oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

815 messages starting Mar 16 12 and ending Mar 04 12
Date index | Thread index | Author index

Adam D. Barratt

Re: CVE Requests Adam D. Barratt (Mar 16)
Re: CVE request: XML::Atom Perl module Adam D. Barratt (Mar 04)

Agostino Sarubbo

CVE Request for spamdyke "STARTTLS" Plaintext Agostino Sarubbo (Jan 15)
CVE request: spamdyke buffer overflow vulnerability Agostino Sarubbo (Jan 20)
CVE request: TORQUE Munge Authentication Security Bypass Agostino Sarubbo (Jan 05)
Re: Subscribe to linux-distros Agostino Sarubbo (Feb 01)
CVE request: Wireshark multiple vulnerabilities Agostino Sarubbo (Jan 11)
CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Agostino Sarubbo (Jan 02)
CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Agostino Sarubbo (Feb 02)

akuster

Re: CVE Request -- kernel: futex: clear robust_list on execve akuster (Jan 05)

Alexander Pletnev

pdf attacks vectors Alexander Pletnev (Jan 19)
Re: pdf attacks vectors Alexander Pletnev (Jan 20)

Alex Legler

Re: Subscribe to linux-distros Alex Legler (Feb 01)

Alistair Crooks

Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 09)
Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 08)

Andreas Ericsson

Re: CVE Requests Andreas Ericsson (Mar 19)
Re: CVE Requests Andreas Ericsson (Mar 16)

Andres Gomez

Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 09)
Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 06)
TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Feb 18)

Andrew Alexeev

CVE Request: nginx fix for malformed HTTP responses from upstream servers Andrew Alexeev (Mar 15)

ArkanoiD

Re: Attack on badly configured Netfilter-based firewalls ArkanoiD (Mar 09)
Re: Attack on badly configured Netfilter-based firewalls ArkanoiD (Feb 27)

Berke Viktor

Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Berke Viktor (Feb 01)

Carsten Eiram

RE: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Carsten Eiram (Feb 01)

CERT(R) Coordination Center

Bugs in "file" program VU#621745 CERT(R) Coordination Center (Feb 20)

Chong Yidong

Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Chong Yidong (Jan 09)

Christian Boltz

Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 27)
Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)

Christian Hoffmann

Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Christian Hoffmann (Jan 26)

cve-assign

Re: CVE-2011-4858 confusion cve-assign (Jan 06)
Re: CVE request: XSS in wordpress 3.3 cve-assign (Jan 03)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
Re: CVE-2011-4858 confusion cve-assign (Jan 04)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)

Daniel Kahn Gillmor

CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Daniel Kahn Gillmor (Mar 15)

Daniel Suarez

RE: CVE request: surf Daniel Suarez (Feb 10)

Dan Rosenberg

Android CVE identifiers Dan Rosenberg (Mar 15)

David Black

CVE request for bitlebee David Black (Mar 19)

David Engster

Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability David Engster (Jan 11)

David Hicks

Re: CVE request: mantisbt before 1.2.9 David Hicks (Mar 06)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) David Hicks (Jan 05)

David Jorm

CVE request: Struts2 xsltResult local code execution flaw David Jorm (Mar 27)

David Malcolm

Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request David Malcolm (Feb 14)

Djalal Harouni

Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni (Feb 08)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni (Feb 09)

Dmitry Butskoy

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Dmitry Butskoy (Mar 06)

Eitan Adler

Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Eitan Adler (Jan 01)
Re: CVE-request: Webcalendar 1.2.4 location XSS Eitan Adler (Feb 11)
Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)

Emilien Girault

[vs] CVE-2012-1037 GLPI <= 0.80.61 LFI/RFI Emilien Girault (Feb 10)

Eric Leblond

Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Mar 09)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 28)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Mar 09)
Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 25)

Eugene Teo

CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo (Jan 09)
Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 22)
CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames Eugene Teo (Mar 04)
CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Eugene Teo (Jan 11)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 17)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Eugene Teo (Mar 20)
Re: CVE Requests Eugene Teo (Mar 18)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo (Jan 17)
CVE request: kernel: Unused iocbs in a batch should not be accounted as active Eugene Teo (Jan 17)
CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482 Eugene Teo (Mar 04)
CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets Eugene Teo (Mar 04)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 23)
Re: Attack on badly configured Netfilter-based firewalls Eugene Teo (Feb 26)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 20)

Filippo Cavallarin

Re: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Filippo Cavallarin (Feb 02)

Florian Weimer

Re: CVE request: notmuch Florian Weimer (Mar 04)
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
Re: CVE request: surf Florian Weimer (Feb 10)
Re: Malicious devices & vulnerabilties Florian Weimer (Jan 09)
CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
Re: CVE request: smokeping XSS Florian Weimer (Feb 27)
Re: Screen locking programs on Xorg 1.11 Florian Weimer (Jan 19)
Re: Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Florian Weimer (Mar 29)
Re: postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Florian Weimer (Mar 30)
CVE request: TYPO3-CORE-SA-2012-001 Florian Weimer (Mar 29)
CVE request: quake3 reflective DoS Florian Weimer (Mar 26)
CVE request: surf Florian Weimer (Feb 09)
Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
Re: Attack on badly configured Netfilter-based firewalls Florian Weimer (Feb 27)
Re: Bugs in "file" program VU#621745 Florian Weimer (Feb 29)

