oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

549 messages starting Oct 23 12 and ending Nov 10 12
Date index | Thread index | Author index

Agostino Sarubbo

Wrong affected version in the CVE-2012-4511 Agostino Sarubbo (Oct 23)

akuster

Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 09)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)

Amos Benari

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari (Dec 20)

Andrea Barisani

[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 23)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani (Nov 27)

Andreas Ericsson

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson (Dec 13)

Andres Gomez

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez (Oct 29)

Andrés Gómez Ramírez

CVE Request: Gimp memory corruption vulnerability Andrés Gómez Ramírez (Nov 21)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)
CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez (Oct 29)

Angie Byron

Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)
Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron (Oct 29)

Attila Bogár

Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Attila Bogár (Nov 22)

Breno Silva

Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Breno Silva (Oct 18)

Caolán McNamara

Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Caolán McNamara (Nov 02)

Chris Coulson

CVE request: use-after-free in libunity-webapps Chris Coulson (Oct 28)

Christey, Steven M.

RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Christey, Steven M. (Nov 09)
RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Christey, Steven M. (Nov 05)
RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Christey, Steven M. (Oct 30)

Colomban Wendling

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Colomban Wendling (Dec 13)

cve-assign

Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure cve-assign (Nov 16)
Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings cve-assign (Nov 12)
CVE-2012-5377 through CVE-2012-5383: Windows PATH issues affecting some open-source products cve-assign (Oct 11)
VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855 cve-assign (Nov 12)
HT Editor 2.0.20 buffer overflows CVE-2012-5867 cve-assign (Nov 14)
Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
Re: CVE request: mantis before 1.2.12 cve-assign (Nov 15)
VLC 2.0.3 libpng_plugin CVE-2012-5470 cve-assign (Oct 24)
CVE-2012-6307 JPEGsnoop Write Access Violation with JPEG file cve-assign (Dec 10)
Re: CVE Request: QT CRIME vulnerability cve-assign (Oct 08)
CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues cve-assign (Dec 13)
CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows cve-assign (Dec 10)
Re: Fwd: IPv6 DOS vulnerabilities cve-assign (Oct 10)
Re: CVE request: perl-modules cve-assign (Dec 12)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix cve-assign (Nov 09)
Dokeos 2.1.1 XSS CVE-2012-5776 cve-assign (Nov 02)
CVE-2012-6309 Arctic Torrent crash with .torrent file cve-assign (Dec 10)
CVE-2012-6306 HCView Write Access Violation with GIF file cve-assign (Dec 10)
CVE-2012-6302 Soapbox 0.3.1 sandbox bypass cve-assign (Dec 10)

Daniel Kahn Gillmor

Re: Remote file inclusion by office applications Daniel Kahn Gillmor (Dec 13)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor (Oct 16)

David Black

Re: TTY handling when executing code in different lower-privileged context (su, virt containers) David Black (Nov 06)

David Holland

Re: Isearch insecure temporary files David Holland (Dec 21)
Isearch insecure temporary files David Holland (Dec 21)

David Jorm

Re: CVE Request -- axis2, axis2c David Jorm (Nov 06)
CVE Request: slowloris for tomcat David Jorm (Nov 25)
CVE request: XSS is Google Web Toolkit (GWT) David Jorm (Oct 29)

Derek Martin

Re: rssh: incorrect filtering of command line options Derek Martin (Nov 27)

Eitan Adler

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Eitan Adler (Dec 12)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler (Oct 17)
Re: Medium severity flaw with Perl 5 Eitan Adler (Oct 27)
CVE Request: gitolite path traversal vulnerability Eitan Adler (Oct 09)

Emanuele

Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Emanuele (Dec 31)

Fabian Keil

Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil (Oct 17)
Re: CVE request: Curl insecure usage Fabian Keil (Nov 29)

Florian Weimer

Re: operator new[] overflow checking in G++ Florian Weimer (Nov 05)
Re: Remote file inclusion by office applications Florian Weimer (Dec 14)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
Re: Robust XML validation Florian Weimer (Dec 14)
Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 14)
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 19)
Re: Gajim fails to handle invalid certificates Florian Weimer (Nov 23)
Plug-and-wipe and Secure Boot semantics Florian Weimer (Dec 18)
Robust XML validation Florian Weimer (Dec 12)
CVE request: TYPO3-CORE-SA-2012-005 Florian Weimer (Nov 10)

