oss-sec: by author
RSS Feed
About List
All Lists
Previous period
738 messages
starting Apr 03 11 and
ending Apr 15 11
Date index |
Thread index |
Author index
AK
Re: Closed list AK (Apr 03)
akuster
Re: CVE request: kernel: missing socket check in can/bcm release akuster (Apr 21)
Re: Closed list akuster (Apr 13)
Re: Closed list akuster (Apr 14)
Re: Closed list akuster (Jun 01)
Re: CVE request: kernel: buffer overflow and DoS issues in agp akuster (Apr 22)
Re: Closed list akuster (May 26)
Re: Closed list akuster (Apr 06)
Re: Closed list akuster (Apr 12)
Re: CVE request: kernel: a collection of world-writable debugfs bugs akuster (Apr 15)
Re: Closed list akuster (Apr 08)
Re: Closed list akuster (Apr 12)
Re: Closed list akuster (Apr 06)
Re: Closed list akuster (Apr 13)
Re: Closed list akuster (Apr 12)
Re: Closed list akuster (Apr 12)
Re: Closed list akuster (May 02)
Re: Closed list akuster (May 02)
Re: Closed list akuster (Apr 14)
Re: Closed list akuster (Apr 11)
Re: Closed list akuster (May 26)
Re: Closed list akuster (Apr 13)
Re: Closed list akuster (Apr 07)
Re: Closed list akuster (May 02)
Alex Legler
Re: Closed list Alex Legler (Apr 02)
Alvaro Lopez Ortega
Re: Security issue in cherokee Alvaro Lopez Ortega (Jun 06)
Andrea Barisani
Re: Closed list Andrea Barisani (Apr 05)
Andrew Morton
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Andrew Morton (Jun 28)
Anthon Pang
CVE Request: GeoIP Directory traversal weakness in geoipupdate Anthon Pang (May 20)
ArkanoiD
Re: Closed list ArkanoiD (Apr 03)
Re: Closed list ArkanoiD (Apr 02)
Re: Closed list ArkanoiD (Apr 03)
Benji
Re: Closed list Benji (Apr 04)
Re: Closed list Benji (Apr 05)
Re: Closed list Benji (Apr 03)
Ben Laurie
Re: Closed list Ben Laurie (Apr 04)
Re: Closed list Ben Laurie (Apr 03)
Bernhard Reiter
Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate Bernhard Reiter (Jun 15)
Bernhard Rosenkraenzer
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Bernhard Rosenkraenzer (Jun 10)
Chad Dougherty
Apache HttpClient CVE request [VU#153049] Chad Dougherty (Apr 07)
Charles Blas
Re: Closed list Charles Blas (Apr 01)
Chris Evans
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Chris Evans (Jun 06)
Christos Zoulas
Re: Possible security fixes in 5.05? Christos Zoulas (Apr 07)
Daniel Godás
Re: CVE request: crypt_blowfish 8-bit character mishandling Daniel Godás (Jun 20)
daniel () ruoso com
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl daniel () ruoso com (Jun 06)
Dan Rosenberg
CVE request: kernel: two issues in mpt2sas Dan Rosenberg (Apr 05)
Re: CVE requests: Three Linux kernel issues Dan Rosenberg (Apr 11)
Re: Closed list Dan Rosenberg (May 26)
Re: Closed list Dan Rosenberg (Apr 01)
Re: Closed list Dan Rosenberg (Apr 01)
Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Dan Rosenberg (Jun 20)
Re: Closed list Dan Rosenberg (Apr 13)
Re: CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure Dan Rosenberg (Jun 20)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Apr 27)
Re: [klibc] CVE request: klibc: ipconfig sh script with unescaped DHCP options Dan Rosenberg (May 18)
CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure Dan Rosenberg (Jun 15)
Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Apr 05)
Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Apr 04)
Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options Dan Rosenberg (May 18)
CVE request: kernel: DCCP invalid options Dan Rosenberg (May 08)
Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Apr 11)
Re: Closed list Dan Rosenberg (Apr 03)
CVE request: kernel: remote buffer overflow in bluetooth Dan Rosenberg (Jun 24)
CVE request: kernel (ARM): heap corruption in OABI semtimedop Dan Rosenberg (Apr 29)
Re: CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure Dan Rosenberg (Jun 20)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Apr 27)
dave b
Re: XSS security issue in gitweb for 'blob_plain' view with HTML files dave b (Jun 03)
Re: CVE Request -- Cherokee -- server admin vulnerable to csrf dave b (Jun 03)
Debian Bug Tracking System
Bug#629511: Info received (CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used) Debian Bug Tracking System (Jun 12)
Bug#631818: Info received (CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism) Debian Bug Tracking System (Jun 28)
Bug#629938: Info received (CVE Request -- dbus -- Local DoS via messages with non-native byte order) Debian Bug Tracking System (Jun 12)
Deb Mazurek
Re: CVE request : client-side file creation via XSLT in Webkit Deb Mazurek (May 09)
Djalal Harouni
Re: CVE request: crypt_blowfish 8-bit character mishandling Djalal Harouni (Jun 24)
Dmitry V. Levin
Re: Multiple libraries privilege checking Dmitry V. Levin (May 16)
Re: Closed list Dmitry V. Levin (Apr 04)
Re: Closed list Dmitry V. Levin (Apr 01)
Drew Yao
Re: Closed list Drew Yao (Apr 20)
Elliot Peele
Re: Closed list Elliot Peele (Apr 02)
Es gibt immer etwas zu tratschen
Re: Closed list Es gibt immer etwas zu tratschen (Apr 02)
Eugene Teo
CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set Eugene Teo (Apr 11)
Re: CVE request: kernel: validate size of EFI GUID partition entries Eugene Teo (May 10)
Re: CVE request: kernel: missing socket check in can/bcm release Eugene Teo (Apr 21)
CVE request: kernel: missing socket check in can/bcm release Eugene Teo (Apr 19)
Re: CVE request -- kernel: proc: signedness issue in next_pidmap() Eugene Teo (Apr 19)
Re: CVE request: kernel: missing socket check in can/bcm release Eugene Teo (Apr 20)
Re: Closed list Eugene Teo (Apr 04)
Re: CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions Eugene Teo (Jun 26)
CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Eugene Teo (Jun 19)
Re: CVE request: kernel: remote buffer overflow in bluetooth Eugene Teo (Jun 26)
CVE request: kernel: alpha: fix several security issues Eugene Teo (Jun 12)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Apr 17)
Re: CVE request: kernel: taskstats local DoS Eugene Teo (Jun 22)