Gian Piero Carrubba

Re: Re: Yubiserver package ships with pre-filled identities Gian Piero Carrubba (Jan 30)

Greg KH

Re: CVE Request -- kernel: futex: clear robust_list on execve Greg KH (Jan 04)
Re: Malicious devices & vulnerabilties Greg KH (Jan 08)

Greg Knaddison

Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison (Mar 16)
Re: Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison (Mar 20)

Gu1

Screen locking programs on Xorg 1.11 Gu1 (Jan 18)
Re: Screen locking programs on Xorg 1.11 Gu1 (Jan 19)

Hadi Shiravi

New Intrusion Detection Evaluation Dataset Hadi Shiravi (Jan 08)

Hanno Böck

CVE request: mantisbt before 1.2.9 Hanno Böck (Mar 06)
CVE request: phppgadmin before 5.0.4 XSS Hanno Böck (Mar 28)
(maybe) CVE request: libvpx before 1.0 crasher Hanno Böck (Jan 28)
Re: CVE-request: WordPress 3.1.1 Hanno Böck (Jan 15)
CVE request: XSS in wordpress 3.3 Hanno Böck (Jan 03)
CVE request: egroupware before 1.8.002 various security issues Hanno Böck (Mar 28)
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Jan 06)
Re: CVE request: egroupware before 1.8.002 various security issues Hanno Böck (Mar 28)
Re: Malicious devices & vulnerabilties Hanno Böck (Jan 08)

Henri Salo

Re: CVE request: znc Henri Salo (Jan 09)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Henri Salo (Feb 20)
Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
Re: CVE-request: MyBB 1.6 <= SQL Injection Henri Salo (Mar 25)
Re: CVE request: piwik before 1.6 Henri Salo (Mar 18)
CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Henri Salo (Mar 09)
CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Henri Salo (Mar 27)
CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo (Mar 08)
CVE-request: WordPress 3.1.1 Henri Salo (Jan 15)
MediaWiki security and maintenance release 1.18.2 Henri Salo (Mar 22)
Re: CVE request: znc Henri Salo (Jan 09)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Mar 30)
Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo (Mar 07)
Re: CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo (Jan 01)
CVE-request: MyBB 1.6 <= SQL Injection Henri Salo (Mar 23)
Re: pdf attacks vectors Henri Salo (Jan 21)
Re: CVE id assignment dates Henri Salo (Jan 24)
CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo (Mar 05)
CVE-request: PHP Booking Calendar 10e XSS Henri Salo (Jan 03)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
Re: gpw password generator giving short password at low rate Henri Salo (Jan 17)
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
Case YVS Image Gallery Henri Salo (Feb 27)
Mibew messenger multiple XSS Henri Salo (Jan 31)
CVE-request: Ariadne 2.7.6 XSS Henri Salo (Mar 09)
Re: CVE request: maradns hash table collision cpu dos Henri Salo (Jan 03)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 02)
CVE-request: NGS00109 remote code execution in ImpressPages CMS Henri Salo (Jan 15)
CVE-request: e107 HTB23004 Henri Salo (Mar 27)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 03)
Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Henri Salo (Jan 19)
Re: Case YVS Image Gallery Henri Salo (Feb 27)
CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 11)
CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Mar 23)
Re: Re: pwgen: non-uniform distribution of passwords Henri Salo (Jan 17)
CVE-request: Joomla! Security News 2012-02-03 Henri Salo (Feb 03)
CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Henri Salo (Mar 05)
Joomla! Security News 2012-03-16 Henri Salo (Mar 16)
CVE-request: systemd local denial of login or local users can create arbitrary services Henri Salo (Mar 04)
CVE-request: ImpressPages CMS Unspecified Remote Code Execution Henri Salo (Mar 22)
Re: CVE-request: PHP Booking Calendar 10e XSS Henri Salo (Jan 03)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
CVE-request: Joomla core information disclosure 372-20111003 Henri Salo (Mar 28)
Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
CVE-request: Joomla! Security News 2012-03 Henri Salo (Mar 06)
CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Mar 30)
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Henri Salo (Mar 23)
CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo (Mar 07)
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 25)
CVE-request: Multiple e107 vulnerabilities Henri Salo (Jan 03)
Secunia looking for Linux Vulnerability Specialist Henri Salo (Jan 13)
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 25)
CVE-request: golismero symlink vulnerability Henri Salo (Jan 17)
Re: CVE-request: WordPress 3.1.1 Henri Salo (Jan 15)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
CVE-request: Joomla 20120305 / 20120306 Henri Salo (Mar 28)
CVE-request: Drupal Finder SA-CONTRIB-2012-017 Henri Salo (Mar 16)
imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Henri Salo (Feb 10)
CVE-request: phpMyFAQ index.php URI XSS Henri Salo (Mar 07)
CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Henri Salo (Mar 28)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
Re: CVE request: phppgadmin before 5.0.4 XSS Henri Salo (Mar 30)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 06)
CVE-request: WordPress plugin Adminimize XSS Henri Salo (Jan 05)

