oss-sec: by date
550 messages
starting Jul 01 11 and
ending Sep 30 11
Date index |
Thread index |
Author index
Friday, 01 July
Please reject CVE-2011-0705 Huzaifa Sidhpurwala
CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Petr Matousek
Re: CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Eugene Teo
Re: CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Eugene Teo
php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger
Re: php ZipArchive::addGlob() crashes on invalid flags Maksymilian Arciemowicz
Re: Re: php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger
Re: Closed list Oracle Security Alerts
Sunday, 03 July
vsftpd download backdoored Solar Designer
Re: CVE request: openssl timing attack Solar Designer
Monday, 04 July
Re: CVE request: openssl timing attack Tomas Hoger
Re: CVE requests; issues fixed in MySQL 5.1.52 Ludwig Nussel
Re: vsftpd download backdoored Moritz Muehlenhoff
Re: vsftpd download backdoored Solar Designer
Re: Closed list Tomas Hoger
CVE request: plone privilege escalation flaw Vincent Danen
FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer
Re: vsftpd download backdoored Eugene Teo
Re: vsftpd download backdoored Solar Designer
Re: vsftpd download backdoored HD Moore
Re: vsftpd download backdoored Solar Designer
Re: vsftpd download backdoored HD Moore
Re: vsftpd download backdoored Solar Designer
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival
Re: vsftpd download backdoored Solar Designer
Re: vsftpd download backdoored Solar Designer
Re: vsftpd download backdoored HD Moore
R: Re: [oss-security] vsftpd download backdoored pinto.elia () gmail com
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer
Tuesday, 05 July
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer
Re: vsftpd download backdoored Matthias Andree
The Bind incident Eugene Teo
Re: The Bind incident Eugene Teo
Re: vsftpd download backdoored Eugene Teo
Re: vsftpd download backdoored Solar Designer
Re: The Bind incident Solar Designer
CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Eugene Teo
Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Huzaifa Sidhpurwala
Re: CVE request: openssl timing attack Solar Designer
Wednesday, 06 July
Re: The Bind incident Mike O'Connor
Re: CVE request: openssl timing attack Tomas Hoger
Security issue in reseed Jamie Strandboge
CVE Request: reseed Jamie Strandboge
CVE Request: foo2zjs Marc Deslauriers
Re: The Bind incident Florian Weimer
Re: The Bind incident Barry Greene
libreoffice/openoffice.org CVE id request Nico Golde
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl
Re: vsftpd download backdoored Chris Evans
Thursday, 07 July
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
CVE-2011-1780, CVE-2011-1936, kernel/xen issues Eugene Teo
Re: The Bind incident Eugene Teo
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jamie Strandboge
oCERT name change due to trademark claims Andrea Barisani
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Friday, 08 July
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
SSL renegotiation DoS CVE-2011-1473 Tomas Hoger
Saturday, 09 July
Re: CVE request: openssl timing attack Solar Designer
Monday, 11 July
CVE Request: ruby PRNG fixes Ludwig Nussel
CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: vsftpd download backdoored Josh Bressers
CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() Eugene Teo
Tuesday, 12 July
Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
[Announcement] ClubHack Magazine Issue 18-July2011 Released Abhijeet Patil
CVE Request: qemu -runas does not clear supplementary groups Michael Tokarev
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Mike O'Connor
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Josh Bressers
Re: CVE requests; issues fixed in MySQL 5.1.52 Josh Bressers
Re: CVE request: plone privilege escalation flaw Josh Bressers
CVE id request: apache mod-auth-external Nico Golde
Re: CVE Request: reseed Josh Bressers
Re: CVE Request: foo2zjs Josh Bressers
Re: libreoffice/openoffice.org CVE id request Josh Bressers
Re: CVE Request: ruby PRNG fixes Josh Bressers
Re: CVE Request: qemu -runas does not clear supplementary groups Vincent Danen
Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers
Re: CVE id request: apache mod-auth-external Josh Bressers
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen
CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize Eugene Teo
Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala
Wednesday, 13 July
CVE Request: hplip/foomatic-filters Sebastian Krahmer
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
[oCERT-2011-001] Chyrp input sanitization errors Andrea Barisani
Re: [oCERT-2011-001] Chyrp input sanitization errors Steven M. Christey
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Steven M. Christey
CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky
Thursday, 14 July
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel
CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo
Friday, 15 July
CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe() Eugene Teo
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg
CVE-2011-1764 Exim: DKIM Format String Djalal Harouni
CVE request: vulnerability in FreeRADIUS (OCSP) dfncert
CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Petr Matousek
Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Josh Bressers
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen
Saturday, 16 July
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog
CVE request and info: freetype flaw to jailbreak iphone Vincent Danen
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Stefan Fritsch
Sunday, 17 July
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request and info: freetype flaw to jailbreak iphone Geoffrey Keating
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Huzaifa Sidhpurwala
Monday, 18 July
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert
Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Ludwig Nussel
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert
CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation Vincent Danen
CVE id request: (e)glibc Nico Golde
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Stefan Behte
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer
cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman
Tuesday, 19 July
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer
CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tomas Hoger
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman
*BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Solar Designer
CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Jan Lieskovsky
Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Even Rouault
Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Alan Boudreault
CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Jan Lieskovsky
Re: CVE Request: ruby PRNG fixes Huzaifa Sidhpurwala
Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala
Wednesday, 20 July
CVE request: kernel: ipv6: make fragment identifications less predictable Eugene Teo
CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Eugene Teo
Re: CVE request: kernel: ipv6: make fragment identifications less predictable Huzaifa Sidhpurwala
Re: CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Huzaifa Sidhpurwala
CVE request: sNews 1.7.1 XSS in reorder Henri Salo
CVE request: kernel: arbitrary kernel read in xtensa Dan Rosenberg
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Josh Bressers
Fwd: Joomla! Security News Henri Salo
Re: CVE requests; issues fixed in MySQL 5.1.52 Jan Lieskovsky
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Alan Boudreault
New IcedTea and IcedTea-Web releases Tomas Hoger
Re: CVE id request: (e)glibc Josh Bressers
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Josh Bressers
Re: CVE Request: ruby PRNG fixes Josh Bressers
Re: CVE request: sNews 1.7.1 XSS in reorder Josh Bressers
Re: CVE request: kernel: arbitrary kernel read in xtensa Josh Bressers
Re: Fwd: Joomla! Security News Josh Bressers
Thursday, 21 July
Re: *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Tim Zingelman
Re: Closed list Steve Kemp
CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Jan Lieskovsky
Re: Closed list Solar Designer
Re: *BSD security contacts Solar Designer
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor
Re: Closed list Steffen Joeris
CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Friday, 22 July
CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Josh Bressers
Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities Josh Bressers
Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers
Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer
Re: Closed list Solar Designer
Sunday, 24 July
CVE request: PyForum backdoor BMSA-2009-07 Henri Salo
Re: CVE request: silverstripe before 2.4.4 Henri Salo
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer
CVE request: Drupal Data-module multiple vulnerabilities Henri Salo
Squirrelmail CVE duplicates Moritz Muehlenhoff
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer
Monday, 25 July
CVE request - dhcp clients Tomas Hoger
CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Jan Lieskovsky
Re: Squirrelmail CVE duplicates Jan Lieskovsky
Re: Squirrelmail CVE duplicates Moritz Mühlenhoff
CVE Request -- GLPI -- Properly blacklist some sensitive fields Jan Lieskovsky
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Vasiliy Kulikov
CVE Request: Ark path traversal Jeff Mitchell
CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell
CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson
Re: CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Tim Brown
two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Vincent Danen
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson
Tuesday, 26 July
CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Jan Lieskovsky
CVE request: hplip: insecure tmp file handling Matthias Weckbecker
Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg
Re: CVE request: PyForum backdoor BMSA-2009-07 Josh Bressers
Re: CVE request: Drupal Data-module multiple vulnerabilities Josh Bressers
Re: CVE request - dhcp clients Josh Bressers
Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Josh Bressers
Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields Josh Bressers
Re: CVE Request: Ark path traversal Josh Bressers
Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Josh Bressers
Re: CVE request: hplip: insecure tmp file handling Josh Bressers
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff
Re: CVE Request: Ark path traversal Jeff Mitchell
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? Solar Designer
iputils ping6 -s buffer overflow Solar Designer
CFP SecurityByte India Papers, Call For
Re: CFP SecurityByte India Solar Designer
Re: CVE request: multiple libraries getenv() misuse Solar Designer
Wednesday, 27 July
Re: CVE request - dhcp clients Tomas Hoger
Re: CVE request - dhcp clients Sebastian Krahmer
Re: CVE request - dhcp clients Tomas Hoger
Re: CVE request - dhcp clients Sebastian Krahmer
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Steven M. Christey
CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Vincent Danen
Thursday, 28 July
Re: CVE Request: hplip/foomatic-filters Tomas Hoger
Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Huzaifa Sidhpurwala
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell
Re: CVE request: gri < 2.12.18 insecure temp file generation Henri Salo
CVE-request Tribiq CMS path disclosure HTB22857 Henri Salo
libxml security fix from apple ... any information? Marcus Meissner
CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Jan Lieskovsky
Re: CVE request: gri < 2.12.18 insecure temp file generation Steven M. Christey
CVE-2011-2524: libsoup's SoupServer directory traversal flaw Vincent Danen
multiple flaws in minissdpd Kees Cook
CVE request: kernel: gro: Only reset frag0 when skb can be pulled Kees Cook
Re: CVE request: kernel: gro: Only reset frag0 when skb can be pulled Eugene Teo
Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala
Re: libxml security fix from apple ... any information? Billy Rios
Friday, 29 July
Re: Re: libxml security fix from apple ... any information? Thomas Biege
Re: multiple flaws in minissdpd miniupnp
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Eugene Teo
Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky
CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue Jan Lieskovsky
Re: Closed list Tomas Hoger
Re: Closed list Solar Designer
CVE mistake in libsoup release notes Vincent Danen
Re: CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Josh Bressers
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Josh Bressers
Re: CVE-request Tribiq CMS path disclosure HTB22857 Josh Bressers
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers
Saturday, 30 July
CVE Request: Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
CFP open for ClubHack2011 Abhijeet Patil
Re: CFP open for ClubHack2011 Solar Designer
Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak
Re: libxml security fix from apple ... any information? Solar Designer
Sunday, 31 July
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell
Monday, 01 August
Re: CFP open for ClubHack2011 Thomas Biege
Re: CVE Request: hplip/foomatic-filters Tomas Hoger
Tuesday, 02 August
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Huzaifa Sidhpurwala
CVE request: GIF loader buffer overflow when initializing decompression tables Thomas Biege
Wednesday, 03 August
CVE request: Linux kernel af_packet information leak Moritz Muehlenhoff
CVE Request: foomatic-gui Marc Deslauriers
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger
Re: CVE Request: foomatic-gui Tim Waugh
CVE id request: shttpd/mongoose/yassl embedded webserver Nico Golde
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer
Re: CVE request: Linux kernel af_packet information leak Josh Bressers
Re: CVE Request: foomatic-gui Josh Bressers
Re: CVE id request: shttpd/mongoose/yassl embedded webserver Josh Bressers
cve request: xpdf: insecure tempfile usage in zxpdf script Michael Gilbert
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert
CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo
Thursday, 04 August
CVE request: coppermine gallery < 1.4.26 Henri Salo
Re: CVE Request: foomatic-gui dave bl
Re: CVE Request: foomatic-gui Henri Salo
CVE-request: KaiBB security vulnerabilities without CVE-IDs Henri Salo
Re: CVE Request: foomatic-gui Tim Waugh
Re: libxml security fix from apple ... any information? Daniel Veillard
CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Henri Salo
CVE-request: pithos symlink vulnerability CWE-61 Henri Salo
Re: CVE Request: foomatic-gui Josh Bressers
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Mike O'Connor
Friday, 05 August
Re: CVE Request: foomatic-gui Tim Waugh
Re: CVE Request: foomatic-gui dave bl
Tuesday, 09 August
Re: CVE request: perf: may parse user-controlled config file Yves-Alexis Perez
CVE request: heap overflow in tcptrack < 1.4.2 Vincent Danen
CVE request: perf: may parse user-controlled config file dann frazier
Re: CVE request: perf: may parse user-controlled config file Steve Grubb
CVE request: zabbix XSS flaw Vincent Danen
Re: cve request: xpdf: insecure tempfile usage in zxpdf script Josh Bressers
Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers
Re: CVE request: zabbix XSS flaw Josh Bressers
Re: CVE request: perf: may parse user-controlled config file Josh Bressers
CVE requests: Two kernel issues Moritz Muehlenhoff
Re: CVE requests: Two kernel issues Eugene Teo
Re: CVE requests: Two kernel issues Dan Rosenberg
Re: CVE requests: Two kernel issues Eugene Teo
CVE request (and disclosure): ax25d missing setuid return code check Dan Rosenberg
Wednesday, 10 August
CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege
[oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco
Re: CVE request: perf: may parse user-controlled config file Steve Grubb
Re: [oCERT-2011-002] libavcodec insufficient boundary check Dan Rosenberg
Re: [oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco
Re: CVE requests: Two kernel issues Moritz Muehlenhoff
LZW decompression issues Tomas Hoger
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger
CVE-2011-2907: authentication bypass in torque Vincent Danen
Re: CVE request (and disclosure): ax25d missing setuid return code check Eren Türkay
Thursday, 11 August
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege
Re: CVE request: perf: may parse user-controlled config file dann frazier
Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried
Re: CVE request (and disclosure): ax25d missing setuid return code check Ralf Baechle
Re: CVE request (and disclosure): ax25d missing setuid return code check Jon Oberheide
CVE request: improper permissions on ~/.qtnx/*.nxml Vincent Danen
Re: CVE request (and disclosure): ax25d missing setuid return code check Solar Designer
CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection YGN Ethical Hacker Group
Re: CVE requests: Two kernel issues Eugene Teo
Re: CVE Request: foomatic-gui Huzaifa Sidhpurwala
Friday, 12 August
Re: CVE request (and disclosure): ax25d missing setuid return code check Josh Bressers
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers
Re: CVE request: improper permissions on ~/.qtnx/*.nxml Josh Bressers
Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection Josh Bressers
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Tomas Hoger
CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Marcus Meissner
Re: CVE requests: Two kernel issues Yves-Alexis Perez
Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand
Saturday, 13 August
CVE request: two vulnerabilities in ktsuss 1.4 and earlier John Lightsey
Sunday, 14 August
Re: CVE requests: Two kernel issues Eugene Teo
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Huzaifa Sidhpurwala
kernel: ext3/4: ext3/4_symlink lock oops Eugene Teo
Monday, 15 August
CVE request -- kernel: perf: fix software event overflow Petr Matousek
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Steven M. Christey
Re: CVE request -- kernel: perf: fix software event overflow Eugene Teo
Tuesday, 16 August
Re: CVE request: two vulnerabilities in ktsuss 1.4 and earlier Josh Bressers
Wednesday, 17 August
CVE request: ruby on rails flaws (4) Vincent Danen
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers
CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability YGN Ethical Hacker Group
CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities YGN Ethical Hacker Group
Thursday, 18 August
Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried
CVE request: roundcube XSS before 0.5.4 Hanno Böck
Start(up) API project security Sergey Chernyshev
CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities David Hicks
CVE request: heap overflow in perl while decoding Unicode string Vincent Danen
Friday, 19 August
CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Timo Warns
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger
CVE request: BusyBox unpack_Z_stream() buffer underflow Alex Legler
Re: CVE request: BusyBox unpack_Z_stream() buffer underflow Tomas Hoger
Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Eugene Teo
CVE request: stunnel 4.4x heap overflow flaw Vincent Danen
Re: CVE request: coppermine gallery < 1.4.26 Josh Bressers
Re: CVE-request: KaiBB security vulnerabilities without CVE-IDs Josh Bressers
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Josh Bressers
Re: CVE-request: pithos symlink vulnerability CWE-61 Josh Bressers
Re: CVE request: ruby on rails flaws (4) Josh Bressers
Re: CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability Josh Bressers
Re: CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers
Re: CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities Josh Bressers
Re: CVE request: roundcube XSS before 0.5.4 Josh Bressers
Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities Josh Bressers
Re: CVE request: heap overflow in perl while decoding Unicode string Josh Bressers
Re: CVE request: stunnel 4.4x heap overflow flaw Josh Bressers
Re: CVE request: ruby on rails flaws (4) Vincent Danen
Saturday, 20 August
CVE request: Pidgin crash Mark Doliner
Sunday, 21 August
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala
Monday, 22 August
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala
Re: CVE request: Pidgin crash Mark Doliner
Re: CVE request: Pidgin crash Mark Doliner
Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker
CVE request: libqt4: two memory issues Matthias Weckbecker
Re: CVE request: Pidgin crash Moritz Mühlenhoff
CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting YGN Ethical Hacker Group
CVE assignment php NULL pointer dereference - CVE-2011-3182 Josh Bressers
Re: CVE request: Pidgin crash Mark Doliner
Re: CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting Josh Bressers
Re: CVE request: Pidgin crash Josh Bressers
Re: CVE request: ruby on rails flaws (4) Josh Bressers
Re: CVE request: ruby on rails flaws (4) Josh Bressers
Tuesday, 23 August
CVE request: kernel: change in how tcp seq numbers are generated Eugene Teo
Re: CVE request: kernel: change in how tcp seq numbers are generated Petr Matousek
lxc + fscaps Sebastian Krahmer
CVE assignment - PHP salt flaw CVE-2011-3189 Josh Bressers
CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo
Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo
Wednesday, 24 August
CVE assignment Apache httpd multiple-range DoS ("Apache Killer") - CVE-2011-3192 Mark J Cox
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire
Re: CVE request: libqt4: two memory issues Tomas Hoger
Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() David Jorm
lightdm issues Sebastian Krahmer
Re: CVE request: libqt4: two memory issues Josh Bressers
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers
Re: CVE request: libqt4: two memory issues Tomas Hoger
Thursday, 25 August
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez
Friday, 26 August
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez
Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez
Re: lightdm issues Robert Ancell
CVE Assignment - evolution CVE-2011-3201 Josh Bressers
CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting YGN Ethical Hacker Group
CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution YGN Ethical Hacker Group
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer
Security issue in hammerhead Jamie Strandboge
Monday, 29 August
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez
CVE-request(?): squid: buffer overflow in Gopher reply parser Matthias Weckbecker
kernel: CVE-2011-2482/2519 Eugene Teo
Tuesday, 30 August
kernel: xen: CVE-2011-2901 Petr Matousek
Closed List John Haxby
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Vincent Danen
Re: CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting Josh Bressers
Re: CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution Josh Bressers
Re: Security issue in hammerhead Josh Bressers
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Josh Bressers
Re: Closed List Solar Designer
Re: Closed List John Haxby
Wednesday, 31 August
Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey
Thursday, 01 September
CVE request for bcfg2 (remote root) Jonathan Wiltshire
Monday, 05 September
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer
Tuesday, 06 September
Re: CVE request for bcfg2 (remote root) Josh Bressers
Re: CVE request for OpenTTD Josh Bressers
CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner
Wednesday, 07 September
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Petr Matousek
Re: Re: lightdm issues Yves-Alexis Perez
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner
CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan Lieskovsky
CVE id request: masqmail Nico Golde
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Henri Doreau
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown
Thursday, 08 September
CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Jan Lieskovsky
Re: CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Moritz Muehlenhoff
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Nico Golde
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Henri Salo
CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Jan Lieskovsky
CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Petr Matousek
CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler
Friday, 09 September
CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Jan Lieskovsky
Re: Re: lightdm issues Josh Bressers
Re: CVE id request: masqmail Josh Bressers
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Josh Bressers
Re: CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Josh Bressers
Re: CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Josh Bressers
Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers
Re: CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Josh Bressers
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Josh Bressers
Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan-Oliver Wagner
Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown
D-Link DCS-2121 Semicolon Vulnerability Eren Türkay
Sunday, 11 September
CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Jan Lieskovsky
Monday, 12 September
CVE Request: Multiple issues fixed in wireshark 1.6.2 Huzaifa Sidhpurwala
Tuesday, 13 September
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Thijs Kinkhorst