Re: CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops Eugene Teo (Apr 12)
CVE request: kernel: validate size of EFI GUID partition entries Eugene Teo (May 08)
CVE request: kernel: hfs_find_init() sb->ext_tree NULL pointer dereference Eugene Teo (Jun 12)
CVE request: kernel: net: ip_expire() must revalidate route Eugene Teo (May 17)
CVE request: kernel: oom: use pte pages in OOM score Eugene Teo (Jun 27)
Re: CVE requests: Three Linux kernel issues Eugene Teo (Apr 11)
Re: CVE requests - kernel network vulns Eugene Teo (May 05)
Re: CVE request: kernel: inotify memory leak Eugene Teo (Apr 10)
Vouching system (was Re: [oss-security] Closed list) Eugene Teo (Apr 05)
CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function Eugene Teo (May 31)
Re: CVE request: kernel: missing socket check in can/bcm release Eugene Teo (Apr 20)
CVE request: kernel: set cred->user_ns in key_replace_session_keyring Eugene Teo (Jun 02)
CVE request - kernel: bonding: Incorrect TX queue offset Eugene Teo (Apr 12)
Re: CVE request: kernel: missing socket check in can/bcm release Eugene Teo (Apr 20)
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Eugene Teo (Jun 02)
Re: CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info Eugene Teo (Jun 23)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Eugene Teo (Jun 06)
CVE request: kernel: NLM: Don't hang forever on NLM unlock requests Eugene Teo (Jun 23)
Re: CVE request: mediawiki 1.16.3 Eugene Teo (Apr 12)
Re: CVE request: kernel: DCCP invalid options Eugene Teo (May 08)
CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace Eugene Teo (Jun 23)
Re: Closed list Eugene Teo (Apr 03)
Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Eugene Teo (Jun 28)
CVE request: kernel: ksm: race between ksmd and exiting task Eugene Teo (Jun 02)
Re: CVE request: kernel: taskstats/procfs io infoleak Eugene Teo (Jun 26)
Re: CVE request: Alpha kernel issues Eugene Teo (Jun 14)
Re: CVE request: kernel: two issues in mpt2sas Eugene Teo (Apr 06)
CVE-2011-1771 kernel: cifs oops when creating file with O_DIRECT set Eugene Teo (May 08)
Re: CVE requests: Three Linux kernel issues Eugene Teo (Apr 11)
CVE-2011-1479 (was Re: [oss-security] CVE request: kernel: inotify memory leak) Eugene Teo (Apr 10)
Felipe Pena
CVE request: PHP socket_connect() - stack buffer overflow Felipe Pena (May 23)
CVE Request: PHP File upload filename Felipe Pena (Jun 12)
Filip Palian
Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. Filip Palian (May 08)
Florian Weimer
Re: Multiple libraries privilege checking Florian Weimer (Jun 19)
Franck Paul
Re: CVE request: dotclear before 2.2.3 Franck Paul (Apr 14)
Gareth Randall
A new way of writing secure data backups, combining RAID and one time pads. Gareth Randall (Apr 05)
Greg KH
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Greg KH (Jun 06)
halfdog
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? halfdog (May 06)
Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? halfdog (May 05)
Hanno Böck
CVE request: dotclear before 2.2.3 Hanno Böck (Apr 13)
Hans Bolinder
Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Hans Bolinder (Apr 04)
Henri Salo
Re: Dovecot releases Henri Salo (May 19)
Dovecot releases Henri Salo (May 18)
CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat Henri Salo (Jun 02)
Re: CVE requests; issues fixed in MySQL 5.1.52 Henri Salo (May 19)
CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 20)
CVE-request: XSS in Webmin 1.540 Henri Salo (Jun 13)
Re: CVE request: Joomla unspecified information disclosure vulnerability Henri Salo (Jun 27)
Herman van Rink
Re: [Phpmyadmin-security] [oss-security] CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities Herman van Rink (Jun 28)
Hui Zhu
Re: Closed list Hui Zhu (Apr 27)
Huzaifa Sidhpurwala
Re: CVE request: kernel: oom: use pte pages in OOM score Huzaifa Sidhpurwala (Jun 27)
NetworkManager: did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks Huzaifa Sidhpurwala (Jun 22)
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Huzaifa Sidhpurwala (May 10)
Re: CVE request: kernel: ksm: race between ksmd and exiting task Huzaifa Sidhpurwala (Jun 05)
Re: CVE request: kernel: set cred->user_ns in key_replace_session_keyring Huzaifa Sidhpurwala (Jun 05)
CVE request: libmodplugin stack-buffer overflow Huzaifa Sidhpurwala (May 01)
Re: Closed list Huzaifa Sidhpurwala (Apr 03)
Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Huzaifa Sidhpurwala (May 31)
Re: CVE Request -- gnome-desktop3: Switching users dialog does not lock the screen for the original user account Huzaifa Sidhpurwala (May 02)
Wireshark 1.2.16 / 1.4.5 Huzaifa Sidhpurwala (Apr 18)
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Huzaifa Sidhpurwala (May 03)
Jakub Narebski
[CVE-2011-2186] [PATCH] gitweb: Enable $prevent_xss by default Jakub Narebski (Jun 14)
Re: [CVE-2011-2186] XSS security issue in gitweb for 'blob_plain' view with HTML files Jakub Narebski (Jun 14)
Re: XSS security issue in gitweb for 'blob_plain' view with HTML files Jakub Narebski (Jun 04)
Re: XSS security issue in gitweb for 'blob_plain' view with HTML files Jakub Narebski (Jun 03)
Jamie Cameron
Re: CVE-request: XSS in Webmin 1.540 Jamie Cameron (Jun 13)
Jamie Strandboge
Security issue in gitweb Jamie Strandboge (Jun 03)
Re: Closed list Jamie Strandboge (Apr 05)
Security issue in cherokee Jamie Strandboge (Jun 03)
CVE Request: incomplete fix for CVE-2010-1000 in KDE network Jamie Strandboge (Apr 15)
Jan Lieskovsky
CVE Request -- WebSVN -- execCommand() remote commands injection vulnerability Jan Lieskovsky (Jun 07)
CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate Jan Lieskovsky (Jun 03)
CVE Request -- fail2ban -- Use of insecure default temporary file when unbanning an IP (tmpfile = /tmp/fail2ban-mail.txt) Jan Lieskovsky (Apr 29)
CVE Request -- Zend Framework -- SQL injection when using PDO_MySql Jan Lieskovsky (May 23)
