oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

640 messages starting Mar 08 11 and ending Mar 18 11
Date index | Thread index | Author index

akuster

Re: Vendor-sec hosting and future of closed lists akuster (Mar 08)

Andrea Barisani

Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 08)
Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 16)
Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 07)

Andrew Clausen

Re: announcing libwipe Andrew Clausen (Mar 14)
Re: announcing libwipe Andrew Clausen (Mar 14)
announcing libwipe Andrew Clausen (Mar 12)

Anthon Pang

CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Anthon Pang (Jan 05)

Arthur de Jong

nss-pam-ldapd security advisory (CVE-2011-0438) Arthur de Jong (Mar 09)

Art Manion

Re: Vendor-sec hosting and future of closed lists Art Manion (Mar 15)

dan . j . rosenberg

Re: CVE request: kernel: a collection ofworld-writable debugfs bugs dan . j . rosenberg (Mar 21)

dann frazier

CVE Request: kernel [Re: Security review of 2.6.32.28] dann frazier (Jan 06)

Dan Rosenberg

Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg (Mar 22)
CVE request: code execution in VLC media player Dan Rosenberg (Jan 31)
CVE request: FreeBSD/OS X crontab information leakage Dan Rosenberg (Feb 28)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
Re: CVE request: patch directory traversal flaw Dan Rosenberg (Jan 05)
CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Mar 20)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 15)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 05)
Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg (Mar 22)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Mar 30)
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
CVE request: kernel: two OSS fixes Dan Rosenberg (Mar 23)
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 20)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 22)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 31)
The risks of cleaning /tmp Dan Rosenberg (Mar 17)
Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Feb 28)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Mar 01)
Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
Re: CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 21)
Re: CVE Request -- logrotate -- nine issues Dan Rosenberg (Mar 04)
Re: Untrusted fs and invalid filenames Dan Rosenberg (Mar 14)
Re: CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
Physical access vulnerabilities and auto-mounting Dan Rosenberg (Feb 22)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Dan Rosenberg (Mar 20)
CVE request: heap corruption in libpango Dan Rosenberg (Jan 18)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 03)
CVE request: heap corruption in VLC media player Dan Rosenberg (Jan 19)
Re: CVE-NONE kernel: PHONET signedness issue Dan Rosenberg (Jan 06)
CVE request: kernel: AudioScience HPI driver Dan Rosenberg (Mar 18)
CVE request: xpdf Dan Rosenberg (Jan 20)

dave b

cve request for smoothwall & openfiler dave b (Mar 01)

David Hicks

Re: Vendor-sec hosting and future of closed lists David Hicks (Mar 04)

David King

Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 16)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 14)

David Woodhouse

Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 14)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)

Dmitry V. Levin

Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 03)
Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 07)

Eitan Adler

Re: Untrusted fs and invalid filenames Eitan Adler (Mar 13)

