oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

578 messages starting Jun 12 12 and ending Jun 28 12
Date index | Thread index | Author index

Aaron Patterson

Ruby on Rails SQL Injection (CVE-2012-2695) Aaron Patterson (Jun 12)
Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) Aaron Patterson (May 31)
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-2661) Aaron Patterson (May 31)
Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694) Aaron Patterson (Jun 12)

akuster

Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition akuster (May 24)
Re: fix to CVE-2009-4307 akuster (Apr 04)
fix to CVE-2009-4307 akuster (Apr 03)

Alex Legler

CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Alex Legler (May 08)

Andreas Ericsson

Re: expat hash collision fix too predictable? Andreas Ericsson (Apr 05)

Andres Gomez

Re: CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
Re: CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
CVE Request: Planeshift buffer overflow Andres Gomez (May 17)
CVE Request: FlightGear and Simgear Multiple vulnerabilities Andres Gomez (Apr 10)

Andrew Alexeev

nginx security advisory: mp4 module vulnerability, CVE-2012-2089 Andrew Alexeev (Apr 12)

Andrew Morton

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Andrew Morton (Apr 20)

Behdad Esfahbod

Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod (May 23)

Benji

Re: RE: GIMP FIT File Format DoS Benji (Jun 30)

Ben Laurie

Re: Using FreeBSD Capsicum for program and library sandboxing Ben Laurie (May 15)

Caolán McNamara

Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Caolán McNamara (Apr 19)
Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Caolán McNamara (May 29)

Carlos Alberto Lopez Perez

Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez (Apr 08)

CERT(R) Coordination Center

CERT Linux Triage Tools 1.0 Released INFO#208126 CERT(R) Coordination Center (Apr 25)

Christos Zoulas

Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas (May 24)

cve-assign

temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles cve-assign (May 02)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) cve-assign (May 09)
Asterisk AST-2012-004 AST-2012-005 AST-2012-006 cve-assign (Apr 23)
Re: Security vulnerabilities fixed in WordPress 3.3.2 cve-assign (Apr 23)
CVE-2012-2762 Serendipity include/functions_trackbacks.inc.php SQL injection cve-assign (May 18)
CVE-2012-2759 WordPress Login With Ajax plugin re-enlistment XSS cve-assign (May 18)

Daniel Kahn Gillmor

ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor (May 11)
Re: Debian/Ubuntu php_crypt_revamped.patch Daniel Kahn Gillmor (May 04)

David Black

CVE request: cobbler command injection David Black (May 23)
CVE Request: powerdns does not clear supplementary groups David Black (May 24)
CVE request: gajim - code execution and sql injection David Black (Apr 08)
Re: CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
CVE request: cobbler lack of csrf protection, code execution David Black (Apr 12)
Re: CVE Request: powerdns does not clear supplementary groups David Black (May 25)

David Hicks

CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 David Hicks (Jun 09)

David Jorm

CVE request: Mojarra allows deployed web applications to read FacesContext from other applications David Jorm (Jun 06)

Dex

WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)
Re: WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)

Dwayne C. Litzenberger

CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation Dwayne C. Litzenberger (May 24)

Eitan Adler

Re: CVE Request: programming error in crypt(3) Eitan Adler (Apr 26)

Eric W. Biederman

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 19)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman (Apr 20)

Eugene Teo

100 bugs in Open Source C/C++ projects Eugene Teo (May 17)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)
CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Eugene Teo (Apr 19)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo (Apr 19)

fabrice.fontaine

RE: libupnp buffer overflows fabrice.fontaine (May 19)

Felipe Pena

Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
CVE request: PHP Phar - arbitrary code execution Felipe Pena (May 20)
Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 30)
CVE request: Full path disclosure in DokuWiki Felipe Pena (Jun 24)
CVE id request: Multiple buffer overflow in unixODBC Felipe Pena (May 29)

Filippo Cavallarin

Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)
CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin (May 23)
CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin (May 23)
CVE request: OSClass directory traversal vulnerability Filippo Cavallarin (Apr 02)

Florian Weimer

Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (May 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Florian Weimer (May 30)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (Apr 28)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 15)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Florian Weimer (Apr 25)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer (May 01)
Re: CVE Request: more tight ioctl permissions in dl2k driver Florian Weimer (May 04)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer (Apr 24)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer (Jun 14)

Gerhard Rieger

socat security advisory Gerhard Rieger (May 14)