CVE Request -- OpenVAS Manager v2.0.3 Jan Lieskovsky (Apr 19)
Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities Jan Lieskovsky (Jun 28)
CVE Request -- pmake -- Use of insecure temporary file for 'depend' target Jan Lieskovsky (May 16)
CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used Jan Lieskovsky (Jun 12)
CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Jan Lieskovsky (Jun 02)
CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky (Jun 06)
CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jan Lieskovsky (Apr 29)
CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts Jan Lieskovsky (Jun 03)
CVE Request -- WordPress v3.1.2 Jan Lieskovsky (May 02)
CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw Jan Lieskovsky (Jun 08)
CVE Request -- libvoikko -- DoS of application linked against libvoikko due improper handling of embedded null characters in input strings Jan Lieskovsky (Jun 13)
Re: CVE request: pam_ssh not dropping root gid(s) Jan Lieskovsky (Jun 06)
CVE Request -- vte -- Excessive memory and CPU use by processing certain character sequences Jan Lieskovsky (Jun 09)
CVE Request -- atop: Symlink attacks via process accounting file Jan Lieskovsky (Apr 19)
Re: CVE Request -- Asterisk Security Vulnerability Jan Lieskovsky (Apr 22)
CVE Request -- dbus -- Local DoS via messages with non-native byte order Jan Lieskovsky (Jun 12)
CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism Jan Lieskovsky (Jun 28)
Re: CVE Request -- Asterisk Security Vulnerability Jan Lieskovsky (Apr 22)
Re: CVE Request -- dhcp: DoS (excessive CPU use) by opening an OMAPI connection Jan Lieskovsky (Apr 06)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky (Jun 06)
CVE Request -- Cherokee -- server admin vulnerable to csrf Jan Lieskovsky (Jun 02)
CVE Request -- phpMyAdmin -- PMASA-2011-3 & PMASA-2011-4 Jan Lieskovsky (May 23)
Re: Closed list Jan Lieskovsky (May 16)
Re: CVE Request -- atop: Symlink attacks via process accounting file Jan Lieskovsky (Apr 19)
CVE Request -- gnome-desktop3: Switching users dialog does not lock the screen for the original user account Jan Lieskovsky (Apr 19)
CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Jan Lieskovsky (May 17)
CVE Request -- perl -- lc(), uc() routines are laundering tainted data Jan Lieskovsky (Apr 01)
CVE-2011-2485 assignment notification -- gdk-pixbuf Jan Lieskovsky (Jun 24)
CVE Request -- xscreensaver -- exits when activated Jan Lieskovsky (Jun 03)
CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Jan Lieskovsky (Jun 06)
CVE Request -- OpenOffice.org -- InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009) Jan Lieskovsky (Jun 01)
CVE Request -- dhcp: DoS (excessive CPU use) by opening an OMAPI connection Jan Lieskovsky (Apr 06)
Jason A. Donenfeld
Re: RE: [security-vendor] [oss-security] Closed list Jason A. Donenfeld (Apr 21)
Javier Bassi
CVE Request: Webmin Local Privilege Escalation Vulnerability Javier Bassi (May 21)
Re: CVE-request: XSS in Webmin 1.540 Javier Bassi (Jun 13)
CVE Request: Post Revolution multiple security vulnerabilities Javier Bassi (May 24)
JcDenis
Re: CVE request: dotclear before 2.2.3 JcDenis (Apr 15)
Jeff Mitchell
Re: Closed list Jeff Mitchell (Apr 26)
Re: Closed list Jeff Mitchell (Apr 30)
Re: Closed list Jeff Mitchell (Apr 30)
Jeffrey Czerniak
Re: Closed list Jeffrey Czerniak (Apr 04)
Re: Closed list Jeffrey Czerniak (Apr 04)
Jeremy Stanley
Re: Closed list Jeremy Stanley (Apr 06)
Joey Schulze
CVE id request: mahara / HTML Purifier Joey Schulze (Apr 13)
Josh Bressers
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Josh Bressers (Jun 08)
Re: CVE Request: Ruby on Rails 3/rails_xss XSS Josh Bressers (Jun 13)
Re: CVE request: kernel: validate size of EFI GUID partition entries Josh Bressers (May 09)
Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page Josh Bressers (May 31)
Re: CVE request: Mojolicious directory traversal vulnerability Josh Bressers (Apr 18)
Re: Closed list Josh Bressers (Apr 03)
Re: CVE Request: cifs session reuse Josh Bressers (Apr 15)
Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap Josh Bressers (May 19)
Re: CVE Request: nfs-utils Josh Bressers (Jun 28)
Re: CVE request: kernel: NLM: Don't hang forever on NLM unlock requests Josh Bressers (Jun 23)
Re: CVE request: NetworkManager-openvpn logs cert password Josh Bressers (May 31)
Re: CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578 Josh Bressers (Apr 18)
Re: CVE request: libmodplugin stack-buffer overflow Josh Bressers (May 02)
Re: Security issue in cherokee Josh Bressers (Jun 06)
Re: CVE id request: mahara / HTML Purifier Josh Bressers (Apr 18)
Re: CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests Josh Bressers (Apr 25)
Re: CVE request: movabletype-opensource Josh Bressers (May 31)
Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Josh Bressers (May 02)
Re: CVE requests : Liferay 6.0.6 Josh Bressers (Apr 08)
Re: Closed list Josh Bressers (Apr 05)
Re: CVE Request: PHP File upload filename Josh Bressers (Jun 13)
Re: CVE Request -- OpenOffice.org -- InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009) Josh Bressers (Jun 02)
Re: CVE request: tigervnc Josh Bressers (May 09)
libtiff CVE assignments Josh Bressers (Apr 12)
Re: CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities Josh Bressers (Jun 29)
Re: Closed list Josh Bressers (Apr 05)
Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used Josh Bressers (Jun 13)
Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Josh Bressers (May 31)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Josh Bressers (Jun 06)
Re: CVE request -- virt-v2v: vnc password protection is missing after vm conversion Josh Bressers (May 09)
Re: CVE request: polarssl Josh Bressers (May 17)
Re: CVE request : client-side file creation via XSLT in Webkit Josh Bressers (May 09)
Re: CVE request: mediawiki 1.16.3 Josh Bressers (Apr 13)
Re: CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Josh Bressers (Jun 28)