Huzaifa Sidhpurwala

Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 16)
libxml2: hash table collisions CPU usage DoS Huzaifa Sidhpurwala (Feb 21)
CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Huzaifa Sidhpurwala (Mar 28)
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Huzaifa Sidhpurwala (Mar 13)
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 12)
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 19)

Ian Campbell

Adding Xen.org contact to linux-distros security list Ian Campbell (Feb 03)
Re: Adding Xen.org contact to linux-distros security list Ian Campbell (Feb 05)

Ian Jackson

Xen Security Advisory 6 (CVE-2012-0029) - HVM e1000, buffer overflow Ian Jackson (Feb 02)

Ignacio Espinosa

Re: CVE affected for PHP 5.3.9 ? Ignacio Espinosa (Jan 14)

Ivan Nestlerode

Re: openssl security issue or not? (CVE Request?) Ivan Nestlerode (Mar 23)

Jakub Wilk

Re: CVE request: distutils creates ~/.pypirc insecurely Jakub Wilk (Mar 27)

Jamie Strandboge

Re: Request for linux-distros () vs openwall org membership Jamie Strandboge (Jan 19)

Jan Lieskovsky

CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Jan Lieskovsky (Mar 06)
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky (Jan 19)
Re: Bugs in "file" program VU#621745 Jan Lieskovsky (Mar 20)
Re: openssl security issue or not? (CVE Request?) Jan Lieskovsky (Mar 23)
CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky (Jan 20)
CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Jan Lieskovsky (Feb 27)
CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Jan Lieskovsky (Mar 16)
[Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session Jan Lieskovsky (Mar 16)
CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Jan Lieskovsky (Mar 09)
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky (Feb 14)
CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Jan Lieskovsky (Feb 23)
CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Jan Lieskovsky (Mar 02)
CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky (Jan 19)
CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky (Feb 13)
CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Jan Lieskovsky (Mar 26)
CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Jan Lieskovsky (Feb 28)
CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky (Mar 05)
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky (Jan 20)
CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Jan Lieskovsky (Feb 01)
CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Jan Lieskovsky (Jan 21)
CVE Request -- Multiple instances of insecure temporary file use Jan Lieskovsky (Feb 27)
CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Jan Lieskovsky (Mar 12)
CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Jan Lieskovsky (Mar 30)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky (Mar 12)

Jan-Wijbrand Kolman

Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan-Wijbrand Kolman (Jan 19)

Jason A. Donenfeld

Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Jason A. Donenfeld (Jan 22)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 08)
Re: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Jason A. Donenfeld (Feb 07)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 08)
Re: CVE request: init script x11-common creates directories in insecure manners Jason A. Donenfeld (Mar 01)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 08)

Jeff Law

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)

Joachim Fritschi

CVE Requests for phpCAS Joachim Fritschi (Mar 04)

John Johansen

Request for linux-distros () vs openwall org membership John Johansen (Jan 19)

Jonathan Wiltshire

Re: Yubiserver package ships with pre-filled identities Jonathan Wiltshire (Jan 30)

Josh Bressers

Re: running the distros lists Josh Bressers (Mar 19)
Closed list unsubscribe Josh Bressers (Jan 03)
Re: running the distros lists Josh Bressers (Mar 15)

Jussi Eronen

Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen (Mar 02)
Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen (Mar 20)

Kees Cook

Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kees Cook (Jan 18)