Giles Coochey

Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Giles Coochey (Jun 15)

Greg KH

Re: CVE-Request: hyper-v daemon Greg KH (Jun 07)
Re: CVE-Request: hyper-v daemon Greg KH (Jun 06)

Greg Knaddison

CVE Request for Drupal contributed modules - 2012-05-10 Greg Knaddison (May 10)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 10)
CVE Request for Drupal Contributed Advisories on 2012-04-18 Greg Knaddison (Apr 18)
Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
CVE Request for Drupal contributed modules Greg Knaddison (May 02)
CVE Request for Drupal Contributed Advisories on 2012-04-11 Greg Knaddison (Apr 11)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 11)
CVE Request for Drupal contributed modules Greg Knaddison (May 30)
Re: CVE Request for Drupal contributed modules Greg Knaddison (Jun 04)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison (Apr 11)

Hanno Böck

Re: CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)
Re: CVE request: Piwik before 1.7 Hanno Böck (May 13)
CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Hanno Böck (Apr 30)
CVE request: phplist before 2.10.18 XSS and sql injection Hanno Böck (Jun 15)
CVE request: XSS and SQL injection in serendipity before 1.7.1 Hanno Böck (May 08)
CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
CVE request: mybb before 1.6.7 Hanno Böck (May 07)
CVE request: Piwik before 1.7 Hanno Böck (May 08)
CVE request: java hashdos vulnerability Hanno Böck (Jun 15)
CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck (May 22)

Helmut Grohne

Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 17)
Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)

Henri Salo

Re: CVE request: OSClass directory traversal vulnerability Henri Salo (Apr 03)
CVE-request: MyBB before 1.6.1 Henri Salo (May 08)
CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Henri Salo (Apr 17)
Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 17)
CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Henri Salo (May 10)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Apr 27)
Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 19)
Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo (May 22)
Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)
CVE-request: SilverStripe before 2.4.4 Henri Salo (Apr 29)
Re: CVE request: Piwik before 1.7 Henri Salo (May 13)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Henri Salo (Apr 25)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 15)
CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 12)
Re: CVE request: openldap does not honor TLSCipherSuite configuration option Henri Salo (Jun 05)
Page disclosure/cve updated in wiki Henri Salo (Apr 29)
CVE-request: phpMyFAQ default password 1.3.2 Henri Salo (May 10)
Re: CVE Request for Drupal contributed modules Henri Salo (Jun 14)
CVE-request: OpenEMR 4.1.0 SQL-injection Henri Salo (Apr 16)
Joomla! Security News 2012-06-19 Henri Salo (Jun 19)
CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Henri Salo (May 15)
Dispute Taggator Plugin for WordPress taggator.php tagid Parameter SQL Injection Henri Salo (Apr 09)
Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo (May 30)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Henri Salo (Apr 24)
Re: CVE request: Piwik before 1.7 Henri Salo (Jun 07)
CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Henri Salo (Apr 16)
Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
Re: libupnp buffer overflows Henri Salo (May 19)
CVEs assigned for Movable Type 4.36 and 5.05 security updates Henri Salo (Apr 02)
CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
Security vulnerabilities fixed in WordPress 3.3.2 Henri Salo (Apr 23)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (May 04)
CVE-request: Joomla 2012-04 398-20120307 399-20120308 Henri Salo (Apr 03)
CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Henri Salo (Apr 16)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Apr 03)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 13)
Re: CVE-request: WordPress 3.1.1 Henri Salo (Apr 17)

Holger Levsen

Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen (Apr 18)

Huzaifa Sidhpurwala

CVE Request: Heap corruption in openjpeg Huzaifa Sidhpurwala (Apr 13)
Re: CVE id request for links2 Huzaifa Sidhpurwala (Apr 09)
CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Huzaifa Sidhpurwala (Jun 14)
CVE Requests: Multiple security flaws in csound5 Huzaifa Sidhpurwala (Apr 15)

Ian Goldberg

Format string security flaw in pidgin-otr Ian Goldberg (May 16)

ISPConfig.org - Till Brehm

Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm (Apr 10)
Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm (Apr 09)

Jamie Strandboge

Security issue in libav/ffmpeg Jamie Strandboge (May 03)