Re: CVE Request -- DokuWiki -- XSS in DokuWiki's RSS embedding mechanism Josh Bressers (Jun 29)
Re: CVE request: kernel: multiple issues in ROSE Josh Bressers (Apr 04)
Re: CVE request for pithos information disclosure Josh Bressers (Apr 08)
Re: Wireshark 1.2.16 / 1.4.5 Josh Bressers (Apr 18)
Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat Josh Bressers (Jun 02)
Re: CVE request: kernel: multiple issues in ROSE Josh Bressers (Apr 04)
nspluginwrapper CVE id Josh Bressers (Jun 28)
Re: CVE request - kernel: bonding: Incorrect TX queue offset Josh Bressers (Apr 13)
Re: Closed list Josh Bressers (Apr 13)
Re: CVE Request -- OpenVAS Manager v2.0.3 Josh Bressers (Apr 20)
Re: CVE Request -- Coppermine Photo Gallery -- cpg1.4.27 / cpg1.5.12 -- XSS flaw Josh Bressers (Jun 08)
Re: pure-ftpd STARTTLS command injection / new CVE? Josh Bressers (Apr 11)
Re: CVE Request -- xscreensaver -- exits when activated Josh Bressers (Jun 06)
Re: Dovecot releases Josh Bressers (May 19)
Re: CVE Request: rsyslogd memory leaks Josh Bressers (Apr 04)
Re: CVE request: pam_ssh not dropping root gid(s) Josh Bressers (Jun 06)
Re: CVE request for Wireshark 1.4.5 TCP DoS issue Josh Bressers (Jun 01)
Re: CVE request: kernel (ARM): heap corruption in OABI semtimedop Josh Bressers (May 02)
Re: CVE request: kernel: alpha: fix several security issues Josh Bressers (Jun 15)
Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate Josh Bressers (Jun 06)
Re: CVE Request -- dbus -- Local DoS via messages with non-native byte order Josh Bressers (Jun 13)
Re: CVE Request: Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities Josh Bressers (Jun 29)
Re: CVE request: kernel: net: ip_expire() must revalidate route Josh Bressers (May 18)
Re: CVE request for libpng regression (CVE-2004-0421) Josh Bressers (Jun 28)
Re: CVE Request -- syslog-ng -- Possible DoS Josh Bressers (May 31)
Re: CVE Request: prosody DoS, djabberd external entity injection Josh Bressers (Jun 15)
Re: CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Josh Bressers (Jun 06)
Re: CVE for ruby on rails XSS fixes Josh Bressers (Apr 06)
Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities Josh Bressers (Jun 28)
Re: CVE request -- libvirt: regression introduced in disk probe logic Josh Bressers (Jun 02)
Re: Closed list Josh Bressers (Apr 25)
Re: CVE Request: viewvc DoS Josh Bressers (May 19)
Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network Josh Bressers (Apr 15)
Re: Closed list Josh Bressers (Apr 01)
Re: CVE re-request Josh Bressers (Apr 05)
Re: CVE request: libgnomesu privilege escalation Josh Bressers (May 31)
Re: CVE Request -- phpMyAdmin -- PMASA-2011-3 & PMASA-2011-4 Josh Bressers (May 24)
Re: CVE id request: tmux (debian specific) Josh Bressers (Apr 06)
Re: CVE id request: vlc Josh Bressers (Apr 13)
Re: CVE request: qemu-kvm: OOB memory access caused by negative vq notifies Josh Bressers (Jun 29)
Re: CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure Josh Bressers (Jun 20)
Re: CVE request: DoS in tor Josh Bressers (May 17)
Re: Re: [security-vendor] Re: [oss-security] Closed list Josh Bressers (May 02)
Re: CVE Request -- WordPress v3.1.2 Josh Bressers (May 02)
Re: CVE Request -- fail2ban -- Use of insecure default temporary file when unbanning an IP (tmpfile = /tmp/fail2ban-mail.txt) Josh Bressers (May 02)
Re: CVE Request -- libvoikko -- DoS of application linked against libvoikko due improper handling of embedded null characters in input strings Josh Bressers (Jun 13)
Re: CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Josh Bressers (Jun 01)
Re: CVE Request: exim STARTTLS fix Josh Bressers (May 24)
Re: Closed list Josh Bressers (May 02)
Re: CVE Request -- pmake -- Use of insecure temporary file for 'depend' target Josh Bressers (May 16)
Re: CVE request: nbd-server Josh Bressers (May 17)
Re: CVE request: vlc Josh Bressers (Jun 08)
Re: CVE Request -- vte -- Excessive memory and CPU use by processing certain character sequences Josh Bressers (Jun 13)
Re: [klibc] CVE request: klibc: ipconfig sh script with unescaped DHCP options Josh Bressers (May 19)
Re: CVE request: XSS in nagios Josh Bressers (Jun 02)
Re: CVE request: libvirt: integer overflow in VirDomainGetVcpus Josh Bressers (Jun 29)
Re: CVE request: kernel: inet_diag: fix inet_diag_bc_audit() Josh Bressers (Jun 20)
Re: CVE Request -- Zend Framework -- SQL injection when using PDO_MySql Josh Bressers (May 24)
Re: CVE request: dotclear before 2.2.3 Josh Bressers (Apr 15)
Re: CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic Josh Bressers (Jun 20)
Re: CVE request: roundcube < 0.5.1 CSRF Josh Bressers (Apr 04)
Re: CVE Request / Discussion -- dirmngr -- Improper dealing with blocking system calls, when verifying a certificate Josh Bressers (Jun 15)
Re: CVE request: keepalived pid file permissions issue Josh Bressers (May 16)
Re: Security issue in gitweb Josh Bressers (Jun 06)
Re: CVE request: libvirt: error reporting in libvirtd is not thread safe Josh Bressers (Apr 04)
Re: CVE request: kernel: missing socket check in can/bcm release Josh Bressers (Apr 20)
Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data Josh Bressers (Apr 04)
Re: CVE request: libarchive, multiple overflows Josh Bressers (May 09)
Re: CVE requests - kernel network vulns Josh Bressers (May 05)
Closed list Josh Bressers (Apr 01)
Re: CVE Request -- fabric -- Use of insecure temporary file by uploading templates and projects to remote hosts Josh Bressers (Jun 06)
Re: CVE request: CVE-2011-1089-like flaw in mount.nfs Josh Bressers (Apr 25)
Re: CVE request - kernel: sctp: fix to calc the INIT/INIT-ACK chunk length correctly to set Josh Bressers (Apr 11)
Re: CVE Request -- Cherokee -- server admin vulnerable to csrf Josh Bressers (Jun 06)
Re: CVE Request -- WebSVN -- execCommand() remote commands injection vulnerability Josh Bressers (Jun 08)
Re: CVE id request: gitolite Josh Bressers (Apr 11)
Re: CVE request: libxml vulnerability and interesting integer issues Josh Bressers (May 31)
