oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

549 messages starting Oct 02 12 and ending Dec 31 12
Date index | Thread index | Author index

Tuesday, 02 October

Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried
CVE-2012-3504: insecure temporary file usage in genkey perl script Vincent Danen
CVE Request: Ruby safe level bypasses Tyler Hicks
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
CVE Request: QT CRIME vulnerability Seth Arnold
Re: CVE Request: QT CRIME vulnerability Kurt Seifried

Wednesday, 03 October

CVE Rejection: CVE-2012-5239 - Wireshark DRDA dissector infinite loop Huzaifa Sidhpurwala
CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Jan Lieskovsky
Re: CVE Request (minor) -- mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files Kurt Seifried
Re: CVE Request: Ruby safe level bypasses Kurt Seifried
Re: cgit: heap buffer overflow Kurt Seifried
Re: CVE Request: Ruby safe level bypasses Tyler Hicks
Re: CVE Request: Ruby safe level bypasses Kurt Seifried
CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Petr Matousek
CVE Request for Drupal Contributed Modules Joshua Brauer
Re: CVE Request -- kernel: compat: SIOCGSTAMP/SIOCGSTAMPNS incorrect order of arguments to compat_put_time[val|spec] Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Joshua Brauer
Re: CVE Request for Drupal Contributed Modules Kurt Seifried

Thursday, 04 October

CVE Request for Drupal Contributed Modules Joshua Brauer

Friday, 05 October

CVE Request: html2ps Marc Deslauriers
CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Jan Lieskovsky
Security contact for scan-view component of clang Tim Brown
Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Kurt Seifried
Re: CVE Request: html2ps Kurt Seifried
CVE Request: Python keyring Marc Deslauriers
CVE request: LetoDMS, more issues Raphael Geissert
CVE request: piwigo XSS in password.php Raphael Geissert

Saturday, 06 October

CVE-request for piwigo issues (second request) Henri Salo
password hashing Solar Designer
Re: CVE Request for Drupal Contributed Modules Kurt Seifried

Sunday, 07 October

Re: CVE Request: html2ps Moritz Muehlenhoff
CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo
Re: CVE request for Ushahidi Robbie MacKay

Monday, 08 October

Re: password hashing Josh Bressers
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation Timo Warns
Re: CVE Request: QT CRIME vulnerability cve-assign

Tuesday, 09 October

Claws-mail security issue in message processing Jérôme Benoit
Re: password hashing Solar Designer
CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Jérôme Benoit
Linux kernel stack memory content leak via UNAME26 Kees Cook
CVE Request: gitolite path traversal vulnerability Eitan Adler
Re: CVE Request: gitolite path traversal vulnerability Kurt Seifried
Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content. Kurt Seifried
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Henri Salo

Wednesday, 10 October

CVE request: sSMTP doesn't validate server certificates Laurent Bigonville
Re: password hashing Josh Bressers
Fwd: IPv6 DOS vulnerabilities Marc Heuse
Re: Fwd: IPv6 DOS vulnerabilities Solar Designer
CVE request: libsocialweb untrusted connection to flickr Vincent Danen
Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Tim Brown
Re: Fwd: IPv6 DOS vulnerabilities cve-assign
Re: CVE request: libsocialweb untrusted connection to flickr Kurt Seifried
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried

Thursday, 11 October

CVE-2012-5377 through CVE-2012-5383: Windows PATH issues affecting some open-source products cve-assign
CVE request: Zenphoto admin-news-articles.php date parameter XSS Henri Salo
Re: CVE request: sSMTP doesn't validate server certificates Vincent Danen
CVE Request -- librdmacm (one issue) / ibacm (two issues) Jan Lieskovsky
Re: CVE request: sSMTP doesn't validate server certificates Kurt Seifried
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried
Re: CVE Request -- librdmacm (one issue) / ibacm (two issues) Kurt Seifried
Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS Kurt Seifried
Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected) Kurt Seifried

Friday, 12 October

libproxy PAC downloading buffer overflows Tomas Hoger
Security flaw in cups-pk-helper (CVE-2012-4510) Vincent Untz
Re: libproxy PAC downloading buffer overflows Kurt Seifried
Re: libproxy PAC downloading buffer overflows Matthias Weckbecker
Re: libproxy PAC downloading buffer overflows Kurt Seifried
CVE request: ruby file creation due in insertion of illegal NUL character Vincent Danen

Saturday, 13 October

Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried

Sunday, 14 October

SilverStripe CMS 2.4.7 <= Arbitrary URL Redirection YGN Ethical Hacker Group
SilverStripe CMS 2.4.7 <= Persistent Cross Site Scripting Vulnerability YGN Ethical Hacker Group

Monday, 15 October

CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Raphael Geissert
Re: CVE request: ruby file creation due in insertion of illegal NUL character U.Nakamura