Forest Monsen

Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 26)
Re: CVE Request for Drupal Contributed Modules Forest Monsen (Nov 20)
CVE Request for Drupal Contributed Modules Forest Monsen (Nov 17)
CVE request for Drupal contributed modules Forest Monsen (Nov 28)
CVE request for Drupal core, and contributed modules Forest Monsen (Dec 19)

Frank Lanitz

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Frank Lanitz (Dec 12)

Frédéric Basse

Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 20)
[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse (Dec 19)

Gary Driggs

Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Gary Driggs (Oct 21)

George Kargiotakis

Linux kernel handling of IPv6 temporary addresses George Kargiotakis (Nov 14)

Greg KH

Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)
Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 19)
Re: Linux kernel handling of IPv6 temporary addresses Greg KH (Nov 14)
Re: Plug-and-wipe and Secure Boot semantics Greg KH (Dec 18)

Greg Knaddison

Re: CVE Request for Drupal Contributed Modules Greg Knaddison (Nov 05)
Re: CVE request: Drupal SA-CORE-2012-003 Greg Knaddison (Oct 29)
Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)

Guido Berhoerster

Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Guido Berhoerster (Nov 19)
Re: Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster (Nov 14)

halfdog

Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)
TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 05)
Re: Re: CVE for Virtualbox 0x8 DoS? halfdog (Oct 18)
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog (Nov 06)

Hanno Böck

CVE request: XSS in piwik before 1.9 Hanno Böck (Oct 21)
CVE request (maybe): magento before 1.7.0.2 Hanno Böck (Dec 31)
Re: CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
Re: CVE request: opus codec before 1.0.2 Hanno Böck (Dec 13)
CVE request: mantis before 1.2.12 Hanno Böck (Nov 13)
CVE request: awstats before 7.1 awredir.pl vulnerability Hanno Böck (Oct 25)
CVE request: opus codec before 1.0.2 Hanno Böck (Dec 11)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Hanno Böck (Dec 31)

Henri Salo

Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 09)
Re: Isearch insecure temporary files Henri Salo (Dec 30)
Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Henri Salo (Dec 31)
CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo (Oct 07)
CVE-request for piwigo issues (second request) Henri Salo (Oct 06)
Re: Request for linux-distros () vs openwall org membership Henri Salo (Nov 05)
Re: CVE request: thttpd: Denial of Service (App. crash, local) Henri Salo (Dec 12)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
CVE request: Zenphoto admin-news-articles.php date parameter XSS Henri Salo (Oct 11)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo (Oct 18)
Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)

Huzaifa Sidhpurwala

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala (Dec 02)
libtiff: Stack based buffer overflow when handling DOTRANGE tags Huzaifa Sidhpurwala (Nov 27)
CVE Request: Charybdis and ircd-ratbox remote crash flaw Huzaifa Sidhpurwala (Dec 31)
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Huzaifa Sidhpurwala (Nov 02)
CVE Request - Multiple security fixes in freetype - 2.4.11 Huzaifa Sidhpurwala (Dec 24)
CVE Rejection: CVE-2012-5239 - Wireshark DRDA dissector infinite loop Huzaifa Sidhpurwala (Oct 03)
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers Huzaifa Sidhpurwala (Nov 05)
CVE request: Mysql/Mariadb insecure salt-usage Huzaifa Sidhpurwala (Dec 04)

Ignatios Souvatzis

CVE id request: xlockmore vulnerability: local access Ignatios Souvatzis (Oct 17)

Jamie Strandboge

CVE request: perl-modules Jamie Strandboge (Dec 11)
CVE Request: owncloud Jamie Strandboge (Nov 30)