Re: Re: CVE-request: XSS in Webmin 1.540 Josh Bressers (Jun 13)
Re: CVE requests: opie off by one and setuid() failure Josh Bressers (Jun 23)
Re: CVE Request: Webmin Local Privilege Escalation Vulnerability Josh Bressers (May 24)
Re: Closed list Josh Bressers (Apr 03)
Re: CVE request: kernel: missing socket check in can/bcm release Josh Bressers (Apr 25)
Re: CVE request: PHP socket_connect() - stack buffer overflow Josh Bressers (May 24)
Re: CVE request: kernel: hfs_find_init() sb->ext_tree NULL pointer dereference Josh Bressers (Jun 13)
Re: CVE requests : Liferay 6.0.6 Josh Bressers (Apr 11)
Re: Closed list Josh Bressers (Apr 14)
rdesktop CVE - CVE-2011-1595 Josh Bressers (Apr 20)
Re: CVE Request: Post Revolution multiple security vulnerabilities Josh Bressers (May 31)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Josh Bressers (Jun 21)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Josh Bressers (Jun 06)
Re: CVE request for Thunar (format string errors) Josh Bressers (Apr 18)
Re: CVE request: FreeBSD/NetBSD 802.11 kernel memory disclosure Josh Bressers (Jun 20)
Re: CVE request: crypt_blowfish 8-bit character mishandling Josh Bressers (Jun 21)
Re: CVE Request -- Cyrus-IMAP STARTTLS issue -- [was: Re: [oss-security] pure-ftpd STARTTLS command injection / new CVE?] Josh Bressers (May 17)
Re: CVE request for libmodplug Josh Bressers (Apr 11)
consolekit security flaw heads up Josh Bressers (Apr 07)
Re: Closed list Josh Bressers (Apr 11)
Re: CVE request: Joomla unspecified information disclosure vulnerability Josh Bressers (Jun 23)
Re: CVE request: buffer overflow in tftp-hpa Josh Bressers (Jun 13)
Re: CVE requests; issues fixed in MySQL 5.1.52 Josh Bressers (May 17)
Re: taskstats authorized_keys presence infoleak PoC Josh Bressers (Jun 21)
Re: CVE request: openssl timing attack Josh Bressers (May 31)
Re: CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges Josh Bressers (Apr 08)
Re: CVE request: mediawiki Josh Bressers (May 05)
Re: CVE request: Several Moodle issues Josh Bressers (May 18)
Re: CVE Request -- gnome-desktop3: Switching users dialog does not lock the screen for the original user account Josh Bressers (Apr 20)
Karel Zak
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Karel Zak (Jun 20)
Kees Cook
CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info Kees Cook (Jun 23)
Re: Closed list Kees Cook (Apr 01)
klondike
Re: Closed list klondike (Apr 02)
Re: Closed list klondike (Apr 04)
Re: A new way of writing secure data backups, combining RAID and one time pads. klondike (Apr 05)
ksha
Re: Closed list ksha (Apr 04)
Kurt Seifried
Re: CVE request: mediawiki 1.16.3 Kurt Seifried (Apr 12)
CVE request: mediawiki Kurt Seifried (May 04)
CVE request for Wireshark 1.4.6/1.2.16 Multiple DoS issues Kurt Seifried (May 31)
CVE request for Wireshark 1.4.5 TCP DoS issue Kurt Seifried (May 31)
CVE request for SAP issues Kurt Seifried (Apr 13)
Re: CVE request for SAP issues Kurt Seifried (Apr 13)
Linus Torvalds
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 29)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 28)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Linus Torvalds (Jun 26)
Ludwig Nussel
Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap Ludwig Nussel (May 19)
CVE Request: cifs session reuse Ludwig Nussel (Apr 15)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 09)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 21)
Re: Closed list Ludwig Nussel (Apr 04)
Re: Re: XSS security issue in gitweb for 'blob_plain' view with HTML files Ludwig Nussel (Jun 14)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 22)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 28)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 27)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Apr 01)
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Ludwig Nussel (Jun 15)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Ludwig Nussel (Jun 10)
Re: [CVE-2011-2186] XSS security issue in gitweb for 'blob_plain' view with HTML files Ludwig Nussel (Jun 14)
CVE Request: nfs-utils Ludwig Nussel (Jun 27)
CVE Request: viewvc DoS Ludwig Nussel (May 19)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 22)
CVE Request: Ruby on Rails 3/rails_xss XSS Ludwig Nussel (Jun 09)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jun 21)
Re: Dovecot releases Ludwig Nussel (May 19)
Luka Marinko
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Luka Marinko (Jun 15)
Luke Faraone
CVE request for pithos information disclosure Luke Faraone (Apr 08)
Mango
CVE Request: phpMyAdmin 3.4 Multiple Vulnerabilities Mango (Jun 27)
Marc Deslauriers
Re: Closed list Marc Deslauriers (Apr 01)
CVE request: vlc Marc Deslauriers (Jun 07)
Re: Closed list Marc Deslauriers (Apr 04)
Marcus Meissner
Re: Closed list Marcus Meissner (Apr 04)
Re: Closed list Marcus Meissner (Apr 01)
Re: Closed list Marcus Meissner (Apr 04)
CVE Request: exim STARTTLS fix Marcus Meissner (May 20)
Re: CVE Request: exim STARTTLS fix Marcus Meissner (May 24)
Moonlight release 2.4.1 with security fixes Marcus Meissner (Apr 06)
Mark Hatle
Re: [security-vendor] Re: [oss-security] Closed list Mark Hatle (May 02)
Re: [security-vendor] Re: [oss-security] Closed list Mark Hatle (May 02)
Mark J Cox
Re: Closed list Mark J Cox (Apr 04)
Re: Closed list Mark J Cox (Apr 03)
Re: Apache HttpClient CVE request [VU#153049] Mark J Cox (Apr 08)
Re: Closed list Mark J Cox (May 03)
Mark Stosberg
Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used Mark Stosberg (Jun 13)
Matthew Nicholson
Re: CVE Request -- Asterisk Security Vulnerability Matthew Nicholson (Apr 22)
CVE Request -- Asterisk Security Vulnerability Matthew Nicholson (Apr 21)
Matthias Andree
fetchmail 6.3.20 release to fix CVE-2011-1947 (was: CVE request for fetchmail STARTTLS hang (Denial of Service)) Matthias Andree (Jun 06)
Re: Closed list Matthias Andree (Apr 05)
Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (May 31)