CVE Request: BackupPC 3.2.1 fixes cross site scripting Thijs Kinkhorst
CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Moritz Muehlenhoff
Re: CVE request: heap overflow in tcptrack < 1.4.2 Moritz Muehlenhoff
Wednesday, 14 September
CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Petr Matousek
Re: CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Eugene Teo
CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Petr Matousek
Re: D-Link DCS-2121 Semicolon Vulnerability Josh Bressers
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Josh Bressers
Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting Josh Bressers
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Josh Bressers
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Josh Bressers
unauthorized deletion of file in Tahoe-LAFS Zooko O'Whielacronx
Thursday, 15 September
CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Jan Lieskovsky
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Steven M. Christey
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws dave bl
Is there a maintainer for librsvg ? Nicolas Grégoire
Re: Is there a maintainer for librsvg ? Yves-Alexis Perez
Friday, 16 September
closed-list membership transition Kees Cook
Re: closed-list membership transition Yves-Alexis Perez
Re: closed-list membership transition Kees Cook
Re: closed-list membership transition Solar Designer
Sunday, 18 September
CVE request: PunBB multiple XSS issues Henri Salo
Monday, 19 September
Re: closed-list membership transition Ludwig Nussel
CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Hanno Böck
Re: closed-list membership transition Solar Designer
CVE Request? etherape remote crash (denial of service) Marcus Meissner
Wednesday, 21 September
Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov
Thursday, 22 September
Re: CVE Request? etherape remote crash (denial of service) Josh Bressers
Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Josh Bressers
Re: CVE request: PunBB multiple XSS issues Josh Bressers
CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Jan Lieskovsky
CVE Request -- apt Jamie Strandboge
Re: CVE Request -- apt Jamie Strandboge
CVE Request: Missing input sanitation in various X GLX calls Marcus Meissner
CVE Request: X.org ProcRenderGlyps input sanitation issue Marcus Meissner
Friday, 23 September
Re: CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Josh Bressers
Re: CVE Request -- apt Josh Bressers
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount akuster
Re: CVE Request: Missing input sanitation in various X GLX calls Josh Bressers
Re: CVE Request: X.org ProcRenderGlyps input sanitation issue Josh Bressers
Re: CVE Request: Missing input sanitation in various X GLX calls Vincent Danen
Saturday, 24 September
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo
CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen
CVE request: heap-based buffer overflow in ldns Vincent Danen
Sunday, 25 September
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
RE: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Zeev Suraski
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Rasmus Lerdorf
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Eugene Teo
CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
Monday, 26 September
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen
CVE requests: Typo3 Moritz Muehlenhoff
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Johannes Schlüter
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye
Tuesday, 27 September
CVE Request: samba, cifs-utils Marc Deslauriers
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Josh Bressers
rpm/librpm/rpm-python memory corruption pre-verification Tavis Ormandy
CVE Request: ffmpeg/libav Marc Deslauriers
Wednesday, 28 September
Re: rpm/librpm/rpm-python memory corruption pre-verification yersinia
Re: LZW decompression issues Solar Designer
Re: LZW decompression issues Solar Designer
Re: LZW decompression issues Colin Percival
Re: LZW decompression issues Tomas Hoger
Re: LZW decompression issues Tavis Ormandy
Re: LZW decompression issues Florian Weimer
Re: LZW decompression issues Solar Designer
Re: LZW decompression issues Solar Designer
Thursday, 29 September
Re: LZW decompression issues Tomas Hoger
Re: LZW decompression issues Tim Zingelman
Re: rpm/librpm/rpm-python memory corruption pre-verification nicolas vigier
Re: LZW decompression issues Joerg Sonnenberger
Re: LZW decompression issues Solar Designer
Re: LZW decompression issues Tavis Ormandy
CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Jan Lieskovsky
Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff
Friday, 30 September
Re: CVE request: heap-based buffer overflow in ldns Josh Bressers
Re: CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers
Re: CVE requests: Typo3 Josh Bressers
Re: CVE Request: samba, cifs-utils Josh Bressers
Re: CVE Request: ffmpeg/libav Josh Bressers
Re: CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Josh Bressers
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Josh Bressers
Re: CVE Request: ffmpeg/libav Marc Deslauriers