Jan Lieskovsky

CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Jan Lieskovsky (Dec 03)
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky (Nov 23)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Jan Lieskovsky (Nov 27)
CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Oct 18)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 13)
CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Jan Lieskovsky (Nov 15)
CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky (Nov 14)
CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Jan Lieskovsky (Oct 05)
CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky (Nov 13)
Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky (Dec 12)
CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky (Nov 10)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Jan Lieskovsky (Nov 06)
CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Jan Lieskovsky (Nov 02)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky (Dec 19)
CVE Request -- librdmacm (one issue) / ibacm (two issues) Jan Lieskovsky (Oct 11)
CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Jan Lieskovsky (Nov 07)
CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Jan Lieskovsky (Oct 03)
CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Jan Lieskovsky (Nov 23)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky (Nov 20)
CVE Request -- android-tools (server): Insecure temporary file used for logging Jan Lieskovsky (Nov 23)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky (Nov 10)
Due to Nagios (core) 3.4.3 history.cgi crash (fulldisclosure/2012/Dec/107 post) Jan Lieskovsky (Dec 12)
Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky (Nov 14)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Jan Lieskovsky (Oct 18)
CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings Jan Lieskovsky (Nov 10)
CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Jan Lieskovsky (Dec 04)
CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Jan Lieskovsky (Dec 17)
CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky (Nov 29)
CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky (Dec 18)
CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Jan Lieskovsky (Nov 26)
CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Jan Lieskovsky (Nov 26)

Jason A. Donenfeld

CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 28)
Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld (Dec 29)
Fwd: [ANNOUNCE] CGIT v0.9.1 Released Jason A. Donenfeld (Nov 14)
CVE Request: cgit command injection Jason A. Donenfeld (Oct 27)

Jérôme Benoit

Claws-mail security issue in message processing Jérôme Benoit (Oct 09)
CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Jérôme Benoit (Oct 09)

John Haxby

Re: Request for linux-distros () vs openwall org membership John Haxby (Nov 06)

Josh Bressers

Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
Re: password hashing Josh Bressers (Oct 10)
Re: password hashing Josh Bressers (Oct 08)
Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
Strange CVE situation (at least one ID should come of this) Josh Bressers (Oct 26)

Joshua Brauer

CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 04)
Re: CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)
CVE Request for Drupal Contributed Modules Joshua Brauer (Oct 03)

Kees Cook

Linux kernel stack memory content leak via UNAME26 Kees Cook (Oct 09)

king cope

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope (Dec 03)