Kurt Seifried

Re: CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried (Mar 09)
Re: CVE Request -- kernel: futex: clear robust_list on execve Kurt Seifried (Jan 04)
Re: Joomla! Security News 2012-03-16 Kurt Seifried (Mar 19)
Re: CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Kurt Seifried (Mar 06)
Re: CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Kurt Seifried (Jan 21)
Potential security issues fixed in PHP 5.3.9 Kurt Seifried (Jan 19)
CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 26)
Re: CVE Requests Kurt Seifried (Mar 15)
Re: Re: Bugs in "file" program VU#621745 Kurt Seifried (Mar 20)
Re: CVE Requests for phpCAS Kurt Seifried (Mar 04)
Re: XSLT issue in MoinMoin Kurt Seifried (Jan 24)
Re: CVE request: ghostscript: system initialization file uncontrolled search path element Kurt Seifried (Jan 04)
Re: CVE requests: Suhosin extension / as31 Kurt Seifried (Jan 24)
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried (Jan 20)
Re: CVE request: surf Kurt Seifried (Feb 09)
Re: CVE request: apr - Hash DoS vulnerability Kurt Seifried (Feb 08)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Mar 09)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Kurt Seifried (Mar 05)
Re: MediaWiki security and maintenance release 1.18.2 Kurt Seifried (Mar 22)
Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017 Kurt Seifried (Mar 19)
Re: (maybe) CVE request: libvpx before 1.0 crasher Kurt Seifried (Jan 29)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 25)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
Re: Subscribe to linux-distros Kurt Seifried (Jan 27)
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
Re: CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Kurt Seifried (Feb 23)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Kurt Seifried (Jan 11)
Re: CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Kurt Seifried (Jan 06)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 05)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Kurt Seifried (Jan 21)
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 27)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 17)
Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried (Mar 28)
Re: Mibew messenger multiple XSS Kurt Seifried (Feb 01)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Feb 26)
Re: CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Kurt Seifried (Mar 23)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 04)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
Re: CVE request: Struts2 xsltResult local code execution flaw Kurt Seifried (Mar 28)
Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Kurt Seifried (Mar 09)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 15)
Re: Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Kurt Seifried (Mar 14)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 03)
Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Kurt Seifried (Mar 02)
Re: CVE request: smokeping XSS Kurt Seifried (Jan 20)
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried (Mar 06)
Re: XSLT issue in MoinMoin Kurt Seifried (Jan 26)
Re: CVE request: piwik before 1.6 Kurt Seifried (Mar 19)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 17)
CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried (Jan 09)
CVE for OpenBSD random() bug? Kurt Seifried (Mar 21)
Re: details about Tahoe-LAFS security problem #1654 Kurt Seifried (Jan 15)
Re: CVE request: XSS in wordpress 3.3 Kurt Seifried (Jan 03)
Re: Re: pwgen: non-uniform distribution of passwords Kurt Seifried (Jan 17)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 19)
Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers Kurt Seifried (Mar 15)
Re: CVE request: gnash integer overflow Kurt Seifried (Mar 14)
Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Kurt Seifried (Mar 20)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 13)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried (Mar 01)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: CVE-request: Webcalendar 1.2.4 location XSS Kurt Seifried (Feb 13)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 05)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried (Jan 10)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 06)
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Kurt Seifried (Jan 25)
Re: CVE Request -- Multiple instances of insecure temporary file use Kurt Seifried (Feb 27)
Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 08)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 26)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
Re: CVE-request: Multiple e107 vulnerabilities Kurt Seifried (Jan 03)
Re: CVE id assignment dates Kurt Seifried (Jan 23)
Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Kurt Seifried (Mar 28)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 28)
Re: CVE-request: Joomla! Security News 2012-02-03 Kurt Seifried (Feb 03)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 27)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)
Drupal CORE and Drupal Contrib Kurt Seifried (Mar 16)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Feb 14)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
CVEs for MediaWiki security and maintenance release 1.18.2 Kurt Seifried (Mar 23)
Re: CVE request: Two Pidgin crashes Kurt Seifried (Mar 14)
Re: CVE-request: WordPress plugin Adminimize XSS Kurt Seifried (Jan 05)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried (Mar 06)
Re: Case YVS Image Gallery Kurt Seifried (Feb 27)
Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Jan 18)
Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried (Mar 29)
Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Kurt Seifried (Mar 15)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 02)
Re: CVE-request: ImpressPages CMS Unspecified Remote Code Execution Kurt Seifried (Mar 23)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Jan 05)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried (Jan 10)
Re: CVE-request: Joomla 20120305 / 20120306 Kurt Seifried (Mar 28)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 27)
CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried (Jan 26)
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Kurt Seifried (Jan 11)
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Kurt Seifried (Mar 28)
Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Mar 05)
Re: CVE-request: phpMyFAQ index.php URI XSS Kurt Seifried (Mar 08)
CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried (Jan 19)
Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
Re: CVE request: notmuch Kurt Seifried (Mar 04)
Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Kurt Seifried (Mar 16)
Re: CVE request: TORQUE Munge Authentication Security Bypass Kurt Seifried (Jan 05)
Re: CVE-request: MyBB 1.6 <= SQL Injection Kurt Seifried (Mar 23)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Mar 02)
Re: CVE for OpenBSD random() bug? Kurt Seifried (Mar 23)
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Kurt Seifried (Mar 04)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 01)
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried (Mar 19)
Re: CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried (Feb 06)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Jan 20)
Re: CVE Request: ldm (LTSP display manager) Kurt Seifried (Mar 12)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
Re: CVE request: Pidgin Kurt Seifried (Jan 04)
Re: CVE request: mwlib < 0.13.5 DoS flaw Kurt Seifried (Mar 05)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Kurt Seifried (Mar 20)
Re: CVE-request: systemd local denial of login or local users can create arbitrary services Kurt Seifried (Mar 04)
Re: CVE request: redmine issues Kurt Seifried (Jan 06)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried (Feb 28)