Jan Lieskovsky

CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Jan Lieskovsky (May 04)
CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Jan Lieskovsky (Apr 24)
CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Jan Lieskovsky (Apr 22)
CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection Jan Lieskovsky (May 18)
CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Jan Lieskovsky (Jun 18)
CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Jan Lieskovsky (Apr 20)
CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky (Apr 16)
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
Re: connman heads up / CVE requests Jan Lieskovsky (May 07)
CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky (Jun 25)
CVE-2012-2639 reject request (duplicate of CVE-2011-4940) Jan Lieskovsky (Jun 26)
CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Jan Lieskovsky (Jun 27)
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky (Jun 06)
CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky (May 22)
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky (May 23)
Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky (Apr 13)
CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Jan Lieskovsky (May 23)
Re: sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Jan Lieskovsky (May 18)
CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Jan Lieskovsky (Apr 26)
Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 28)
Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky (Apr 12)
Re: memory allocator upstream patches Jan Lieskovsky (Jun 07)
Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue Jan Lieskovsky (May 28)
Re: CVE-2011-3102 / libxml2 Jan Lieskovsky (May 22)
Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed Jan Lieskovsky (May 30)
Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 29)
CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Jan Lieskovsky (Jun 04)
CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Jan Lieskovsky (Apr 19)

Johan Cwiklinski

CVE-request: galette sql injection Johan Cwiklinski (May 10)

Johannes Schlüter

Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Johannes Schlüter (Jun 28)

john ffitch

Re: CVE Requests: Multiple security flaws in csound5 john ffitch (Apr 19)

John Haxby

Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 08)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (May 30)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) John Haxby (Jun 15)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 01)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby (Jun 07)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations John Haxby (May 29)

Jonathan Niehof

CVE request: pam_shield Jonathan Niehof (May 11)

Joseph Sheridan

Irfanview Plugins JLS Decompression Joseph Sheridan (Jun 29)
GIMP FIT File Format DoS Joseph Sheridan (Jun 29)
ScriptFu Server Buffer Overflow in GIMP <= 2.6 Joseph Sheridan (May 30)

Kees Cook

CVE request: Xorg input device format string flaw Kees Cook (Apr 18)
Re: CVE request: Xorg input device format string flaw Kees Cook (Apr 18)

Keith Winstein

Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein (May 22)

Kenyon Ralph

Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph (Apr 18)

Kevin Grittner

Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kevin Grittner (Apr 02)