Kurt Seifried

Re: CVE request: Jenkins Kurt Seifried (Dec 27)
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Kurt Seifried (Dec 31)
Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Kurt Seifried (Nov 26)
Re: CVE Request: gitolite path traversal vulnerability Kurt Seifried (Oct 09)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 05)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Dec 03)
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 29)
Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
Re: CVE request: ownCloud Kurt Seifried (Dec 21)
Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Kurt Seifried (Nov 10)
Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 09)
Re: CVE Request: Ruby safe level bypasses Kurt Seifried (Oct 03)
Re: CVE Request -- android-tools (server): Insecure temporary file used for logging Kurt Seifried (Nov 23)
Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Kurt Seifried (Dec 03)
Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS Kurt Seifried (Oct 11)
Re: CVE Request: Charybdis and ircd-ratbox remote crash flaw Kurt Seifried (Dec 31)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 19)
Re: CVE Request: owncloud Kurt Seifried (Nov 30)
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried (Dec 04)
Re: CVE Request: cgit command injection Kurt Seifried (Oct 27)
Re: CVE request: Mysql/Mariadb insecure salt-usage Kurt Seifried (Dec 06)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Kurt Seifried (Dec 29)
Re: CVE request: perl-modules Kurt Seifried (Dec 11)
Re: About CVE-2012-5645 Kurt Seifried (Dec 29)
Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() Kurt Seifried (Oct 19)
Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 11)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
CVE for tog-pegasus Hash DoS issue from 2011 Kurt Seifried (Dec 13)
Django 1.3.5, Django 1.4.3, and Django 1.5 beta 2 Security Update Kurt Seifried (Dec 17)
Re: Vulnerabilities in Oki CUPS printer drivers Kurt Seifried (Nov 14)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
Re: CVE request: piwigo XSS in password.php Kurt Seifried (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
Re: CVE request: sSMTP doesn't validate server certificates Kurt Seifried (Oct 11)
Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Kurt Seifried (Dec 19)
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Kurt Seifried (Nov 02)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Kurt Seifried (Oct 05)
Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Kurt Seifried (Dec 17)
Re: CVE request: TYPO3-CORE-SA-2012-005 Kurt Seifried (Nov 10)
Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Kurt Seifried (Nov 23)
Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried (Nov 29)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
2012 close out/cleanup Kurt Seifried (Dec 29)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 13)
Re: CVE request: MoinMoin Wiki (path traversal vulnerability) Kurt Seifried (Dec 29)
Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Kurt Seifried (Nov 23)
Re: CVE Request: Django Kurt Seifried (Oct 29)
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Oct 02)
Re: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 29)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 03)
Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 06)
Re: CVE request: MoinMoin Wiki (XSS in rss link) Kurt Seifried (Dec 29)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 17)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 26)
Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Kurt Seifried (Oct 03)
Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Kurt Seifried (Nov 02)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
Re: CVE Request: Gimp memory corruption vulnerability Kurt Seifried (Nov 26)
Re: CVE-request for piwigo issues (second request) Kurt Seifried (Oct 18)
Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Kurt Seifried (Dec 29)
Re: CVE Request: grep Kurt Seifried (Dec 21)
Re: CVE request: Curl insecure usage Kurt Seifried (Dec 27)
Re: CVE request for Ushahidi security vulnerability 2012-008 Kurt Seifried (Dec 03)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried (Oct 25)
Re: CVE request: libsocialweb untrusted connection to flickr Kurt Seifried (Oct 10)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Kurt Seifried (Nov 28)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried (Oct 29)
Re: CVE request: TSK misrepresents "." files on FAT filesystems Kurt Seifried (Dec 03)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 22)
Re: Isearch insecure temporary files Kurt Seifried (Dec 21)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried (Oct 18)
Re: CVE request: libproxy issue Kurt Seifried (Nov 27)
Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Kurt Seifried (Oct 09)
Re: CVE Request: Python keyring Kurt Seifried (Oct 31)
Re: CVE request for Drupal contributed modules Kurt Seifried (Nov 28)
Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 01)
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried (Oct 29)
Re: CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Kurt Seifried (Nov 26)
Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 05)
Re: Remote file inclusion by office applications Kurt Seifried (Dec 13)
Re: CVE request: use-after-free in libunity-webapps Kurt Seifried (Oct 29)
Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 17)
Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Kurt Seifried (Nov 19)
Re: CVE Request -- librdmacm (one issue) / ibacm (two issues) Kurt Seifried (Oct 11)
Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried (Oct 31)
Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Kurt Seifried (Oct 03)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 29)
Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Kurt Seifried (Dec 17)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 06)
Re: Privilege escalation (lpadmin -> root) in cups Kurt Seifried (Nov 10)
Re: CVE Request - Multiple security fixes in freetype - 2.4.11 Kurt Seifried (Dec 24)
Re: cgit: heap buffer overflow Kurt Seifried (Oct 03)
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried (Dec 28)
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried (Nov 09)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 26)
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried (Oct 23)
Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 20)
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried (Oct 30)
Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Kurt Seifried (Dec 04)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
Re: Gajim fails to handle invalid certificates Kurt Seifried (Nov 14)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 20)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Kurt Seifried (Dec 13)
Re: CVE request: opus codec before 1.0.2 Kurt Seifried (Dec 13)
Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Kurt Seifried (Nov 08)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried (Nov 04)
CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried (Oct 20)
Re: Isearch insecure temporary files Kurt Seifried (Dec 30)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 10)
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried (Oct 11)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried (Oct 17)
Re: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Kurt Seifried (Dec 18)
Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Kurt Seifried (Oct 18)
Re: CVE id request: xlockmore vulnerability: local access Kurt Seifried (Oct 17)
Re: Isearch insecure temporary files Kurt Seifried (Dec 29)
Re: CVE Request: html2ps Kurt Seifried (Oct 05)
Re: CVE request: thttpd: Denial of Service (App. crash, local) Kurt Seifried (Dec 14)
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried (Nov 14)
Re: CVE request for Drupal core, and contributed modules Kurt Seifried (Dec 19)
Re: CVE request: Curl insecure usage Kurt Seifried (Nov 28)
Re: About CVE-2012-5645 Kurt Seifried (Dec 30)
Re: CVE Request: QT CRIME vulnerability Kurt Seifried (Oct 02)
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried (Oct 19)
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Dec 10)
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried (Dec 18)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
Re: Re: CVE request: LetoDMS, more issues Kurt Seifried (Oct 31)
Re: CVE request --- acceptation of overlapping ipv6 fragments Kurt Seifried (Nov 09)
Re: tor DoS via SENDME cells Kurt Seifried (Nov 26)
Re: Plug-and-wipe and Secure Boot semantics Kurt Seifried (Dec 19)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 03)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Oct 06)
Re: CVE Request for Drupal Contributed Modules Kurt Seifried (Nov 25)
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried (Dec 04)
Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Kurt Seifried (Nov 15)
Re: pacemaker strcmp Kurt Seifried (Dec 14)
Re: CVE request -- vdsm: certificate generation upon node creation Kurt Seifried (Nov 10)
Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Kurt Seifried (Oct 31)
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried (Dec 31)
Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 25)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried (Oct 18)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried (Dec 02)
Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Kurt Seifried (Nov 14)
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried (Oct 18)
Re: Inkscape reads .eps files from /tmp instead of the current directory Kurt Seifried (Dec 29)