Eugene Teo

Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 22)
Re: CVE request: linux kernel heap issues Eugene Teo (Jan 24)
CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler Eugene Teo (Mar 10)
Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Eugene Teo (Feb 16)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 21)
Re: Linux kernel av7110 negative array offset Eugene Teo (Jan 24)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
CVE request: kernel: fs/partitions: validate map_count in mac partition tables Eugene Teo (Feb 21)
CVE-NONE kernel: PHONET signedness issue Eugene Teo (Jan 05)
Re: CVE request: libcgroup: Failure to verify netlink messages Eugene Teo (Feb 24)
Re: CVE request: kernel: multiple issues in ROSE Eugene Teo (Mar 20)
Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 06)
CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 04)
CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Eugene Teo (Jan 03)
oss-security is on twitter Eugene Teo (Mar 22)
Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 06)
CVE requests - kernel: tpm infoleaks Eugene Teo (Mar 14)
Re: CVE requests - kernel: tpm infoleaks Eugene Teo (Mar 14)
Re: oss-security is on twitter Eugene Teo (Mar 23)
CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Eugene Teo (Feb 16)
Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Eugene Teo (Feb 24)
Re: CVE Request Eugene Teo (Feb 22)
Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo (Feb 16)
CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Eugene Teo (Mar 06)
Re: CVE Request: xen DoS Eugene Teo (Mar 17)
Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo (Mar 20)
Re: Please REJECT CVE-2008-2956 Eugene Teo (Mar 13)
Re: CVE request: linux kernel heap issues Eugene Teo (Jan 24)
Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 22)
Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
Re: CVE request: kernel: OOM-killer via argv expansion Eugene Teo (Feb 28)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 20)
Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Eugene Teo (Feb 24)
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 24)
Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo (Mar 21)
Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Eugene Teo (Mar 08)
CVE-2010-4238 xen dom0 issue Eugene Teo (Jan 25)
CVE request - kernel: xfs infoleak Eugene Teo (Feb 16)
Re: CVE request: kernel: AudioScience HPI driver Eugene Teo (Mar 18)
CVE-2011-1076 kernel: DNS: Fix a NULL pointer deref when trying to read an error key Eugene Teo (Mar 03)
Re: CVE request: PHP substr_replace() use-after-free Eugene Teo (Mar 13)
CVE requests - kernel: irda/decnet issues Eugene Teo (Mar 22)
CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse Eugene Teo (Mar 27)
CVE request - kernel: bridge br_multicast NULL pointer dereference Eugene Teo (Feb 16)
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 22)
CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo (Feb 23)
Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo (Feb 24)
kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo (Feb 16)
CVE request - kernel: s390 task_show_regs infoleak Eugene Teo (Feb 16)
CVE request: kernel: Corrupted LDM partition table issues Eugene Teo (Feb 22)
Re: CVE request: kernel: Multiple DoS issues in block layer Eugene Teo (Jan 04)
Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 22)
Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
Re: CVE request: kernel: two OSS fixes Eugene Teo (Mar 24)
Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 21)
Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
Re: Linux kernel signal spoofing vulnerability (CVE request) Eugene Teo (Mar 22)
Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Eugene Teo (Feb 24)
Re: CVE request: linux kernel heap issues Eugene Teo (Jan 27)
Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
CVE request: kernel: dccp: fix oops on Reset after close Eugene Teo (Mar 07)
Re: CVE request - kernel: xfs infoleak Eugene Teo (Mar 01)
Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Eugene Teo (Feb 23)
Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
CVE-2011-1023 kernel: rds: prevent BUG_ON triggering on congestion map updates Eugene Teo (Mar 03)
Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 20)

Eygene Ryabinkin

Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Jan 10)

Felipe Pena

CVE request: PHP substr_replace() use-after-free Felipe Pena (Mar 13)
CVE request: buffer overflow in unixODBC's SQLDriverConnect() Felipe Pena (Mar 09)
Re: CVE request: PHP substr_replace() use-after-free Felipe Pena (Mar 13)
Re: CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)

Florian Zumbiehl

Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 04)
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 06)
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 04)

Greg KH

Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Greg KH (Feb 22)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: CVE request: kernel: btrfs heap overflow Greg KH (Feb 09)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Greg KH (Jan 04)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 05)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Greg KH (Jan 05)

Hafez Kamal

[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 30)
[HITB-Announce] HITB Magazine Issue 005 Released Hafez Kamal (Feb 09)

Hanno Böck

CVE request: roundcube < 0.5.1 CSRF Hanno Böck (Mar 24)
CVE request: cmsmadesimple before 1.9.1 Hanno Böck (Mar 29)
CVE request: AusweisApp Hanno Böck (Jan 03)
Re: CVE request: phpbb before 3.0.8 Hanno Böck (Feb 08)
Re: Physical access vulnerabilities and auto-mounting Hanno Böck (Feb 23)
CVE request: pmwiki before 2.2.21 Hanno Böck (Feb 23)
CVE request: wordpress before 3.0.5 Hanno Böck (Feb 08)
CVE request: simple machines forum before 1.1.13 Hanno Böck (Feb 22)
CVE request: phpbb before 3.0.8 Hanno Böck (Feb 07)
CVE request: proftpd before 1.3.3d Hanno Böck (Jan 14)
Re: CVE request: AusweisApp Hanno Böck (Jan 03)
clamav 0.97 Hanno Böck (Feb 21)
CVE request: hastymail before 1.01 XSS Hanno Böck (Jan 05)
CVE request: silverstripe before 2.4.4 Hanno Böck (Jan 03)

Helgi Þormar Þorbjörnsson

Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Feb 28)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 08)

henri

CVE request: gri < 2.12.18 insecure temp file generation henri (Mar 02)
CVE request: VLC bookmark buffer overflow henri (Mar 02)
CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability henri (Mar 01)

Henri Salo

Re: CVE request: VLC bookmark buffer overflow Henri Salo (Mar 24)