Kurt Seifried

Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried (Apr 03)
Re: CVE-request: galette sql injection Kurt Seifried (May 10)
Re: CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Kurt Seifried (Jun 28)
Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 Kurt Seifried (May 18)
PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 27)
Re: CVE-Request: hyper-v daemon Kurt Seifried (Jun 06)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Kurt Seifried (May 23)
Re: Joomla! Security News 2012-06-19 Kurt Seifried (Jun 19)
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options Kurt Seifried (May 22)
Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried (Jun 06)
Re: CVE request: cobbler lack of csrf protection, code execution Kurt Seifried (Apr 12)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 10)
Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 27)
Some notes on CVE's and group privilege dropping Kurt Seifried (Jun 06)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kurt Seifried (Apr 04)
Re: CVE Request -- kernel: huge pages: memory leak on mmap failure Kurt Seifried (May 23)
Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Kurt Seifried (May 07)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried (May 18)
Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 Kurt Seifried (Apr 25)
Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Kurt Seifried (May 15)
Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried (May 04)
Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 Kurt Seifried (Jun 11)
Re: CVE request: arbitrary code exec in bcfg2 Kurt Seifried (Jun 27)
Re: expat hash collision fix too predictable? Kurt Seifried (Apr 05)
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Kurt Seifried (Jun 06)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (May 04)
Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
Re: CVE request: PHP Phar - arbitrary code execution Kurt Seifried (May 22)
Re: CVE Request for Drupal contributed modules - 2012-05-10 Kurt Seifried (May 10)
Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection Kurt Seifried (May 18)
Re: CVE Request: viewvc Kurt Seifried (Jun 25)
Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Kurt Seifried (Apr 20)
Re: CVE-request: MyBB before 1.6.1 Kurt Seifried (May 08)
Re: Re: Security vulnerabilities fixed in WordPress 3.3.2 Kurt Seifried (Apr 23)
Re: CVE request: latex2man / texlive Kurt Seifried (Apr 19)
Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 29)
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Kurt Seifried (Jun 04)
Re: CVE request: sympa (try again) Kurt Seifried (May 15)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 11)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried (May 05)
Re: CVE-request: phpMyFAQ default password 1.3.2 Kurt Seifried (May 10)
Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Kurt Seifried (Apr 19)
Re: CVE request: openldap does not honor TLSCipherSuite configuration option Kurt Seifried (Jun 05)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
Re: CVE request: Piwik before 1.7 Kurt Seifried (May 08)
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
mod_security CVE request Kurt Seifried (Jun 21)
CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried (Jun 27)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 Kurt Seifried (Apr 03)
Re: fix to CVE-2009-4307 Kurt Seifried (Apr 03)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (Jun 15)
Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Kurt Seifried (Apr 17)
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried (Jun 25)
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 31)
Re: CVE request: sympa (try again) Kurt Seifried (May 12)
Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications Kurt Seifried (Jun 06)
Re: CVE id request for links2 Kurt Seifried (May 05)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 28)
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 04)
Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
Re: CVE request: java hashdos vulnerability Kurt Seifried (Jun 16)
Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Kurt Seifried (Apr 22)
Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 Kurt Seifried (May 08)
Re: CVE request: mahara Kurt Seifried (May 11)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried (Apr 12)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried (May 29)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried (May 22)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Kurt Seifried (Apr 24)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 07)
CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried (Apr 06)
Re: CVE id request for links2 Kurt Seifried (Apr 10)
Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Kurt Seifried (Apr 16)
Re: CVE id request: wicd Kurt Seifried (Apr 11)
Re: CVE-request: OpenEMR 4.1.0 SQL-injection Kurt Seifried (Apr 18)
Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Kurt Seifried (Apr 16)
Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Kurt Seifried (May 04)
Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried (May 29)
Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
Re: CVE request: Multiple vulnerabilities in LogAnalyzer Kurt Seifried (May 23)
Re: MySQL CVEs Kurt Seifried (Jun 19)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kurt Seifried (Apr 04)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried (Apr 20)
Re: Re: WHMCS 5.0.2> SQLi CVE Request Kurt Seifried (Jun 11)
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
Re: CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried (Jun 27)
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 17)
Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried (Jun 06)
Re: CVE request: Xorg input device format string flaw Kurt Seifried (Apr 18)
Re: CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Kurt Seifried (May 23)
Re: CVE Request: more tight ioctl permissions in dl2k driver Kurt Seifried (May 04)
Re: Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried (Apr 10)
Re: CVE request: cobbler command injection Kurt Seifried (May 23)
Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Apr 17)
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (Jun 05)
Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities Kurt Seifried (Apr 10)
Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 Kurt Seifried (Apr 18)
Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried (May 30)
Re: CVE request: mybb before 1.6.7 Kurt Seifried (May 07)
Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Kurt Seifried (Apr 26)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried (Apr 19)
Re: CVE request: Full path disclosure in DokuWiki Kurt Seifried (Jun 24)
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Kurt Seifried (Jun 04)
Re: CVE request: sympa (try again) Kurt Seifried (May 11)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried (May 04)
Re: CVE request -- kernel: kvm: device assignment page leak Kurt Seifried (Apr 19)
CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader Kurt Seifried (May 15)
Re: CVE Request: Heap corruption in openjpeg Kurt Seifried (Apr 13)
Re: CVE Request: slock-0.9 displays modal box after locking Kurt Seifried (Apr 05)
CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface Kurt Seifried (Apr 08)
Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried (May 01)
Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 13)
Re: CVE request: Piwik before 1.7 Kurt Seifried (May 13)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (Jun 01)
Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Kurt Seifried (Jun 18)
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 28)
Re: CVE request: Bytemark Symbiosis Kurt Seifried (May 14)
Re: memory allocator upstream patches Kurt Seifried (Jun 07)
Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)
Re: CVE Request: use after free bug in "quota" handling in hugetlb code Kurt Seifried (Apr 24)
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 10)
Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 25)
Re: gajim insecure file creation when using latex Kurt Seifried (Apr 10)
Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried (May 05)
Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried (Apr 30)
Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier Kurt Seifried (Apr 18)
Re: mod_security CVE request Kurt Seifried (Jun 21)
Re: CVE Request for Drupal contributed modules Kurt Seifried (May 02)
Re: CVE Request: some drm overflow checks Kurt Seifried (May 22)
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried (Apr 24)
Re: CVE Request: programming error in crypt(3) Kurt Seifried (Apr 26)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried (Apr 13)
Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages Kurt Seifried (Apr 19)
Re: connman heads up / CVE requests Kurt Seifried (May 07)
Re: CVE-Request: hyper-v daemon Kurt Seifried (Jun 06)
Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Kurt Seifried (Jun 11)
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried (May 30)
Re: CVE request: A Pidgin remote crash Kurt Seifried (May 07)
Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried (Apr 09)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Kurt Seifried (Apr 28)
Re: CVE request: pam_shield Kurt Seifried (May 11)
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options Kurt Seifried (May 22)
Re: CVE request: XSS in uselang http parameter (mediawiki) Kurt Seifried (Jun 13)
Re: CVE request: phplist before 2.10.18 XSS and sql injection Kurt Seifried (Jun 16)
Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Kurt Seifried (May 02)
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried (Apr 02)
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried (Jun 14)
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Kurt Seifried (May 18)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried (Jun 28)
CVE Request: slock-0.9 displays modal box after locking Kurt Seifried (Apr 05)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried (May 11)
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried (May 07)
Re: CVE Request: Planeshift buffer overflow Kurt Seifried (May 17)
Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Kurt Seifried (May 08)
Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Kurt Seifried (May 01)
Re: CVE request -- libguestfs: virt-edit doesn't preserve file permissions Kurt Seifried (Jun 11)
Re: CVE Requests: Multiple security flaws in csound5 Kurt Seifried (Apr 16)
Re: fix to CVE-2009-4307 Kurt Seifried (Apr 12)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Kurt Seifried (May 09)
Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried (Apr 13)
Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Apr 19)
Re: CVE request: privilege escalation in sectool Kurt Seifried (Apr 03)
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried (May 24)
Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Kurt Seifried (Apr 24)
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 18)
Re: CVE request: gajim - code execution and sql injection Kurt Seifried (Apr 08)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface Kurt Seifried (Apr 09)
Re: CVE Request for Drupal contributed modules Kurt Seifried (Jun 15)
Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 Kurt Seifried (Apr 11)
Re: XXE in Zend Kurt Seifried (Jun 27)
Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried (May 19)
Re: CVE request: haproxy trash buffer overflow flaw Kurt Seifried (May 23)
Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)