Kurt Seiifried

Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
Re: CVE request: mantis before 1.2.12 Kurt Seiifried (Nov 13)
Re: Gajim fails to handle invalid certificates Kurt Seiifried (Nov 13)
Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried (Nov 13)

Laurent Bigonville

CVE request: sSMTP doesn't validate server certificates Laurent Bigonville (Oct 10)

Ludwig Nussel

Re: Linux kernel handling of IPv6 temporary addresses Ludwig Nussel (Dec 05)

Lukas Reschke

CVE request: ownCloud Lukas Reschke (Dec 21)
Re: [security] [oss-security] CVE Request: owncloud Lukas Reschke (Nov 30)

Marc Deslauriers

Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
CVE Request: html2ps Marc Deslauriers (Oct 05)
CVE Request: Python keyring Marc Deslauriers (Nov 16)
CVE Request: Python keyring Marc Deslauriers (Oct 05)

Marc Heuse

Fwd: IPv6 DOS vulnerabilities Marc Heuse (Oct 10)

Marcus Meissner

Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Marcus Meissner (Nov 13)
Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Marcus Meissner (Nov 02)
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Marcus Meissner (Nov 06)

Marko Lindqvist

About CVE-2012-5645 Marko Lindqvist (Dec 21)
Re: About CVE-2012-5645 Marko Lindqvist (Dec 30)

Matthew Brush

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Matthew Brush (Dec 13)

Matthew Wilkes

Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 09)
Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes (Nov 07)

Matthias Andree

CVE-2012-5468: bogofilter-SA-2012-01 Matthias Andree (Dec 03)

Matthias Weckbecker

CVE request: libproxy issue Matthias Weckbecker (Nov 27)
CVE request: thttpd: Denial of Service (App. crash, local) Matthias Weckbecker (Dec 12)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 18)
Re: CVE Request: Python keyring Matthias Weckbecker (Nov 22)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker (Dec 04)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 16)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Matthias Weckbecker (Nov 22)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker (Oct 17)
CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Matthias Weckbecker (Oct 17)
Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)

Matthieu Aubry

Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 23)
Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry (Oct 22)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Nov 18)

Michael Gilbert

Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 17)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert (Oct 18)

Michael Tokarev

CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 19)
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev (Dec 29)

Michal Ambroz

Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz (Nov 14)

Moritz Muehlenhoff

CVE request: Jenkins Moritz Muehlenhoff (Dec 27)
CVE request: Drupal SA-CORE-2012-003 Moritz Muehlenhoff (Oct 29)
Re: CVE request: Curl insecure usage Moritz Muehlenhoff (Dec 26)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Moritz Muehlenhoff (Dec 04)
Re: CVE Request: html2ps Moritz Muehlenhoff (Oct 07)
CVE request: Curl insecure usage Moritz Muehlenhoff (Nov 26)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff (Oct 18)