Huzaifa Sidhpurwala

CVE request for buffer overflows in gimp Huzaifa Sidhpurwala (Jan 03)
Re: CVE assignments for Wireshark Huzaifa Sidhpurwala (Jan 19)
Wireshark: Freeing uninitialized pointer Huzaifa Sidhpurwala (Feb 04)
Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Huzaifa Sidhpurwala (Feb 16)
Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES Huzaifa Sidhpurwala (Jan 02)
wireshark dct3trace buffer overflow Huzaifa Sidhpurwala (Feb 16)

Hyrum K Wright

Re: CVE request for subversion Hyrum K Wright (Jan 08)

Hyrum Wright

Re: CVE request for subversion Hyrum Wright (Jan 04)

Jamie Strandboge

Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)
Re: Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)

Jan Kaluža

Re: CVE Request -- logrotate -- nine issues Jan Kaluža (Mar 07)

Jan Lieskovsky

CVE Request -- OpenLDAP -- two issues Jan Lieskovsky (Feb 24)
CVE Request (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky (Mar 21)
CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Jan Lieskovsky (Mar 24)
Re: CVE request for subversion Jan Lieskovsky (Jan 04)
CVE Request -- Nagios -- XSS in the network status map CGI script Jan Lieskovsky (Mar 25)
CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Jan Lieskovsky (Jan 28)
CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky (Mar 14)
CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Jan Lieskovsky (Mar 25)
Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)
Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky (Mar 24)
CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Jan Lieskovsky (Feb 24)
CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Jan Lieskovsky (Jan 19)
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Jan Lieskovsky (Jan 04)
CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Jan Lieskovsky (Mar 11)
Re: CVE UnRequest (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky (Mar 21)
CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Jan Lieskovsky (Mar 30)
Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)
CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Jan Lieskovsky (Feb 22)
CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)

Jonathan Wiltshire

Re: CVE request for python-feedparser Jonathan Wiltshire (Mar 16)
(possible) CVE request: Clickjacking in Mediawiki Jonathan Wiltshire (Jan 04)

Jon Oberheide

Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Jon Oberheide (Feb 23)