Luc ABRIC

CVE-2012-1597: XSS in eZ Publish Luc ABRIC (May 11)

Luciano Bello

Re: CVE request: CSRF in eXtplorer Luciano Bello (Jun 26)
CVE request: CSRF in eXtplorer Luciano Bello (Jun 23)

Ludwig Nussel

Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel (May 02)
Re: please verify unusual x.509 constraints are handled Ludwig Nussel (Jun 27)
CVE Request: viewvc Ludwig Nussel (Jun 25)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Ludwig Nussel (May 04)
CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel (Apr 24)
Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel (Apr 04)

Marc Deslauriers

Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Marc Deslauriers (Apr 30)
CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers (Apr 10)

Marcus Meissner

CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 19)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Marcus Meissner (May 02)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Marcus Meissner (May 04)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 20)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 04)
CVE Request: use after free bug in "quota" handling in hugetlb code Marcus Meissner (Apr 24)
CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 03)
Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
CVE Request: some drm overflow checks Marcus Meissner (May 20)
Re: CVE-Request: hyper-v daemon Marcus Meissner (Jun 07)
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner (May 04)
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Marcus Meissner (Jun 20)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner (Apr 22)
expat hash collision fix too predictable? Marcus Meissner (Apr 05)
Re: CVE-Request: hyper-v daemon Marcus Meissner (Jun 07)
CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 04)
Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner (May 07)
Re: Automatic binary hardening with Autoconf Marcus Meissner (May 15)

Mark Doliner

CVE request: A Pidgin remote crash Mark Doliner (May 06)

Mark Hoopes

Arbitrary File Upload/Execution in Collabtive Mark Hoopes (Jun 06)

Mark J Cox

linux-distros unsubscriptions Mark J Cox (May 29)

Matthias Weckbecker

Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
CVE request: rack-cache caches sensitive headers (Set-Cookie) Matthias Weckbecker (Jun 06)
CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker (May 23)
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Matthias Weckbecker (Jun 27)
CVE request: latex2man / texlive Matthias Weckbecker (Apr 19)

maximilian attems

Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options maximilian attems (May 22)

micah

CVE request: sympa (try again) micah (May 11)

micah anderson

Re: CVE request: sympa (try again) micah anderson (May 15)
Re: CVE request: sympa (try again) micah anderson (May 12)
CVE request: sympa micah anderson (May 11)