Re: CVE request: Jenkins Kurt Seifried (Jan 19)
Re: running the distros lists Kurt Seifried (Mar 14)
Re: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Kurt Seifried (Feb 03)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 29)
Re: CVE Requests Kurt Seifried (Mar 16)
Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Kurt Seifried (Mar 28)
Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Kurt Seifried (Mar 27)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (Mar 23)
Re: CVE request -- kernel: kvm: syscall instruction induced guest panic Kurt Seifried (Jan 11)
Re: Case YVS Image Gallery Kurt Seifried (Mar 19)
Re: CVE request: mantisbt before 1.2.9 Kurt Seifried (Mar 06)
Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried (Jan 09)
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Kurt Seifried (Feb 13)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 17)
expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried (Mar 08)
Re: CVE Request: NetworkManager arbitrary file access Kurt Seifried (Mar 01)
Re: CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Kurt Seifried (Jan 03)
Re: CVE request: znc Kurt Seifried (Jan 09)
Re: CVE-request: golismero symlink vulnerability Kurt Seifried (Jan 17)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried (Mar 22)
gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 30)
Re: CVE request: maradns hash table collision cpu dos Kurt Seifried (Jan 03)
Re: CVE request: eZ Publish: unspecified vulnerability Kurt Seifried (Mar 15)
Re: Two CVE requests Kurt Seifried (Jan 03)
Re: CVE Request for spamdyke "STARTTLS" Plaintext Kurt Seifried (Jan 19)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 04)
Re: CVE id request: cifs-utils Kurt Seifried (Mar 27)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Kurt Seifried (Mar 12)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 20)
LinuxMint - temp file creation vulns in mintNanny and mintUpdate Kurt Seifried (Mar 19)
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried (Mar 19)
glib2 hash dos oCert-2011-003 Kurt Seifried (Jan 10)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Kurt Seifried (Feb 20)
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried (Mar 21)
Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 09)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
Re: CVE request: Mediawiki Kurt Seifried (Jan 12)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 04)
Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 24)
Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS Kurt Seifried (Jan 18)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Kurt Seifried (Mar 06)
Re: CVE Requests Kurt Seifried (Mar 15)
Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Kurt Seifried (Mar 31)
Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 20)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 01)
Re: CVE Request: overlayfs Kurt Seifried (Jan 17)
Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Kurt Seifried (Mar 29)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 14)
CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried (Mar 09)
Re: CVE request: phppgadmin before 5.0.4 XSS Kurt Seifried (Mar 28)
Re: CVE request: mumble local information disclosure Kurt Seifried (Feb 15)
Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Kurt Seifried (Mar 06)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: Screen locking programs on Xorg 1.11 Kurt Seifried (Jan 18)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
Re: Fwd: Apache HTTP Server 2.2.22 Released Kurt Seifried (Jan 31)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried (Mar 21)
Re: CVE request for bitlebee Kurt Seifried (Mar 19)
Re: CVE Request: libgdata did not verify SSL certificates Kurt Seifried (Mar 14)
Re: gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 30)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 13)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 18)
Re: CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Kurt Seifried (Mar 26)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 19)
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried (Mar 20)
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 17)
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability Kurt Seifried (Mar 05)
Re: CVE request: mumble local information disclosure Kurt Seifried (Feb 16)
CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
Re: CVE request for OpenTTD Kurt Seifried (Jan 09)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: Re: DesktopOnNet 3 Beta LFI Kurt Seifried (Feb 27)
Re: CVE-request: Ariadne 2.7.6 XSS Kurt Seifried (Mar 09)
Re: CVE request: kernel: xfs heap overflow Kurt Seifried (Jan 10)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 26)
Re: gpw password generator giving short password at low rate Kurt Seifried (Jan 17)
Re: CVE request: maradns deleted domain record cache persistance flaw Kurt Seifried (Mar 20)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Feb 01)
Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Kurt Seifried (Mar 29)
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Kurt Seifried (Mar 08)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
Re: CVE Request: lightdm Kurt Seifried (Mar 05)
Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried (Jan 19)
Re: Adding Xen.org contact to linux-distros security list Kurt Seifried (Feb 03)
Re: CVE Requests Kurt Seifried (Mar 15)
CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried (Feb 06)
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried (Jan 23)
Re: CVE-request: e107 HTB23004 Kurt Seifried (Mar 28)
Ruby on Rails github compromise Kurt Seifried (Mar 04)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 13)
Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 20)
Re: CVE request for OpenTTD - use CVE-2012-0049! Kurt Seifried (Jan 13)
Re: CVE request: tucan insecure plugin update mechanism Kurt Seifried (Jan 18)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried (Mar 30)
Re: running the distros lists Kurt Seifried (Mar 14)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
Re: CVE request: pyfribidi buffer overflow flaw Kurt Seifried (Mar 14)
Re: CVE request: surf Kurt Seifried (Feb 11)
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 13)
Re: CVE request: init script x11-common creates directories in insecure manners Kurt Seifried (Feb 28)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 03)
Re: expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried (Mar 08)
Re: CVE request for OpenTTD Kurt Seifried (Jan 13)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried (Jan 17)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried (Feb 03)
Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Kurt Seifried (Feb 28)
Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Kurt Seifried (Mar 07)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 21)
MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues Kurt Seifried (Feb 23)
Re: CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried (Jan 26)
Re: CVE request: eZ Publish XSS Kurt Seifried (Mar 28)
Re: Potential security issues fixed in PHP 5.3.9 Kurt Seifried (Jan 20)
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Kurt Seifried (Jan 26)
Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active Kurt Seifried (Jan 17)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 14)
Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Kurt Seifried (Feb 01)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Jan 05)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 04)
Re: CVE request: kernel: xfs heap overflow Kurt Seifried (Jan 10)
Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Kurt Seifried (Mar 09)
Re: CVE request: bip buffer overflow Kurt Seifried (Jan 24)
Re: CVE request: TYPO3-CORE-SA-2012-001 Kurt Seifried (Mar 29)