Josh Bressers

Re: CVE request: wordpress before 3.0.4 XSS Josh Bressers (Jan 03)
Re: CVE request - kernel: s390 task_show_regs infoleak Josh Bressers (Feb 16)
Re: CVE Request -- OpenLDAP -- two issues Josh Bressers (Feb 25)
Re: CVE Request: CrawlTrack < 3.2.7 - remote php code execution Josh Bressers (Jan 03)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 15)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Josh Bressers (Mar 07)
Re: CVE request: gri < 2.12.18 insecure temp file generation Josh Bressers (Mar 03)
Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Josh Bressers (Jan 06)
Re: CVE request: glibc CVE-2010-3847 fix regression Josh Bressers (Feb 03)
Re: CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability Josh Bressers (Mar 30)
Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws Josh Bressers (Jan 03)
Re: CVE request: MaraDNS DoS via long queries Josh Bressers (Jan 24)
Re: CVE request: heap corruption in libpango Josh Bressers (Jan 20)
Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Josh Bressers (Feb 17)
Re: CVE request for subversion Josh Bressers (Jan 03)
Re: glibc locale escaping issue Josh Bressers (Mar 08)
Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 22)
Re: CVE Request -- OpenLDAP -- two issues Josh Bressers (Mar 01)
Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Josh Bressers (Jan 27)
Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 03)
Re: Re: CVE request for python-feedparser Josh Bressers (Mar 21)
Re: CVE request: proftpd before 1.3.3d Josh Bressers (Jan 14)
Re: CVE request: format-string vulnerability in PHP Phar extension Josh Bressers (Mar 14)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 14)
Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
Re: CVE request: fuse Josh Bressers (Feb 03)
Re: CVE request: multiple gypsy vulnerabilities Josh Bressers (Jan 25)
Re: CVE assignments for Wireshark Josh Bressers (Feb 09)
Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)
Re: CVE request: heap corruption in VLC media player Josh Bressers (Jan 20)
Re: CVE request for python-feedparser Josh Bressers (Mar 15)
Re: CVE request: pmwiki before 2.2.21 Josh Bressers (Feb 23)
Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
Re: CVE requests - kernel: tpm infoleaks Josh Bressers (Mar 14)
Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Josh Bressers (Jan 12)
Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers (Feb 22)
Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Josh Bressers (Feb 23)
Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Josh Bressers (Feb 21)
Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Josh Bressers (Feb 16)
Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Josh Bressers (Jan 24)
Re: CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability Josh Bressers (Feb 28)
Re: Pattern lock bypass on SE X10 with Android 1.6 Josh Bressers (Feb 24)
Re: CVE request: MPM-ITK module for Apache HTTPD Josh Bressers (Mar 21)
Re: CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability Josh Bressers (Mar 30)
Re: CVE request: buffer overflow in unixODBC's SQLDriverConnect() Josh Bressers (Mar 10)
Re: CVE Request - pimd - Insecure file creation in /var/tmp Josh Bressers (Jan 07)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Josh Bressers (Feb 28)
Re: CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability Josh Bressers (Mar 14)
Re: CVE request, php's shm Josh Bressers (Mar 08)
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers (Feb 23)
Re: cve request: eglibc memory corruption Josh Bressers (Feb 28)
Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Josh Bressers (Feb 18)
Re: CVE request: FreeBSD/OS X crontab information leakage Josh Bressers (Feb 28)
Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Feb 03)
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers (Feb 24)
Re: cve request for smoothwall & openfiler Josh Bressers (Mar 03)
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 23)
Re: gksu-polkit Josh Bressers (Mar 15)
Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
Re: CVE request for buffer overflows in gimp Josh Bressers (Jan 04)
Re: CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability Josh Bressers (Jan 06)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 23)
Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: [oss-security] CVE request: opensc buffer overflow ] Josh Bressers (Jan 03)
Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) Josh Bressers (Jan 06)
Re: CVE request: tor Josh Bressers (Jan 18)
Re: CVE request for Asterisk flaws Josh Bressers (Mar 21)
Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Josh Bressers (Feb 24)
Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability Josh Bressers (Jan 27)
Re: CVE requests - kernel: tpm infoleaks Josh Bressers (Mar 15)
Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Josh Bressers (Jan 31)
Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers (Feb 22)
Re: CVE request Josh Bressers (Jan 18)
Re: CVE assignments for Wireshark Josh Bressers (Jan 31)
Re: CVE request for feh Josh Bressers (Feb 09)
Re: CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Josh Bressers (Mar 07)
Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Josh Bressers (Feb 16)
Re: CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability Josh Bressers (Mar 30)
Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability Josh Bressers (Mar 14)
Re: CVE request: simple machines forum before 1.1.13 Josh Bressers (Feb 23)
Re: CVE request: patch directory traversal flaw Josh Bressers (Jan 06)
Re: CVE request: puppet Josh Bressers (Jan 31)
Re: CVE request: wordpress before 3.0.5 Josh Bressers (Feb 09)
Re: request CVE for weborf Josh Bressers (Jan 31)
Re: CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability Josh Bressers (Mar 14)
Re: CVE Request: Wireshark Josh Bressers (Jan 03)
Re: CVE request: silverstripe before 2.4.4 Josh Bressers (Jan 04)
Re: CVE request: Information disclosure in CGIHTTPServer from Python Josh Bressers (Feb 24)
Re: CVE Request: kernel [Re: Security review of 2.6.32.28] Josh Bressers (Jan 06)
Django multiple flaws (CVEs inside) Josh Bressers (Feb 09)
Re: Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Josh Bressers (Jan 03)
Re: CVE request: kernel: Corrupted LDM partition table issues Josh Bressers (Feb 23)
Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)
Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Josh Bressers (Mar 11)
Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
Re: CVE Request: VLC Subtitle StripTags heap corruption Josh Bressers (Jan 25)
Re: 2 acpid flaws Josh Bressers (Mar 15)
Re: CVE id request: telepathy-gabble Josh Bressers (Feb 17)
Re: CVE request: fuse Josh Bressers (Feb 08)
Re: CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability Josh Bressers (Mar 01)
Re: CVE request - kernel: xfs infoleak Josh Bressers (Feb 16)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 16)
Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Josh Bressers (Feb 03)
Re: CVE request: cmsmadesimple before 1.9.1 Josh Bressers (Mar 30)
Re: (possible) CVE request: Clickjacking in Mediawiki Josh Bressers (Jan 04)
Re: Batavi 1.0 - XSRF bug fixed Josh Bressers (Jan 27)
Re: CVE request: phpbb before 3.0.8 Josh Bressers (Feb 08)
Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)
Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7 Josh Bressers (Feb 04)
Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Josh Bressers (Mar 15)
Re: CVE request: sudo does not ask for password on GID changes Josh Bressers (Jan 12)
Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Josh Bressers (Feb 24)
Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
Re: CVE request for subversion Josh Bressers (Jan 05)
Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
Re: clamav 0.97 Josh Bressers (Feb 21)
Re: CVE request: v86d: Failure to validate netlink message sender Josh Bressers (Feb 28)
Re: CVE request: code execution in VLC media player Josh Bressers (Jan 31)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 22)
Re: CVE request: multiple status.net issues Josh Bressers (Jan 25)
Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
Re: KDE SSL name check issue Josh Bressers (Mar 08)
Re: CVE request: kernel: dccp: fix oops on Reset after close Josh Bressers (Mar 08)
Re: CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability Josh Bressers (Feb 22)
Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 08)
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Josh Bressers (Jan 14)
Re: gdm PostLogin script executes scripts as user gdm Josh Bressers (Feb 22)
Re: CVE requests - kernel: irda/decnet issues Josh Bressers (Mar 22)
Re: CVE request: hastymail before 1.01 XSS Josh Bressers (Jan 06)
Re: CVE request: xpdf Josh Bressers (Jan 24)