Moritz Mühlenhoff

Re: CVE request: Curl insecure usage Moritz Mühlenhoff (Nov 29)
Re: CVE Request: Django Moritz Mühlenhoff (Oct 29)

Moritz Naumann

Re: Security issue in icecast Moritz Naumann (Nov 26)
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Moritz Naumann (Dec 31)

Mustapha Rabiu

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Mustapha Rabiu (Dec 31)

Nicolas Grégoire

CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire (Dec 17)

Paul Eggert

Re: CVE Request: grep Paul Eggert (Dec 21)

Peter Bex

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Peter Bex (Dec 13)

Petr Matousek

CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Petr Matousek (Nov 06)
CVE request -- vdsm: certificate generation upon node creation Petr Matousek (Nov 10)
CVE request --- acceptation of overlapping ipv6 fragments Petr Matousek (Nov 08)
CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 10)
CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Petr Matousek (Oct 31)
CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure Petr Matousek (Oct 24)
CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Petr Matousek (Oct 03)
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 13)

P J P

Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 20)
CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P (Oct 19)

Premchand Koneru

Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 05)
Re: Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 12)

Ralf Schlatterbeck

Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck (Nov 15)
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck (Nov 10)

Raphael Geissert

Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 17)
CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert (Oct 15)
Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 30)
Re: Strange CVE situation (at least one ID should come of this) Raphael Geissert (Oct 30)
Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
Re: CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert (Oct 30)
CVE request: LetoDMS, more issues Raphael Geissert (Oct 05)
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Oct 02)
CVE request: piwigo XSS in password.php Raphael Geissert (Oct 05)
Re: Re: CVE request: LetoDMS, more issues Raphael Geissert (Oct 31)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert (Oct 18)

Reed Loden

YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden (Nov 04)

Ricardo Mones

Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 28)
CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones (Nov 15)

Robbie Mackay

CVE request for Ushahidi security vulnerability 2012-008 Robbie Mackay (Nov 29)
Re: CVE request for Ushahidi Robbie MacKay (Oct 07)

Russell Bryant

[OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 07)
[OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 Russell Bryant (Nov 09)
Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant (Nov 08)

Salvatore Bonaccorso

Inkscape reads .eps files from /tmp instead of the current directory Salvatore Bonaccorso (Dec 29)

Sean Amoss

Re: Privilege escalation (lpadmin -> root) in cups Sean Amoss (Nov 13)
libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Sean Amoss (Oct 29)

Sebastian Krahmer

Re: CVE-2012-5532 hypervkvpd DoS Sebastian Krahmer (Nov 28)

Sergei Golubchik

Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik (Dec 05)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik (Dec 02)

Seth Arnold

CVE Request: grep Seth Arnold (Dec 21)
CVE Request: QT CRIME vulnerability Seth Arnold (Oct 02)
CVE Request: Django Seth Arnold (Oct 29)
Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
CVE Request -- axis2, axis2c Seth Arnold (Nov 06)

Simon .

pacemaker strcmp Simon . (Dec 13)

Simon McVittie

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie (Dec 13)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 18)
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie (Oct 17)

Solar Designer

Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 10)
password hashing Solar Designer (Oct 06)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Solar Designer (Oct 21)
CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Solar Designer (Oct 26)
Re: password hashing Solar Designer (Oct 09)
Re: CVE request: XSS in piwik before 1.9 Solar Designer (Oct 22)
Re: Fwd: IPv6 DOS vulnerabilities Solar Designer (Oct 10)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 14)

Stefan Bühler

lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler (Nov 21)

Steven M. Christey

Re: CVE request: Curl insecure usage Steven M. Christey (Nov 27)
Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Steven M. Christey (Nov 19)
Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Steven M. Christey (Dec 13)
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Steven M. Christey (Nov 27)
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Steven M. Christey (Dec 02)
Re: CVE Request for Drupal Contributed Modules Steven M. Christey (Oct 31)

Stuart Henderson

Re: CVE request: XSS in piwik before 1.9 Stuart Henderson (Oct 24)