Re: Closed list Matthias Andree (Apr 05)
CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (May 30)
Re: CVE request for fetchmail STARTTLS hang (Denial of Service) Matthias Andree (Jun 01)
maximilian attems
[klibc] CVE request: klibc: ipconfig sh script with unescaped DHCP options maximilian attems (May 18)
Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options maximilian attems (May 18)
Meltem Parmaksız
Re: Re: Closed list Meltem Parmaksız (Apr 14)
Micah Gersten
Re: Closed list Micah Gersten (Apr 04)
Michael Gilbert
Re: Closed list Michael Gilbert (Apr 24)
Re: Closed list Michael Gilbert (Apr 06)
Re: Closed list Michael Gilbert (Apr 06)
Re: Closed list Michael Gilbert (Apr 03)
Re: Closed list Michael Gilbert (Apr 03)
Re: Closed list Michael Gilbert (Apr 12)
Re: CVE request: openssl timing attack Michael Gilbert (Jun 04)
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Michael Gilbert (Jun 06)
Re: Closed list Michael Gilbert (Apr 03)
Re: Closed list Michael Gilbert (Apr 03)
Re: Closed list Michael Gilbert (Apr 27)
Michael Matz
Re: CVE request: crypt_blowfish 8-bit character mishandling Michael Matz (Jun 28)
Re: CVE request: crypt_blowfish 8-bit character mishandling Michael Matz (Jun 27)
Michael Tokarev
Re: CVE Request: exim STARTTLS fix Michael Tokarev (May 24)
Mike O'Connor
Re: Closed list Mike O'Connor (Apr 01)
Re: Closed list Mike O'Connor (Apr 28)
Re: Closed list Mike O'Connor (Apr 13)
Re: Closed list Mike O'Connor (Apr 01)
Re: pure-ftpd STARTTLS command injection / new CVE? Mike O'Connor (Apr 11)
Re: Closed list Mike O'Connor (Apr 25)
Re: Closed list Mike O'Connor (Apr 05)
Re: Closed list Mike O'Connor (Apr 02)
Miklos Vajna
Re: Closed list Miklos Vajna (Apr 04)
Re: Closed list Miklos Vajna (May 27)
Re: Closed list Miklos Vajna (Apr 03)
Milan Berger
Re: Closed list Milan Berger (Apr 06)
Moritz Muehlenhoff
Re: Closed list Moritz Muehlenhoff (Apr 02)
Re: CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap Moritz Muehlenhoff (May 21)
CVE requests: ffmpeg/widelands/jifty::db/lilo/libpcap Moritz Muehlenhoff (May 18)
Re: Closed list Moritz Muehlenhoff (Apr 11)
CVE request: Alpha kernel issues Moritz Muehlenhoff (Jun 13)
CVE requests: Three Linux kernel issues Moritz Muehlenhoff (Apr 11)
CVE request: Mojolicious Moritz Muehlenhoff (Apr 18)
CVE request: Several Moodle issues Moritz Muehlenhoff (May 18)
Moritz Mühlenhoff
Re: CVE request: Several Moodle issues Moritz Mühlenhoff (Jun 16)
Murray McAllister
Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace Murray McAllister (Jun 23)
Nico Golde
CVE id request: tmux (debian specific) Nico Golde (Apr 05)
CVE id request: gitolite Nico Golde (Apr 09)
CVE id request: vlc Nico Golde (Apr 11)
Re: Closed list Nico Golde (Apr 04)
Re: Closed list Nico Golde (Apr 04)
Nicolas François
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Nicolas François (Jun 15)
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Nicolas François (Jun 15)
Nicolas Grégoire
Re: CVE requests : Liferay 6.0.6 Nicolas Grégoire (Apr 06)
Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 23)
Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 11)
CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 09)
Re: CVE request : client-side file creation via XSLT in Webkit Nicolas Grégoire (May 17)
Oden Eriksson
Re: Closed list Oden Eriksson (Apr 03)
Ondrej Vasik
Re: /bin/su (was: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl) Ondrej Vasik (Jun 15)
Onur Küçük
Re: Closed list Onur Küçük (Apr 12)
Oracle Security Alerts
Re: Closed list Oracle Security Alerts (May 17)
Re: Closed list Oracle Security Alerts (Apr 26)
Patrick J. Volkerding
Re: Closed list Patrick J. Volkerding (Apr 14)
Re: Closed list Patrick J. Volkerding (Apr 01)
Re: Closed list Patrick J. Volkerding (Apr 03)
Petr Matousek
CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Petr Matousek (Jun 30)
Re: Closed list Petr Matousek (Apr 12)
Re: CVE request: kernel: buffer overflow and DoS issues in agp Petr Matousek (Apr 22)
CVE request -- kernel: proc: signedness issue in next_pidmap() Petr Matousek (Apr 19)
CVE request: libvirt: integer overflow in VirDomainGetVcpus Petr Matousek (Jun 28)
CVE request -- qemu-kvm: virtio-blk: heap buffer overflow caused by unaligned requests Petr Matousek (Apr 22)
CVE request: libvirt: error reporting in libvirtd is not thread safe Petr Matousek (Apr 04)
Re: CVE request: kernel: buffer overflow and DoS issues in agp Petr Matousek (Apr 22)
CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic Petr Matousek (Jun 20)
CVE-2011-1751 qemu: acpi_piix4: missing hotplug check during device removal Petr Matousek (May 19)
CVE request: qemu-kvm: OOB memory access caused by negative vq notifies Petr Matousek (Jun 28)
CVE request -- libvirt: regression introduced in disk probe logic Petr Matousek (Jun 01)
CVE request: kernel: mm: avoid wrapping vm_pgoff in mremap() and stack expansions Petr Matousek (Jun 24)
CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP Petr Matousek (Jun 06)
CVE request -- virt-v2v: vnc password protection is missing after vm conversion Petr Matousek (May 06)
phocean
Re: Closed list phocean (Apr 04)
Reed Loden
Re: Closed list Reed Loden (Apr 01)
Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page Reed Loden (May 31)
Re: CVE request: firefox doesn't (re)validate certificates when loading HTTPS page Reed Loden (May 31)
Ronald van den Blink
Re: Closed list Ronald van den Blink (Apr 13)
Re: Closed list Ronald van den Blink (Apr 13)
R P Herrold
Closed list R P Herrold (Apr 04)
Closed list R P Herrold (Apr 02)
Sebastian Krahmer
CVE re-request Sebastian Krahmer (Apr 05)
Multiple libraries privilege checking Sebastian Krahmer (May 16)
Re: CVE request: kernel: validate size of EFI GUID partition entries Sebastian Krahmer (May 10)
CVE for ruby on rails XSS fixes Sebastian Krahmer (Apr 06)
Re: CVE request: kernel: validate size of EFI GUID partition entries Sebastian Krahmer (May 10)