Julien Tinnes

Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes (Mar 22)
Re: Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes (Mar 29)

Kees Cook

Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
CVE request: multiple status.net issues Kees Cook (Jan 24)
Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Kees Cook (Feb 24)
CVE request: multiple gypsy vulnerabilities Kees Cook (Jan 24)
CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
Re: kernel: modules_disabled policy Kees Cook (Mar 05)
Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)
Linux kernel av7110 negative array offset Kees Cook (Jan 24)
Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook (Feb 25)
Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Kees Cook (Mar 05)
CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Kees Cook (Feb 24)
CVE request: linux kernel heap issues Kees Cook (Jan 24)
CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook (Feb 24)
Re: announcing libwipe Kees Cook (Mar 13)
CVE request: libxml2 heap contents leak Kees Cook (Jan 24)

klondike

Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 22)
Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 21)
Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 22)

Kurt Seifried

CVE request for subversion Kurt Seifried (Jan 02)
Re: CVE request for subversion Kurt Seifried (Jan 08)
Re: CVE request: linux kernel heap issues Kurt Seifried (Jan 24)
CVE Request Kurt Seifried (Feb 22)
Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Kurt Seifried (Jan 10)

Ludwig Nussel

Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 03)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 14)
CVE Request: rsyslogd memory leaks Ludwig Nussel (Mar 29)
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
CVE Request: libpng memory leak Ludwig Nussel (Mar 22)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Ludwig Nussel (Mar 16)
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 07)
Re: Untrusted fs and invalid filenames Ludwig Nussel (Mar 14)
Re: 2 acpid flaws Ludwig Nussel (Mar 15)
Buffer overflows in fsck may become security issues Ludwig Nussel (Mar 08)
CVE Request: perl: regex causes assertion fail Ludwig Nussel (Mar 23)
tiff CVE-2011-0192 patch broken Ludwig Nussel (Mar 30)
CVE Request: xen DoS Ludwig Nussel (Mar 17)
Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)

Marc Deslauriers

CVE request: aircrack-ng Marc Deslauriers (Feb 14)
CVE Request: VLC Subtitle StripTags heap corruption Marc Deslauriers (Jan 25)
CVE request: fuse Marc Deslauriers (Feb 01)
Re: CVE request: fuse Marc Deslauriers (Feb 03)

Marcus Meissner

Vendor-sec hosting and future of closed lists Marcus Meissner (Mar 03)
Re: Vendor-sec hosting and future of closed lists Marcus Meissner (Mar 03)

Mark J Cox

Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 04)
RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 03)

Mark Stosberg

Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Mark Stosberg (Jan 04)
CGI.pm 3.51 released Mark Stosberg (Jan 05)
Re: CGI.pm 3.51 released (revised) Mark Stosberg (Jan 05)

Matthew Nicholson

Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Matthew Nicholson (Jan 19)
Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Matthew Nicholson (Mar 11)
CVE Request -- Asterisk Security Vulnerability Matthew Nicholson (Mar 23)

Matthieu Herrb

Re: Vendor-sec hosting and future of closed lists Matthieu Herrb (Mar 06)

Menkhus, Mark (GSE Security HP SSRT)

RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 15)
RE: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Menkhus, Mark (GSE Security HP SSRT) (Mar 19)
RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
RE: oss-security is on twitter Menkhus, Mark (GSE Security HP SSRT) (Mar 23)