Thierry Carrez

[OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625) Thierry Carrez (Dec 11)
[OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571) Thierry Carrez (Nov 28)
[OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563) Thierry Carrez (Nov 28)

Tilmann Haak

CVE request: MoinMoin Wiki (XSS in rss link) Tilmann Haak (Dec 29)
CVE request: MoinMoin Wiki (path traversal vulnerability) Tilmann Haak (Dec 29)
CVE request: MoinMoin Wiki (remote code execution vulnerability) Tilmann Haak (Dec 29)

Tim

Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim (Oct 17)
Re: Robust XML validation Tim (Dec 13)

Tim Brown

Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Tim Brown (Oct 10)
Medium risk security flaws in Konqueror Tim Brown (Oct 30)
Re: Remote file inclusion by office applications Tim Brown (Dec 13)
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown (Nov 13)
Security contact for scan-view component of clang Tim Brown (Oct 05)
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Tim Brown (Oct 21)
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Tim Brown (Oct 20)
Medium severity flaw with Perl 5 Tim Brown (Oct 26)

Timo Warns

[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation Timo Warns (Oct 08)
Re: Remote file inclusion by office applications Timo Warns (Dec 13)
Re: Robust XML validation Timo Warns (Dec 13)
Re: Robust XML validation Timo Warns (Dec 13)
Remote file inclusion by office applications Timo Warns (Dec 13)
CVE request: TSK misrepresents "." files on FAT filesystems Timo Warns (Dec 01)

Todd C. Miller

Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Todd C. Miller (Nov 06)

Tomas Hoger

IcedTea-Web CVE-2012-4540 Tomas Hoger (Nov 07)
Re: libproxy PAC downloading buffer overflows Tomas Hoger (Oct 16)
Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
libproxy PAC downloading buffer overflows Tomas Hoger (Oct 12)
Re: CVE request: libproxy issue Tomas Hoger (Nov 27)

Tyler Hicks

CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 02)
Re: CVE Request: Ruby safe level bypasses Tyler Hicks (Oct 03)

U.Nakamura

Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura (Oct 15)

Vincent Danen

Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 31)
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
tor DoS via SENDME cells Vincent Danen (Nov 26)
CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen (Oct 12)
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
CVE-2012-5532 hypervkvpd DoS Vincent Danen (Nov 27)
Re: CVE request: sSMTP doesn't validate server certificates Vincent Danen (Oct 11)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen (Nov 28)
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen (Oct 29)
CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Vincent Danen (Dec 17)
CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Vincent Danen (Nov 01)
CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Vincent Danen (Dec 19)
CVE-2012-5617: gksu-polkit privileged code execution with unprivileged credentials Vincent Danen (Dec 12)
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 04)
CVE-2012-3504: insecure temporary file usage in genkey perl script Vincent Danen (Oct 02)
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
CVE request: libsocialweb untrusted connection to flickr Vincent Danen (Oct 10)
CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen (Dec 03)
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Vincent Danen (Oct 29)
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
libssh 0.5.3 release fixes multiple security issues Vincent Danen (Nov 20)

Vincent Untz

Security flaw in cups-pk-helper (CVE-2012-4510) Vincent Untz (Oct 12)

vladz

Re: TTY handling when executing code in different lower-privileged context (su, virt containers) vladz (Nov 06)

Xen . org security team

Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability Xen . org security team (Dec 03)
Xen Security Advisory 25 (CVE-2012-4544,CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Nov 13)
Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory Xen . org security team (Dec 03)
Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs Xen . org security team (Dec 03)
Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak Xen . org security team (Dec 03)
Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values Xen . org security team (Dec 03)
Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Xen . org security team (Dec 03)
Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand() Xen . org security team (Dec 03)
Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability Xen . org security team (Nov 13)
Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team (Oct 26)

y33t

Gajim fails to handle invalid certificates y33t (Nov 11)

YGN Ethical Hacker Group

SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 14)
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Oct 14)
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection YGN Ethical Hacker Group (Oct 19)

Yves-Alexis Perez

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez (Dec 02)
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez (Nov 27)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 11)
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez (Nov 10)

Previous period

Next period