Michael de Raadt

Moodle security notifications public Michael de Raadt (May 22)

Michael Gilbert

CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert (May 18)
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert (May 21)
Re: Debian/Ubuntu php_crypt_revamped.patch Michael Gilbert (May 04)

Mike O'Connor

Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Mike O'Connor (May 04)

Miklos Vajna

Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Miklos Vajna (Apr 19)

Miloslav Trmac

Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac (May 24)

Moritz Muehlenhoff

Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
CVE-2011-3102 / libxml2 Moritz Muehlenhoff (May 21)
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff (May 11)
Re: Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Moritz Muehlenhoff (Apr 19)
CVE request: mahara Moritz Muehlenhoff (May 11)
Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Moritz Muehlenhoff (Apr 07)

Morris, Patrick

RE: GIMP FIT File Format DoS Morris, Patrick (Jun 29)

Nicob

Re: CVE request: Piwik before 1.7 Nicob (May 13)

Nico Golde

Re: CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
Re: CVE id request for links2 Nico Golde (Apr 11)
CVE id request for links2 Nico Golde (Apr 09)
CVE id request for imagemagick, libpng and tiff Nico Golde (Apr 09)
CVE id request: wicd Nico Golde (Apr 11)
gajim insecure file creation when using latex Nico Golde (Apr 09)

Nicolas Grégoire

Re: XXE in Zend Nicolas Grégoire (Jun 26)
CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)
XXE in Zend Nicolas Grégoire (Jun 26)
Re: CVE Request: XXE vulnerability in Restlet Nicolas Grégoire (May 29)

Oden Eriksson

Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Oden Eriksson (Jun 28)

Pavel Emelyanov

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 20)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov (Apr 19)

Peter van Dijk

Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk (May 25)

Petr Matousek

Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Petr Matousek (May 24)
Re: fix to CVE-2009-4307 Petr Matousek (Apr 11)
CVE request -- kernel: kvm: device assignment page leak Petr Matousek (Apr 19)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
CVE request -- libguestfs: virt-edit doesn't preserve file permissions Petr Matousek (Jun 11)
CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Petr Matousek (Jun 11)
CVE Request -- kernel: huge pages: memory leak on mmap failure Petr Matousek (May 23)
CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Petr Matousek (May 18)
CVE Request -- kernel: incomplete fix for CVE-2011-4131 Petr Matousek (May 18)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (May 09)
CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages Petr Matousek (Apr 19)

Pierre Joye

Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Pierre Joye (Jun 27)

pinto.elia () gmail com

R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com (Apr 20)

Rasmus Lerdorf

Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Rasmus Lerdorf (Jun 28)

Rich Felker

Stack-based buffer overflow in musl libc 0.8.7 and earlier Rich Felker (Apr 18)

Russell Bryant

[OSSA 2012-006] Horizon session fixation and reuse Russell Bryant (May 04)

Sean Amoss

CVE Request: gdk-pixbuf Integer overflow in XBM file loader Sean Amoss (May 15)

Sebastian Krahmer

Re: Automatic binary hardening with Autoconf Sebastian Krahmer (May 15)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
Re: connman heads up / CVE requests Sebastian Krahmer (May 08)
Re: connman heads up / CVE requests Sebastian Krahmer (May 07)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Apr 24)
connman heads up / CVE requests Sebastian Krahmer (May 07)
CVE-Request: hyper-v daemon Sebastian Krahmer (Jun 06)
Re: CVE id request: wicd Sebastian Krahmer (Apr 15)

Sergei Golubchik

Security vulnerability in MySQL/MariaDB sql/password.c Sergei Golubchik (Jun 09)

Simon McVittie

CVE-2012-3345: symlink attack in ioquake3 >= r1773, < r2253 Simon McVittie (Jun 14)