Michael Gilbert

Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
Re: Vendor-sec hosting and future of closed lists Michael Gilbert (Mar 03)
cve request: eglibc memory corruption Michael Gilbert (Feb 26)
Re: Webkit Dupes Michael Gilbert (Feb 18)
Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
Please REJECT CVE-2008-2956 Michael Gilbert (Mar 13)
Re: cve request: eglibc memory corruption Michael Gilbert (Feb 28)
Webkit Dupes Michael Gilbert (Feb 05)
Re: CVE request: xpdf Michael Gilbert (Feb 01)
Re: CVE request Michael Gilbert (Jan 18)
Re: CVE request Michael Gilbert (Jan 18)
Webkit Roundup Michael Gilbert (Feb 05)
Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)

Michael Tokarev

Re: Physical access vulnerabilities and auto-mounting Michael Tokarev (Feb 22)

Mike O'Connor

Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 16)
Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
Re: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Mike O'Connor (Mar 18)
Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)

Moritz Muehlenhoff

Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Moritz Muehlenhoff (Feb 16)
CVE requests: freebsd kernel/tesseract/xinha/proftpd Moritz Muehlenhoff (Feb 21)
CVE request: Information disclosure in CGIHTTPServer from Python Moritz Muehlenhoff (Feb 23)
CVE request: tor Moritz Muehlenhoff (Jan 17)
Re: CVE request: kernel: btrfs heap overflow Moritz Muehlenhoff (Feb 09)

Moritz Mühlenhoff

Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Moritz Mühlenhoff (Jan 14)
CVE request: puppet Moritz Mühlenhoff (Jan 27)

Nelson Elhage

Re: Physical access vulnerabilities and auto-mounting Nelson Elhage (Feb 22)
Re: CVE request: kernel: OOM-killer via argv expansion Nelson Elhage (Feb 28)
Re: CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage (Feb 25)
Re: Vendor-sec hosting and future of closed lists Nelson Elhage (Mar 04)
CVE request: kernel: Multiple DoS issues in epoll Nelson Elhage (Mar 01)
Re: CVE-NONE kernel: PHONET signedness issue Nelson Elhage (Jan 06)
Re: The risks of cleaning /tmp Nelson Elhage (Mar 17)
CVE request: v86d: Failure to validate netlink message sender Nelson Elhage (Feb 25)
CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage (Feb 24)

Nico Golde

Re: CVE request: aircrack-ng Nico Golde (Feb 15)
CVE id request: telepathy-gabble Nico Golde (Feb 17)

Nicolas Grégoire

CVE requests : Liferay 6.0.6 Nicolas Grégoire (Mar 29)

Oden Eriksson

Re: CVE request: PHP substr_replace() use-after-free Oden Eriksson (Mar 13)
Re: CVE-2010-4225: XSP/mod_mono source code disclosure Oden Eriksson (Jan 20)

pan

Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes pan (Mar 30)

Patrick J. Volkerding

Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Patrick J. Volkerding (Mar 31)

Paul Martin

Re: CVE Request -- logrotate -- nine issues Paul Martin (Mar 07)

Pavel Labushev

Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)

Petr Matousek

Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Petr Matousek (Mar 01)
CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Petr Matousek (Mar 08)
CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Petr Matousek (Feb 16)
Re: CVE request: kernel: Multiple DoS issues in epoll Petr Matousek (Mar 02)
CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Petr Matousek (Jan 10)
CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)

Pierre Joye

Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 16)
Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 16)
Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
Re: announcing libwipe Pierre Joye (Mar 13)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Pierre Joye (Jan 10)
CVE request, php's shm Pierre Joye (Mar 08)
Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 14)
Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)

psy

XSSer v1.5 -beta- aka "Swarm Edition!" released. psy (Feb 24)

Raimo Niskanen

Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Raimo Niskanen (Mar 31)

Ralf Corsepius

Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Ralf Corsepius (Feb 24)

Ralf Haferkamp

Re: CVE Request -- OpenLDAP -- two issues Ralf Haferkamp (Mar 01)

Raphael Geissert

Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Raphael Geissert (Jan 13)
Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
CVE request: MaraDNS DoS via long queries Raphael Geissert (Jan 23)
CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Raphael Geissert (Jan 13)
Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
Possible security fixes in 5.05? Raphael Geissert (Mar 21)
Re: CVE request: More Evince overflows Raphael Geissert (Feb 18)
CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email Raphael Geissert (Feb 21)
Re: MaraDNS 1.4.06 and 1.3.07.11 released Raphael Geissert (Mar 18)

Reed Loden

CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Reed Loden (Feb 01)

Rickard Green

Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Rickard Green (Mar 31)

Ronald van den Blink

Batavi 1.0 - XSRF bug fixed Ronald van den Blink (Jan 25)