Tuesday, 16 October

Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker
Re: libproxy PAC downloading buffer overflows Tomas Hoger
Re: CVE request: ruby file creation due in insertion of illegal NUL character Daniel Kahn Gillmor

Wednesday, 17 October

CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Matthias Weckbecker
Re: CVE request: ruby file creation due in insertion of illegal NUL character Fabian Keil
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie
Re: CVE request: ruby file creation due in insertion of illegal NUL character Eitan Adler
CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert
Re: CVE request: ruby file creation due in insertion of illegal NUL character Tim
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie
CVE id request: xlockmore vulnerability: local access Ignatios Souvatzis
Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried
Re: CVE id request: xlockmore vulnerability: local access Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert
Re: CVE request: ruby file creation due in insertion of illegal NUL character Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried

Thursday, 18 October

Re: CVE request: piwigo XSS in password.php Kurt Seifried
Re: CVE-request for piwigo issues (second request) Kurt Seifried
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Jan Lieskovsky
Re: CVE request: ruby file creation due in insertion of illegal NUL character Matthias Weckbecker
CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky
Re: CVE request: ruby file creation due in insertion of illegal NUL character Simon McVittie
Re: Re: CVE for Virtualbox 0x8 DoS? halfdog
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Kurt Seifried
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Breno Silva
Re: CVE request: Fwd: [Full-disclosure] SEC Consult SA-20121017-0 :: ModSecurity multipart/invalid part ruleset bypass Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Kurt Seifried
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Michael Gilbert
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Henri Salo
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Moritz Muehlenhoff
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert

Friday, 19 October

CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P
Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() Kurt Seifried
Re: CVE request: Joomla two XSS vulnerabilities fixed in 2.5.7 Kurt Seifried
F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection YGN Ethical Hacker Group

Saturday, 20 October

Re: CVE Request -- kernel stack disclosure in binfmt_script load_script() P J P
Re: CVE-2012-2248: isc-dhcp, Debian-specific: build path included in PATH Tim Brown
CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried
Re: CVE Request: viewvc 1.1.5 lib/viewvc.py XSS Kurt Seifried

Sunday, 21 October

Re: [Full-disclosure] F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Gary Driggs
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Tim Brown
Re: F5 FirePass SSL VPN 4xxx Series | Arbitrary URL Redirection Solar Designer
CVE request: XSS in piwik before 1.9 Hanno Böck

Monday, 22 October

Re: CVE request: XSS in piwik before 1.9 Kurt Seifried
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried
Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry
Re: Re: CVE request: XSS in piwik before 1.9 Kurt Seifried
Re: CVE request: XSS in piwik before 1.9 Solar Designer

Tuesday, 23 October

Wrong affected version in the CVE-2012-4511 Agostino Sarubbo
Re: CVE request: XSS in piwik before 1.9 Matthieu Aubry
Re: CVE request: XSS in piwik before 1.9 Kurt Seifried

Wednesday, 24 October

Re: CVE request: XSS in piwik before 1.9 Stuart Henderson
VLC 2.0.3 libpng_plugin CVE-2012-5470 cve-assign
CVE-2012-4508 -- kernel: ext4: AIO vs fallocate stale data exposure Petr Matousek

Thursday, 25 October

CVE request: awstats before 7.1 awredir.pl vulnerability Hanno Böck
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Kurt Seifried

Friday, 26 October

Medium severity flaw with Perl 5 Tim Brown
Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team
Strange CVE situation (at least one ID should come of this) Josh Bressers
CVE-2012-5671: Exim <= 4.80 DKIM heap-based buffer overflow Solar Designer

Saturday, 27 October

Re: Medium severity flaw with Perl 5 Eitan Adler
CVE Request: cgit command injection Jason A. Donenfeld
Re: CVE Request: cgit command injection Kurt Seifried

Sunday, 28 October

CVE request: use-after-free in libunity-webapps Chris Coulson

Monday, 29 October

CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andres Gomez
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried
Re: CVE request: use-after-free in libunity-webapps Kurt Seifried
CVE request: Drupal SA-CORE-2012-003 Moritz Muehlenhoff
VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Sean Amoss
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried
Re: CVE request: awstats before 7.1 awredir.pl vulnerability Vincent Danen
CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Kurt Seifried
Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron
Re: CVE request: Drupal SA-CORE-2012-003 Angie Byron
Re: CVE request: Drupal SA-CORE-2012-003 Greg Knaddison
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen
Re: Strange CVE situation (at least one ID should come of this) Seth Arnold
CVE Request: Django Seth Arnold
Re: CVE Request: Django Moritz Mühlenhoff
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Andrés Gómez Ramírez
CVE request: XSS is Google Web Toolkit (GWT) David Jorm
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried
Re: CVE Request: Django Kurt Seifried
Re: CVE request: Drupal SA-CORE-2012-003 Kurt Seifried