Larry Stefonic

Re: MySQL 0-day - does it need a CVE? Larry Stefonic (Feb 24)

Luc ABRIC

CVE 2012-1565 Insecure object reference Luc ABRIC (Mar 28)
CVE request: eZ Publish: unspecified vulnerability Luc ABRIC (Mar 15)
RE: CVE request: eZ Publish: insecure direct object reference Luc ABRIC (Mar 20)
CVE request: eZ Publish: insecure direct object reference Luc ABRIC (Mar 19)
CVE request: eZ Publish XSS Luc ABRIC (Mar 28)

Luciano Bello

CVE request: bip buffer overflow Luciano Bello (Jan 24)

Ludwig Nussel

Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 21)
CVE Request: libgdata did not verify SSL certificates Ludwig Nussel (Mar 14)
Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 26)
Re: CVE request: mumble local information disclosure Ludwig Nussel (Feb 16)
Re: Malicious devices & vulnerabilties Ludwig Nussel (Jan 09)
postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel (Mar 30)
CVE Request: NetworkManager arbitrary file access Ludwig Nussel (Feb 29)

Marc Deslauriers

Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
Re: CVE Request: libgdata did not verify SSL certificates Marc Deslauriers (Mar 14)
CVE Request: overlayfs Marc Deslauriers (Jan 17)
Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
CVE Request: ldm (LTSP display manager) Marc Deslauriers (Mar 12)
CVE Request: lightdm Marc Deslauriers (Mar 05)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Marc Deslauriers (Jan 26)

Marcus Meissner

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
Re: Re: openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)
Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner (Feb 28)
Re: Subscribe to linux-distros? Marcus Meissner (Feb 13)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner (Feb 29)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Marcus Meissner (Mar 20)
openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)
CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Marcus Meissner (Feb 03)

Mark Doliner

CVE request: Two Pidgin crashes Mark Doliner (Mar 14)

Mark Stanislav

Re: CVE Requests Mark Stanislav (Mar 15)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 15)
Re: CVE Requests Mark Stanislav (Mar 16)
CVE Requests Mark Stanislav (Mar 15)
Re: CVE Requests Mark Stanislav (Mar 15)
Re: CVE Requests Mark Stanislav (Mar 16)

Mark Thomas

Re: Re: CVE-2011-4858 confusion Mark Thomas (Jan 05)

Mateusz Goik

Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)

Matthew Jordan

Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Matthew Jordan (Mar 16)

Matthias Weckbecker

CVE request: openssl: null pointer dereference issue Matthias Weckbecker (Feb 27)
Subscribe to linux-distros? Matthias Weckbecker (Feb 13)

Matt Watchinski

Re: Vulnerabilities reported in ClamAV 0.96.4 Matt Watchinski (Mar 21)

Michael Gilbert

Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 18)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Jan 22)
Re: CVE id assignment dates Michael Gilbert (Jan 23)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 18)

Michael Harrison

CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Michael Harrison (Jan 06)
Re: CVE request: spamdyke buffer overflow vulnerability Michael Harrison (Jan 23)

Michael Niedermayer

Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)
Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)
Re: Re: pwgen: non-uniform distribution of passwords Michael Niedermayer (Jan 19)
CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)

Mike O'Connor

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Mike O'Connor (Jan 01)

Moritz Muehlenhoff

Two CVE requests Moritz Muehlenhoff (Jan 02)
CVE request: redmine issues Moritz Muehlenhoff (Jan 06)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Moritz Muehlenhoff (Jan 10)
Re: Re: [security] Drupal CORE and Drupal Contrib Moritz Muehlenhoff (Mar 21)
CVE request: znc Moritz Muehlenhoff (Jan 08)
CVE request: apr - Hash DoS vulnerability Moritz Muehlenhoff (Feb 08)
CVE request: Pidgin Moritz Muehlenhoff (Jan 04)
CVE request: Jenkins Moritz Muehlenhoff (Jan 16)
Re: CVE Request: Security issue in backuppc Moritz Muehlenhoff (Jan 04)
CVE request: Mediawiki Moritz Muehlenhoff (Jan 12)
CVE request: XML::Atom Perl module Moritz Muehlenhoff (Mar 04)
CVE requests: Suhosin extension / as31 Moritz Muehlenhoff (Jan 24)

Moritz Mühlenhoff

Re: CVE Request: Security issue in backuppc Moritz Mühlenhoff (Jan 03)
CVE request: notmuch Moritz Mühlenhoff (Mar 04)

muuratsalo experimental hack lab

Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab (Feb 20)

Nanakos Chrysostomos

Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)

Nanakos V. Chrysostomos

Re: Yubiserver package ships with pre-filled identities Nanakos V. Chrysostomos (Jan 30)

Netsparker Advisories

Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Netsparker Advisories (Jan 03)

Nick Kralevich

Re: CVE request -- kernel: execshield: predictable ascii armour base address Nick Kralevich (Mar 20)

Nico Golde

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 02)
speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 01)
CVE id request: cifs-utils Nico Golde (Mar 26)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde (Feb 20)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde (Feb 20)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 03)

Nicolas Grégoire

Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 14)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 15)
Re: XSLT issue in MoinMoin Nicolas Grégoire (Jan 24)
XSLT issue in MoinMoin Nicolas Grégoire (Jan 24)

nicolas vigier

Sudo format string vulnerability (CVE 2012-0809) nicolas vigier (Jan 30)

Oswald Buddenhagen

Re: Disputing CVE-2011-4122 Oswald Buddenhagen (Jan 02)

Patrick R McDonald

Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald (Jan 26)
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald (Jan 26)