R P Herrold

Vendor-sec hosting and future of closed lists R P Herrold (Mar 08)

Salvo Tomaselli

request CVE for weborf Salvo Tomaselli (Jan 28)

Sam Trenholme

MaraDNS 1.4.06 and 1.3.07.11 released Sam Trenholme (Jan 29)

Sebastian Krahmer

Re: Physical access vulnerabilities and auto-mounting Sebastian Krahmer (Feb 22)
gksu-polkit Sebastian Krahmer (Mar 15)

Solar Designer

Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
Re: Vendor-sec hosting and future of closed lists Solar Designer (Mar 03)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
Re: Physical access vulnerabilities and auto-mounting Solar Designer (Feb 22)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
Re: Linux kernel proactive security hardening Solar Designer (Mar 22)

S.P.Zeidler

Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 06)
Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)

Stefan Behte

CVE request for feh Stefan Behte (Feb 08)

Stefan Fritsch

CVE request: MPM-ITK module for Apache HTTPD Stefan Fritsch (Mar 20)

Steinar H. Gunderson

Re: CVE request: MPM-ITK module for Apache HTTPD Steinar H. Gunderson (Mar 21)

Stéphane Gaudreault

Re: CVE request: kernel: btrfs heap overflow Stéphane Gaudreault (Feb 09)

Stephan Mueller

Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)
Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)

Steve Beattie

Re: CVE request: patch directory traversal flaw Steve Beattie (Jan 06)

Steve Grubb

Re: Untrusted fs and invalid filenames Steve Grubb (Mar 13)
Re: CVE Request -- logrotate -- nine issues Steve Grubb (Mar 07)
Re: kernel: modules_disabled policy Steve Grubb (Mar 06)
Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)
Re: Local memory disclosure (was: libpurple CVE UnRequest) Steve Grubb (Mar 21)
Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb (Feb 25)
Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)
Re: Physical access vulnerabilities and auto-mounting Steve Grubb (Feb 23)
Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb (Feb 25)
Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)
ldd can execute an app unexpectedly Steve Grubb (Mar 07)
Re: ldd can execute an app unexpectedly Steve Grubb (Mar 07)

Steve Kemp

CVE Request - pimd - Insecure file creation in /var/tmp Steve Kemp (Jan 07)

Steven M. Christey

Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
Re: CVE request: VLC bookmark buffer overflow Steven M. Christey (Mar 28)
Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Steven M. Christey (Jan 19)
Re: CVE request: kernel: btrfs heap overflow Steven M. Christey (Feb 10)
Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
Re: CVE Request: libpng memory leak Steven M. Christey (Mar 28)
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Steven M. Christey (Mar 30)
Re: CVE Request -- Asterisk Security Vulnerability Steven M. Christey (Mar 23)
Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Steven M. Christey (Mar 02)
Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Steven M. Christey (Feb 02)
Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
Re: CVE Request -- Nagios -- XSS in the network status map CGI script Steven M. Christey (Mar 28)
Re: Physical access vulnerabilities and auto-mounting Steven M. Christey (Feb 23)
Re: CVE Request: perl: regex causes assertion fail Steven M. Christey (Mar 28)
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey (Mar 14)
Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Steven M. Christey (Mar 28)
Re: CVE-NONE kernel: PHONET signedness issue Steven M. Christey (Jan 06)
Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Steven M. Christey (Feb 22)
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Steven M. Christey (Jan 14)
Local memory disclosure (was: libpurple CVE UnRequest) Steven M. Christey (Mar 21)
CVE assignments for Wireshark Steven M. Christey (Jan 12)
Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 04)
Re: CVE request: simple machines forum before 1.1.13 Steven M. Christey (Mar 02)
Re: glibc locale escaping issue Steven M. Christey (Mar 08)
Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. Steven M. Christey (Mar 22)
Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 10)
Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Steven M. Christey (Mar 28)
Re: Webkit Dupes Steven M. Christey (Feb 17)
Re: CVE request: tor Steven M. Christey (Jan 18)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Steven M. Christey (Jan 22)
Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 03)

Sverker Eriksson

Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Sverker Eriksson (Mar 31)

SZALAY Attila

syslog-ng wrong file permission vulnerability SZALAY Attila (Jan 25)

Thomas Biege

gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 22)
Re: CVE request: xpdf Thomas Biege (Feb 08)
CVE request: avahi daemon remote denial of service by sending NULL UDP Thomas Biege (Feb 18)
Re: CVE request: xpdf Thomas Biege (Feb 08)
CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Thomas Biege (Feb 21)
CVE-2010-4225: XSP/mod_mono source code disclosure Thomas Biege (Jan 07)
Re: CVE Request -- OpenLDAP -- two issues Thomas Biege (Feb 28)
Re: gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 23)