Tuesday, 30 October

Medium risk security flaws in Konqueror Tim Brown
Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey
Re: Strange CVE situation (at least one ID should come of this) Henri Salo
RE: VideoLAN TiVo Demuxer Duplicate CVEs (CVE-2011-5231 and CVE-2012-0023) Christey, Steven M.
Re: Strange CVE situation (at least one ID should come of this) Raphael Geissert
Re: CVE Request: Python keyring Raphael Geissert
Re: CVE request: LetoDMS, more issues Raphael Geissert
Re: CVE request: radsecproxy incorrect x.509 certificate validation Raphael Geissert
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried
libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss
Re: CVE request: XSS is Google Web Toolkit (GWT) Kurt Seifried

Wednesday, 31 October

Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison
Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey
CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Petr Matousek
Re: CVE Request -- kernel: net: divide by zero in tcp algorithm illinois Kurt Seifried
Re: Re: CVE request: radsecproxy incorrect x.509 certificate validation Kurt Seifried
Re: Re: CVE request: LetoDMS, more issues Kurt Seifried
Re: CVE Request: Python keyring Kurt Seifried
Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow Vincent Danen
Re: Re: CVE request: LetoDMS, more issues Raphael Geissert
Re: CVE Request for Drupal Contributed Modules Steven M. Christey

Thursday, 01 November

CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Vincent Danen

Friday, 02 November

Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Marcus Meissner
Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org Caolán McNamara
libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Huzaifa Sidhpurwala
CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Jan Lieskovsky
Re: Strange CVE situation (at least one ID should come of this) Josh Bressers
Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey
Re: libtiff: Missing return value check in ppm2tiff leading to heap-buffer overflow when reading a tiff file Kurt Seifried
Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name Kurt Seifried
Re: Strange CVE situation (at least one ID should come of this) cve-assign
Dokeos 2.1.1 XSS CVE-2012-5776 cve-assign

Sunday, 04 November

YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Reed Loden

Monday, 05 November

Request for linux-distros () vs openwall org membership Premchand Koneru
Re: CVE Request for Drupal Contributed Modules Greg Knaddison
Re: operator new[] overflow checking in G++ Florian Weimer
Re: Request for linux-distros () vs openwall org membership Henri Salo
Re: Request for linux-distros () vs openwall org membership Kurt Seifried
TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried
RE: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Christey, Steven M.
gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers Huzaifa Sidhpurwala

Tuesday, 06 November

Re: Request for linux-distros () vs openwall org membership Tomas Hoger
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) vladz
Re: Request for linux-distros () vs openwall org membership akuster
Re: Request for linux-distros () vs openwall org membership John Haxby
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) David Black
Re: Request for linux-distros () vs openwall org membership Tomas Hoger
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Marcus Meissner
Re: Request for linux-distros () vs openwall org membership akuster
Re: Request for linux-distros () vs openwall org membership akuster
Re: Re: TTY handling when executing code in different lower-privileged context (su, virt containers) Todd C. Miller
Re: Request for linux-distros () vs openwall org membership akuster
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Jan Lieskovsky
CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set Petr Matousek
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog
Re: TTY handling when executing code in different lower-privileged context (su, virt containers) halfdog
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure Kurt Seifried
Re: Request for linux-distros () vs openwall org membership Kurt Seifried
CVE Request -- axis2, axis2c Seth Arnold
Re: CVE Request -- axis2, axis2c David Jorm

Wednesday, 07 November

CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Jan Lieskovsky
Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes
IcedTea-Web CVE-2012-4540 Tomas Hoger
[OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant

Thursday, 08 November

CVE request --- acceptation of overlapping ipv6 fragments Petr Matousek
Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Russell Bryant
Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573) Kurt Seifried

Friday, 09 November

Re: CVE request --- acceptation of overlapping ipv6 fragments Kurt Seifried
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried
Re: Request for linux-distros () vs openwall org membership akuster
[OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1 Russell Bryant
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix cve-assign
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Matthew Wilkes
RE: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Christey, Steven M.
Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix Kurt Seifried

Saturday, 10 November

CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Jan Lieskovsky
CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings Jan Lieskovsky
Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez
Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez
Re: Request for linux-distros () vs openwall org membership Solar Designer
CVE request: TYPO3-CORE-SA-2012-005 Florian Weimer
CVE request -- vdsm: certificate generation upon node creation Petr Matousek
CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek
Re: CVE request: TYPO3-CORE-SA-2012-005 Kurt Seifried
Re: Privilege escalation (lpadmin -> root) in cups Kurt Seifried
Re: CVE request -- vdsm: certificate generation upon node creation Kurt Seifried
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Kurt Seifried