my key Sebastian Krahmer (Apr 04)
Re: CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 07)
CVE request: libgnomesu privilege escalation Sebastian Krahmer (May 30)
CVE request: pam_ssh not dropping root gid(s) Sebastian Krahmer (Jun 06)
CVE requests: opie off by one and setuid() failure Sebastian Krahmer (Jun 22)
Re: Multiple libraries privilege checking Sebastian Krahmer (May 22)
CVE request: multiple libraries getenv() misuse Sebastian Krahmer (May 31)
pure-ftpd STARTTLS command injection / new CVE? Sebastian Krahmer (Apr 11)
Re: Multiple libraries privilege checking Sebastian Krahmer (May 17)
Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 20)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 03)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 27)
Re: Closed list Solar Designer (May 02)
Re: Closed list Solar Designer (Apr 04)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 06)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 20)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 24)
Re: Closed list Solar Designer (Apr 24)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 12)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 12)
Re: Closed list Solar Designer (May 02)
Re: Closed list Solar Designer (Apr 06)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (May 02)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: CVE request for SAP issues Solar Designer (Apr 13)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
6-year FreeBSD-SA-05:02.sendfile exploit Solar Designer (Apr 01)
Re: Closed list Solar Designer (Apr 04)
Re: CVE request: openssl timing attack Solar Designer (Jun 01)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 04)
list archive Solar Designer (May 25)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 03)
Re: Multiple libraries privilege checking Solar Designer (May 16)
Re: Web of trust Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Multiple libraries privilege checking Solar Designer (May 18)
Re: Closed list Solar Designer (Apr 06)
Re: Closed list Solar Designer (Apr 04)
Re: Multiple libraries privilege checking Solar Designer (May 18)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 01)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 24)
Re: Closed list Solar Designer (Apr 30)
Re: Closed list Solar Designer (Apr 03)
Re: CVE request: openssl timing attack Solar Designer (Jun 04)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 30)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 24)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 27)
Re: Closed list Solar Designer (May 11)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 30)
Re: Closed list Solar Designer (May 16)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 29)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Jun 01)
Re: Closed list Solar Designer (Apr 30)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 03)
Re: Linux kernel proactive security hardening Solar Designer (Jun 03)
Re: Vouching system (was Re: [oss-security] Closed list) Solar Designer (Apr 05)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 23)
CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 19)
Re: Closed list Solar Designer (Apr 01)
Re: Closed list Solar Designer (Apr 04)
Re: my key Solar Designer (Apr 04)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
Re: Closed list Solar Designer (Jun 01)
Re: Closed list Solar Designer (May 02)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 24)
Re: Closed list Solar Designer (Apr 04)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 23)
Re: Closed list Solar Designer (Apr 05)
Re: Closed list Solar Designer (Apr 12)
Re: Closed list Solar Designer (Apr 04)
Re: Closed list Solar Designer (Apr 09)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 12)
Re: Closed list Solar Designer (Apr 24)
Re: Closed list Solar Designer (May 02)
Re: Closed list Solar Designer (Apr 03)
Re: Closed list Solar Designer (Apr 03)
Stefan Behte
Re: Closed list Stefan Behte (Apr 06)
Steffen Joeris
CVE request: movabletype-opensource Steffen Joeris (May 28)
Stephane Chauveau
Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Stephane Chauveau (May 03)
Steve Beattie
Re: Closed list Steve Beattie (Apr 01)
Steve Kemp
Re: Closed list Steve Kemp (Apr 03)
Re: Closed list Steve Kemp (Apr 03)
Steven M. Christey
Re: CVE id request: vlc Steven M. Christey (Apr 13)
Re: CVE request: kernel: multiple issues in ROSE Steven M. Christey (Apr 05)
Re: CVE request: kernel: multiple issues in ROSE Steven M. Christey (Apr 05)
Re: CVE request: kernel: multiple issues in ROSE Steven M. Christey (Apr 05)
Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
Re: CVE request : client-side file creation via XSLT in Webkit Steven M. Christey (May 09)
Re: CVE re-request Steven M. Christey (Apr 05)
Re: CVE request: Multiple security vulnerabilities in ARSC Really Simple Chat Steven M. Christey (Jun 07)
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? Steven M. Christey (May 05)
Re: pure-ftpd STARTTLS command injection / new CVE? Steven M. Christey (Apr 11)
Szalay Attila
CVE Request -- syslog-ng -- Possible DoS Szalay Attila (May 26)
Tavis Ormandy
BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload Tavis Ormandy (Apr 01)
The Fungi
Re: CVE request: crypt_blowfish 8-bit character mishandling The Fungi (Jun 20)
Re: CVE request: crypt_blowfish 8-bit character mishandling The Fungi (Jun 20)
Thijs Kinkhorst
CVE request: nbd-server Thijs Kinkhorst (May 17)
Re: Closed list Thijs Kinkhorst (Apr 02)
Thomas Biege
CVE request: openssl timing attack Thomas Biege (May 31)
CVE request: firefox doesn't (re)validate certificates when loading HTTPS page Thomas Biege (May 31)
CVE request: NetworkManager-openvpn logs cert password Thomas Biege (May 31)
CVE request: libxml vulnerability and interesting integer issues Thomas Biege (May 31)
Re: Closed list Thomas Biege (Apr 05)
Re: CVE request: pam_ssh not dropping root gid(s) Thomas Biege (Jun 06)