Petr Matousek

CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Petr Matousek (Mar 07)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek (Mar 21)
CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON() Petr Matousek (Mar 15)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 05)
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Petr Matousek (Feb 07)
CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Petr Matousek (Feb 28)
CVE request -- kernel: block: CLONE_IO io_context refcounting issues Petr Matousek (Feb 23)
CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Petr Matousek (Mar 29)
CVE request -- kernel: kvm: syscall instruction induced guest panic Petr Matousek (Jan 11)
CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 04)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 05)
CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek (Mar 20)

Pierre Joye

Re: PHP remote code execution introduced via HashDoS fix Pierre Joye (Feb 02)
Re: Potential security issues fixed in PHP 5.3.9 Pierre Joye (Jan 20)

Rafał Malinowski

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)

Ramon de C Valle

Subscribe to linux-distros Ramon de C Valle (Jan 27)
Re: Subscribe to linux-distros Ramon de C Valle (Jan 27)
CVE request: ghostscript: system initialization file uncontrolled search path element Ramon de C Valle (Jan 04)

Robert Haas

Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas (Mar 30)
Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas (Mar 30)

Roland Gruber

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber (Mar 12)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber (Mar 05)

Ronald van den Blink

Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 19)

Rubidium

CVE request for OpenTTD Rubidium (Jan 07)

Samuel J. Greear

Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear (Jan 20)

Sebastian Krahmer

CVE-2011-4858 confusion Sebastian Krahmer (Jan 04)
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer (Feb 27)

Sebastian Pipping

Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Jan 18)
Re: Screen locking programs on Xorg 1.11 Sebastian Pipping (Jan 18)
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Jan 01)

Solar Designer

Re: running the distros lists Solar Designer (Mar 13)
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer (Feb 08)
Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Solar Designer (Feb 06)
Re: Subscribe to linux-distros? Solar Designer (Feb 14)
Re: non-Linux advance notification list Solar Designer (Jan 27)
Re: pdf attacks vectors Solar Designer (Jan 20)
Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 11)
Re: running the distros lists Solar Designer (Mar 14)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 19)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 19)
Re: distros & linux-distros embargo period and message format Solar Designer (Jan 20)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 08)
Re: Fwd: Apache HTTP Server 2.2.22 Released Solar Designer (Jan 31)
Re: Adding Xen.org contact to linux-distros security list Solar Designer (Feb 03)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 08)
running the distros lists Solar Designer (Mar 12)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 22)
CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer (Feb 06)
OpenBSD bcrypt 8-bit key_len wraparound Solar Designer (Jan 01)
Re: CVE request: eZ Publish: unspecified vulnerability Solar Designer (Mar 15)
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 29)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
Re: non-Linux advance notification list Solar Designer (Jan 27)
Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 08)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 16)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 03)
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 21)
Re: running the distros lists Solar Designer (Mar 15)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Jan 01)
Re: pdf attacks vectors Solar Designer (Jan 20)
testing pwqgen Solar Designer (Jan 26)
CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Solar Designer (Feb 05)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
Re: PHP remote code execution introduced via HashDoS fix Solar Designer (Feb 02)
Re: Disputing CVE-2011-4122 Solar Designer (Jan 02)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
OpenSSL and *BSD *_Final context struct zeroization (was: weird crypt-sha* in DragonFly BSD) Solar Designer (Jan 01)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)
Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 02)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 20)
Re: non-Linux advance notification list Solar Designer (Jan 27)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 11)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)
Re: Subscribe to linux-distros Solar Designer (Feb 02)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)
Re: Subscribe to linux-distros Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Jan 01)
pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 01)
Re: Subscribe to linux-distros Solar Designer (Jan 27)
Re: running the distros lists Solar Designer (Mar 12)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Solar Designer (Feb 05)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 20)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: Attack on badly configured Netfilter-based firewalls Solar Designer (Feb 26)
Re: CVE Requests Solar Designer (Mar 16)
distros & linux-distros embargo period and message format Solar Designer (Jan 20)
Re: Attack on badly configured Netfilter-based firewalls Solar Designer (Feb 26)
Fwd: Apache HTTP Server 2.2.22 Released Solar Designer (Jan 31)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: OpenBSD bcrypt error return Solar Designer (Jan 01)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
CVE id assignment dates Solar Designer (Jan 23)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)

Stefan Cornelius

CVE request: GnuTLS TLS record handling issue / MU-201202-01 Stefan Cornelius (Mar 21)
CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Stefan Cornelius (Mar 20)
CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow Stefan Cornelius (Feb 17)
CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 Stefan Cornelius (Mar 19)
CVE-2012-1106 assignment notification -- abrt: Setuid process core dump archived with unsafe GID permissions Stefan Cornelius (Mar 05)

Steffen Dettmer

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer (Mar 31)