Thomas Sibley

Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Thomas Sibley (Feb 22)

Tim Brown

Re: CVE request Tim Brown (Jan 18)
CVE request Tim Brown (Jan 18)
Pattern lock bypass on SE X10 with Android 1.6 Tim Brown (Feb 23)
Re: ldd can execute an app unexpectedly Tim Brown (Mar 07)

Timo Warns

Re: Physical access vulnerabilities and auto-mounting Timo Warns (Feb 23)
CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Feb 23)
CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Timo Warns (Mar 15)

TJ Saunders

Re: CVE request: proftpd before 1.3.3d TJ Saunders (Jan 14)

Todd C. Miller

Re: CVE request: sudo does not ask for password on GID changes Todd C. Miller (Jan 12)

Tomas Hoger

cgit convert_query_hexchar infinite loop (CVE-2011-1027) Tomas Hoger (Mar 07)
Re: MaraDNS 1.4.06 and 1.3.07.11 released Tomas Hoger (Jan 31)
Re: ldd can execute an app unexpectedly Tomas Hoger (Mar 08)
CVE request: glibc CVE-2010-3847 fix regression Tomas Hoger (Feb 01)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Mar 22)
glibc locale escaping issue Tomas Hoger (Mar 08)
Re: Re: CVE request: More Evince overflows Tomas Hoger (Mar 04)
KDE SSL name check issue Tomas Hoger (Mar 08)
Re: CVE request, php's shm Tomas Hoger (Mar 08)
Re: CVE request: xpdf Tomas Hoger (Feb 08)
Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Tomas Hoger (Jan 14)

Vasiliy Kulikov

Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Feb 18)
2 acpid flaws Vasiliy Kulikov (Jan 19)
kernel: modules_disabled policy Vasiliy Kulikov (Mar 05)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 21)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Feb 23)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 20)
Re: Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 14)
Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 12)
Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Vasiliy Kulikov (Mar 11)
Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Vasiliy Kulikov (Feb 25)
CVE request: kernel: netfilter & econet infoleaks Vasiliy Kulikov (Mar 18)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 21)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 24)
CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Vasiliy Kulikov (Feb 28)
Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Jan 26)

Vincent Danen

Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 03)
Re: CVE Request -- OpenLDAP -- two issues Vincent Danen (Mar 01)
Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 11)
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen (Feb 24)
Re: CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
Re: CVE request: PHP substr_replace() use-after-free Vincent Danen (Mar 18)
CVE request for Asterisk flaws Vincent Danen (Mar 17)
Re: CVE-2010-4225: XSP/mod_mono source code disclosure Vincent Danen (Jan 20)
CVE request: sudo does not ask for password on GID changes Vincent Danen (Jan 11)
CVE request for python-feedparser Vincent Danen (Mar 14)
Re: Physical access vulnerabilities and auto-mounting Vincent Danen (Feb 23)
Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Vincent Danen (Feb 24)
CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
Re: CVE Request -- OpenLDAP -- two issues Vincent Danen (Feb 28)

William Grant

CVE-2011-0728: Loggerhead 1.18.1 security release William Grant (Mar 24)

Willy Tarreau

Re: Vendor-sec hosting and future of closed lists Willy Tarreau (Mar 07)

YGN Ethical Hacker Group

CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Feb 22)
Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Feb 24)
CVE Request: 2Wire Broadband Router Session Hijacking Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: XOOPS 2.5.0 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 13)
CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 26)
CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 23)
CVE Request: TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities YGN Ethical Hacker Group (Mar 18)
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) YGN Ethical Hacker Group (Jan 06)
CVE Request: HP System Management Homepage(SMH) | Open URL Redirection YGN Ethical Hacker Group (Mar 18)
CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 06)
CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 23)
CVE Request: MyBB 1.6 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: MyBB 1.6 <= SQL Injection YGN Ethical Hacker Group (Mar 18)
CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability YGN Ethical Hacker Group (Mar 23)
CVE Request: PHP Support Ticket 2.2 <= Multiple Vulnerabilities YGN Ethical Hacker Group (Mar 18)
CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Feb 24)
CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 27)
CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Feb 01)
CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 13)
CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 13)
CVE Request: Joomla! 1.5.21 <= SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 18)
Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 18)

Previous period

Next period