Solar Designer

Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
BIND: Handling of zero length rdata can cause named to terminate unexpectedly Solar Designer (Jun 05)
Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
Re: CVE Request for Drupal contributed modules Solar Designer (Jun 04)
Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 07)
Re: Debian/Ubuntu php_crypt_revamped.patch Solar Designer (May 04)
Re: linux-distros unsubscriptions Solar Designer (May 29)
Debian/Ubuntu php_crypt_revamped.patch Solar Designer (May 04)
Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port Solar Designer (May 10)
libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Solar Designer (Apr 07)
Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer (May 09)
OpenSSL invalid TLS/DTLS record attack (CVE-2012-2333) Solar Designer (May 10)
Re: CVE Request: powerdns does not clear supplementary groups Solar Designer (May 24)
sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Solar Designer (May 18)
OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 20)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
Xen vulnerability disclosure process, recent timeline Solar Designer (Jun 25)
PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Solar Designer (May 04)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 22)
Using FreeBSD Capsicum for program and library sandboxing Solar Designer (May 14)
Automatic binary hardening with Autoconf Solar Designer (May 14)
bug in OpenSSL's CVE-2012-0884 fix Solar Designer (May 10)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (May 01)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer (Apr 24)
Re: ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Solar Designer (May 12)

Stefan Behte

Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Stefan Behte (Jun 02)

Stefan Cornelius

CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 Stefan Cornelius (Apr 20)
CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius (Apr 13)
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Stefan Cornelius (Jun 15)
CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259 Stefan Cornelius (Apr 04)
CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port Stefan Cornelius (May 09)

Steffen Dettmer

Re: Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Steffen Dettmer (Apr 04)

Steve Beattie

Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Steve Beattie (May 04)

Steve Grubb

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (May 02)
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
Re: Automatic binary hardening with Autoconf Steve Grubb (May 15)
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)
Re: Automatic binary hardening with Autoconf Steve Grubb (May 15)
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb (May 24)

Steve Kemp

CVE request: Bytemark Symbiosis Steve Kemp (May 14)

Steven M. Christey

Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Steven M. Christey (Jun 19)
Re: CVE Request for Drupal contributed modules Steven M. Christey (Jun 27)

Steve Schnepp

Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp (Apr 27)

Stuart Henderson

Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Stuart Henderson (Jun 28)

Tavis Ormandy

please verify unusual x.509 constraints are handled Tavis Ormandy (Jun 27)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy (Apr 24)

Tiago Natel de Moura

CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF) Tiago Natel de Moura (May 24)

Tim

Re: please verify unusual x.509 constraints are handled Tim (Jun 27)

Timo Warns

CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Timo Warns (May 07)

Tomas Hoger

Fw: [vs] RPM issues Tomas Hoger (Apr 03)
Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 30)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 27)
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger (Jun 18)
Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger (May 31)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger (Apr 24)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Tomas Hoger (May 09)

Tom Lane

Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Tom Lane (Apr 04)

Vincent Danen

Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen (Apr 30)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (May 02)
CVE request: XSS in uselang http parameter (mediawiki) Vincent Danen (Jun 13)
CVE request: haproxy trash buffer overflow flaw Vincent Danen (May 23)
CVE request: arbitrary code exec in bcfg2 Vincent Danen (Jun 27)
accountsservice local file disclosure flaw (CVE-2012-2737) Vincent Danen (Jun 28)
CVE-2011-2906 should have been rejected (kernel non-security issue) Vincent Danen (May 24)
weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (Apr 27)
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Vincent Danen (May 09)
CVE request: privilege escalation in sectool Vincent Danen (Apr 03)
CVE request: two flaws fixed in rubygem-mail 2.4.4 Vincent Danen (Apr 25)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen (Apr 30)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen (May 02)
CVE request: openldap does not honor TLSCipherSuite configuration option Vincent Danen (Jun 05)

Xen . org security team

Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Xen . org security team (Jun 12)
Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS Xen . org security team (Jun 12)
Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation Xen . org security team (Jun 12)

Xin Li

CVE Request: programming error in crypt(3) Xin Li (Apr 26)
Re: CVE Request: programming error in crypt(3) Xin Li (Apr 26)

Xi Wang

Re: fix to CVE-2009-4307 Xi Wang (Apr 03)
Re: fix to CVE-2009-4307 Xi Wang (Jun 04)
memory allocator upstream patches Xi Wang (Jun 04)
Re: fix to CVE-2009-4307 Xi Wang (Apr 11)

YGN Ethical Hacker Group

Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 15)
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access YGN Ethical Hacker Group (May 20)
Acuity CMS 2.6.x <= Arbitrary File Upload YGN Ethical Hacker Group (May 20)
Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group (Apr 17)
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Apr 15)

Yves-Alexis Perez

Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez (Apr 08)
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Yves-Alexis Perez (Jun 14)

Zeev Suraski

RE: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Zeev Suraski (Jun 28)

Previous period

Next period