Re: CVE request: "billion laughs" attack against Apache APR Joe Orton
Friday, 12 June
Git daemon infinite loop Tomas Hoger
Re: xfig-3.2.5 diff (CVE-2009-1962) Nico Golde
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger
Monday, 15 June
CVE request for old Apache 2.2 issue Stefan Fritsch
Wednesday, 17 June
clamav CVE ids? Marcus Meissner
Re: clamav CVE ids? Tavis Ormandy
Re: clamav CVE ids? Hanno Böck
Friday, 19 June
libpng-1.2.37 fixes a security issue Patrick J. Volkerding
Re: libpng-1.2.37 fixes a security issue Michael S. Gilbert
Sunday, 21 June
CVE id request: strongswan Nico Golde
libtiff buffer underflow in LZWDecodeCompat Kees Cook
Monday, 22 June
incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde
Tuesday, 23 June
Re: libtiff buffer underflow in LZWDecodeCompat Vincent Danen
Wednesday, 24 June
Re: CVE id request: strongswan Steven M. Christey
Thursday, 25 June
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Alan Boudreault
Monday, 29 June
nagios: remote code execution Tomas Hoger
CVE id request: compface Nico Golde
CVE id request: nagios Nico Golde
Re: CVE id request: compface Tomas Hoger
CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Jan Lieskovsky
CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS Eugene Teo
Tuesday, 30 June
CVE assignment notification -- CVE-2009-1889 Pidgin: DoS (OOM, crash) via specially-crafted ICQWebMessage Jan Lieskovsky