Steven M. Christey

Re: gpw password generator giving short password at low rate Steven M. Christey (Jan 17)
Re: CVE-request: PHP Booking Calendar 10e XSS Steven M. Christey (Jan 03)
Re: CVE Requests for FFmpeg 0.9.1 Steven M. Christey (Jan 05)
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Steven M. Christey (Jan 20)
Re: Re: Yubiserver package ships with pre-filled identities Steven M. Christey (Jan 31)
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 12)
XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Steven M. Christey (Feb 01)
Re: CVE Request: Security issue in backuppc Steven M. Christey (Jan 04)
Re: CVE request: Pidgin Steven M. Christey (Jan 04)
Re: Re: pwgen: non-uniform distribution of passwords Steven M. Christey (Jan 17)
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Steven M. Christey (Jan 20)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Steven M. Christey (Feb 23)
Re: CVE id assignment dates Steven M. Christey (Jan 23)
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Steven M. Christey (Jan 21)
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 11)
Re: CVE id assignment dates Steven M. Christey (Jan 24)

Stuart Henderson

Re: non-Linux advance notification list Stuart Henderson (Jan 27)

The Fungi

Re: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour The Fungi (Mar 23)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) The Fungi (Jan 05)

Thijs Kinkhorst

CVE request: simpleSAMLphp 1.8.2 cross site scripting Thijs Kinkhorst (Jan 11)

Thomas Klausner

Re: distros & linux-distros embargo period and message format Thomas Klausner (Feb 01)
Re: running the distros lists Thomas Klausner (Mar 13)

Tim Brown

Re: CVE Requests Tim Brown (Mar 16)
Re: running the distros lists Tim Brown (Mar 14)
Partial ASLR bypass Tim Brown (Mar 02)
Re: CVE Requests Tim Brown (Mar 16)

Timothy D. Morgan

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Timothy D. Morgan (Mar 27)

Timo Warns

Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 29)
CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 21)

Tim Sammut

CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Tim Sammut (Mar 27)

Tim Zingelman

Re: Screen locking programs on Xorg 1.11 Tim Zingelman (Jan 19)

Todd C. Miller

Re: CVE for OpenBSD random() bug? Todd C. Miller (Mar 22)

Tomas Hoger

Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 13)
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Tomas Hoger (Mar 06)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Tomas Hoger (Mar 30)
Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 12)
PHP remote code execution introduced via HashDoS fix Tomas Hoger (Feb 02)
Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 Tomas Hoger (Mar 21)
Re: MySQL 0-day - does it need a CVE? Tomas Hoger (Feb 24)

Török Edwin

Re: Vulnerabilities reported in ClamAV 0.96.4 Török Edwin (Mar 21)

valentino.angeletti

R: pwgen: non-uniform distribution of passwords valentino.angeletti (Jan 19)

Vasiliy Kulikov

Re: Malicious devices & vulnerabilties Vasiliy Kulikov (Jan 09)

Vincent Danen

Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen (Mar 21)
Re: CVE request: smokeping XSS Vincent Danen (Mar 06)
CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Vincent Danen (Jan 20)
CVE request: tucan insecure plugin update mechanism Vincent Danen (Jan 18)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
CVE request: pyfribidi buffer overflow flaw Vincent Danen (Mar 14)
CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
Re: Re: CVE-2011-4858 confusion Vincent Danen (Jan 04)
Re: CVE request: maradns hash table collision cpu dos Vincent Danen (Jan 03)
CVE request: gnash integer overflow Vincent Danen (Mar 14)
CVE request: mumble local information disclosure Vincent Danen (Feb 15)
Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Vincent Danen (Mar 14)
Re: Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen (Mar 21)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
CVE request: mwlib < 0.13.5 DoS flaw Vincent Danen (Mar 05)
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
CVE request: maradns hash table collision cpu dos Vincent Danen (Jan 03)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
CVE request: smokeping XSS Vincent Danen (Jan 20)
CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data Vincent Danen (Feb 22)
CVE request: maradns deleted domain record cache persistance flaw Vincent Danen (Mar 19)

vladz

CVE request: init script x11-common creates directories in insecure manners vladz (Feb 28)
Re: CVE request: init script x11-common creates directories in insecure manners vladz (Mar 01)

VSR Advisories

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories (Mar 27)

Werner LEMBERG

Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Werner LEMBERG (Mar 07)

Whitney Houston

DesktopOnNet 3 Beta LFI Whitney Houston (Feb 27)
Re: DesktopOnNet 3 Beta LFI Whitney Houston (Feb 27)

William Pitcock

atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock (Mar 21)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock (Mar 22)

Xi Wang

Malicious devices & vulnerabilties Xi Wang (Jan 07)
CVE request: kernel: xfs heap overflow Xi Wang (Jan 10)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)

yersinia

Re: Attack on badly configured Netfilter-based firewalls yersinia (Feb 27)

YGN Ethical Hacker Group

Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 16)
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 12)
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group (Mar 05)
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Mar 05)

Yves-Alexis Perez

gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez (Jan 27)
Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez (Jan 19)
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Yves-Alexis Perez (Jan 19)
Re: Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Yves-Alexis Perez (Feb 01)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez (Jan 27)
Re: gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
Re: Screen locking programs on Xorg 1.11 Yves-Alexis Perez (Jan 19)
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez (Jan 15)
Re: Attack on badly configured Netfilter-based firewalls Yves-Alexis Perez (Feb 25)

Zooko Wilcox-O'Hearn

ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1 Zooko Wilcox-O'Hearn (Jan 15)
details about Tahoe-LAFS security problem #1654 Zooko Wilcox-O'Hearn (Jan 12)

Zubin Mithra

Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 21)
Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)

Previous period

Next period