Re: Closed list Thomas Biege (Apr 05)
CVE request: libarchive, multiple overflows Thomas Biege (May 06)
Timo Warns
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Jun 05)
CVE request: buffer overflow in tftp-hpa Timo Warns (Jun 11)
CVE Request: kernel: fs/partitions: Corrupted GUID partition tables can cause kernel oops Timo Warns (Apr 12)
Re: CVE request: kernel: validate size of EFI GUID partition entries Timo Warns (May 10)
Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Apr 12)
Tim Zingelman
Re: Closed list Tim Zingelman (Apr 05)
Todd C. Miller
Re: CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI ioctl Todd C. Miller (Jun 22)
Tomas Hoger
systemtap divide-by-zero issues (CVE-2011-1769, CVE-2011-1781) Tomas Hoger (May 20)
Re: Closed list Tomas Hoger (May 17)
Re: Closed list Tomas Hoger (May 17)
Re: Closed list Tomas Hoger (Apr 14)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Apr 27)
Re: Closed list Tomas Hoger (Apr 04)
Re: Closed list Tomas Hoger (Apr 14)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Apr 27)
Re: Closed list Tomas Hoger (Apr 05)
Re: Local memory disclosure (was: libpurple CVE UnRequest) Tomas Hoger (Apr 04)
Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Apr 27)
Re: list archive Tomas Hoger (Jun 16)
Re: Closed list Tomas Hoger (Jun 16)
Re: Closed list Tomas Hoger (Jun 16)
Re: RE: [security-vendor] [oss-security] Closed list Tomas Hoger (Apr 14)
Re: CVE request for Thunar (format string errors) Tomas Hoger (Apr 15)
Vasiliy Kulikov
CVE request: kernel: taskstats local DoS Vasiliy Kulikov (Jun 22)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov (Jun 25)
CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 21)
taskstats authorized_keys presence infoleak PoC Vasiliy Kulikov (Jun 21)
Re: CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 22)
Re: CVE request: kernel: buffer overflow and DoS issues in agp Vasiliy Kulikov (Apr 22)
Re: CVE requests: Three Linux kernel issues Vasiliy Kulikov (Apr 12)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
Re: CVE requests: opie off by one and setuid() failure Vasiliy Kulikov (Jun 22)
Re: CVE request: kernel: taskstats local DoS Vasiliy Kulikov (Jun 30)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Apr 15)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
Re: taskstats authorized_keys presence infoleak PoC Vasiliy Kulikov (Jun 21)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
Re: [Security] CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 29)
CVE request: kernel: taskstats/procfs io infoleak (was: taskstats authorized_keys presence infoleak PoC) Vasiliy Kulikov (Jun 24)
Vincent Danen
Re: Closed list Vincent Danen (Apr 05)
Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
CVE request: DoS in apr due to CVE-2011-0419 fix Vincent Danen (May 19)
CVE requests; issues fixed in MySQL 5.1.52 Vincent Danen (May 16)
Re: Possible security fixes in 5.05? Vincent Danen (Apr 07)
Re: Closed list Vincent Danen (Apr 26)
Re: Possible security fixes in 5.05? Vincent Danen (Apr 07)
CVE request: polarssl Vincent Danen (May 16)
Re: CVE request: nbd-server Vincent Danen (May 17)
Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
Re: Closed list Vincent Danen (Apr 05)
Re: Closed list Vincent Danen (Apr 05)
Re: CVE request: DoS in apr due to CVE-2011-0419 fix Vincent Danen (May 19)
vulnerability in sssd 1.5.0+ (CVE-2011-1758) Vincent Danen (Apr 29)
Re: Closed list Vincent Danen (Apr 13)
CVE request: tigervnc Vincent Danen (May 06)
CVE request: mediawiki 1.16.4, incomplete fix of CVE-2011-1578 Vincent Danen (Apr 14)
CVE request: XSS in nagios Vincent Danen (Jun 01)
Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
CVE request: CVE-2011-1089-like flaw in mount.nfs Vincent Danen (Apr 21)
CVE request for libpng regression (CVE-2004-0421) Vincent Danen (Jun 27)
Re: CVE request: nbd-server Vincent Danen (May 17)
CVE request for libmodplug Vincent Danen (Apr 11)
CVE request: mediawiki 1.16.3 Vincent Danen (Apr 12)
Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
CVE request: Mojolicious directory traversal vulnerability Vincent Danen (Apr 16)
CVE request: tinyproxy runs as an open proxy when attempting to restrict allowable IP ranges Vincent Danen (Apr 07)
CVE request: DoS in tor Vincent Danen (May 16)
CVE request: openssh Vincent Danen (May 03)
William Cohen
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (May 10)
Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (May 01)
Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (May 01)
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (May 10)
Wouter Coekaerts
CVE Request: prosody DoS, djabberd external entity injection Wouter Coekaerts (Jun 14)
Wouter Verhelst
Re: CVE request: nbd-server Wouter Verhelst (May 17)
yersinia
Re: Multiple libraries privilege checking yersinia (May 18)
YGN Ethical Hacker Group
CVE Request: Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group (Jun 27)
CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jun 27)
Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 30)
Re: CVE request: Joomla unspecified information disclosure vulnerability YGN Ethical Hacker Group (Jun 27)
Yves-Alexis Perez
Re: A new way of writing secure data backups, combining RAID and one time pads. Yves-Alexis Perez (Apr 05)
Re: Closed list Yves-Alexis Perez (Apr 04)
Re: Web of trust Yves-Alexis Perez (Apr 04)
CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
CVE request: keepalived pid file permissions issue Yves-Alexis Perez (May 10)
Re: CVE request for Thunar (format string errors) Yves-Alexis Perez (Apr 15)
zardoz
Re: Closed list zardoz (Apr 01)
Zhao, Zhenfeng
RE: [security-vendor] [oss-security] Closed list Zhao, Zhenfeng (Apr 12)
[security-vendor] Re: [oss-security] Closed list Zhao, Zhenfeng (Apr 14)
[security-vendor] Re: [oss-security] Closed list Zhao, Zhenfeng (May 11)
[security-vendor] Re: [oss-security] Closed list Zhao, Zhenfeng (Apr 15)