Sunday, 11 November

Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez
Gajim fails to handle invalid certificates y33t
Re: Privilege escalation (lpadmin -> root) in cups Yves-Alexis Perez

Monday, 12 November

Re: Request for linux-distros () vs openwall org membership Premchand Koneru
Re: CVE Request -- WeeChat (prior to 0.3.9.1): Heap-based buffer overflow when decoding IRC colors in strings cve-assign
VLC 2.0.4 SHAddToRecentDocs CVE-2012-5855 cve-assign

Tuesday, 13 November

Xen Security Advisory 20 (CVE-2012-4535) - Timer overflow DoS vulnerability Xen . org security team
Xen Security Advisory 21 (CVE-2012-4536) - pirq range check DoS vulnerability Xen . org security team
Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability Xen . org security team
Xen Security Advisory 24 (CVE-2012-4539) - Grant table hypercall infinite loop DoS vulnerability Xen . org security team
Xen Security Advisory 25 (CVE-2012-4544,CVE-2012-2625) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk Xen . org security team
Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability Xen . org security team
CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Jan Lieskovsky
CVE request: mantis before 1.2.12 Hanno Böck
[OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Marcus Meissner
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek
Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Tim Brown
Re: CVE request: mantis before 1.2.12 Kurt Seiifried
Re: CVE Request -- quagga (ospf6d): Assertion failure when removing routes (retrieving information which route to remove) Kurt Seiifried
Re: CVE request: mantis before 1.2.12 Hanno Böck
Re: Privilege escalation (lpadmin -> root) in cups Sean Amoss
Re: CVE request: mantis before 1.2.12 Kurt Seiifried
Re: Gajim fails to handle invalid certificates Kurt Seiifried

Wednesday, 14 November

Re: Gajim fails to handle invalid certificates Florian Weimer
Re: Gajim fails to handle invalid certificates Kurt Seifried
Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Jan Lieskovsky
CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Jan Lieskovsky
Linux kernel handling of IPv6 temporary addresses George Kargiotakis
Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled Kurt Seifried
Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Kurt Seifried
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried
Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Michal Ambroz
Re: Linux kernel handling of IPv6 temporary addresses Greg KH
Re: Vulnerabilities in Oki CUPS printer drivers Kurt Seifried
Re: Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster
HT Editor 2.0.20 buffer overflows CVE-2012-5867 cve-assign
Re: Request for linux-distros () vs openwall org membership Solar Designer
Fwd: [ANNOUNCE] CGIT v0.9.1 Released Jason A. Donenfeld

Thursday, 15 November

Re: Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version Ralf Schlatterbeck
CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Jan Lieskovsky
CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones
Re: CVE Request -- perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers Kurt Seifried
Re: CVE request: mantis before 1.2.12 cve-assign

Friday, 16 November

CVE Request: Python keyring Marc Deslauriers
Re: YUI 2.x security issue regarding embedded SWF files -- or, How Not To Handle A Security Disclosure cve-assign

Saturday, 17 November

CVE Request for Drupal Contributed Modules Forest Monsen

Sunday, 18 November

Moodle security notifications public Michael de Raadt

Monday, 19 November

Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Guido Berhoerster
Re: CVE Request: Python keyring Marc Deslauriers
Re: Fwd: [[Weechat-security] Security vulnerability in WeeChat 0.3.0 -> 0.3.9.1] Kurt Seifried
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Steven M. Christey

Tuesday, 20 November

Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Jan Lieskovsky
libssh 0.5.3 release fixes multiple security issues Vincent Danen
Re: CVE Request for Drupal Contributed Modules Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Forest Monsen

Wednesday, 21 November

lighttpd 1.4.32 released, fixing CVE-2012-5533 Stefan Bühler
CVE Request: Gimp memory corruption vulnerability Andrés Gómez Ramírez

Thursday, 22 November

Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Matthias Weckbecker
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Attila Bogár
Re: CVE Request: Python keyring Matthias Weckbecker

Friday, 23 November

CVE Request -- android-tools (server): Insecure temporary file used for logging Jan Lieskovsky
Re: Gajim fails to handle invalid certificates Florian Weimer
CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Jan Lieskovsky
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani
CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Jan Lieskovsky
Re: CVE Request -- (Horde) IMP (prior v5.0.24-git): Obscure XSS issue when uploading attachments. Kurt Seifried
Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws Kurt Seifried
Re: CVE Request -- android-tools (server): Insecure temporary file used for logging Kurt Seifried

Sunday, 25 November

CVE Request: slowloris for tomcat David Jorm
Re: CVE Request: slowloris for tomcat Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Kurt Seifried

Monday, 26 November

Re: Security issue in icecast Moritz Naumann
CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Jan Lieskovsky
CVE request: Curl insecure usage Moritz Muehlenhoff
tor DoS via SENDME cells Vincent Danen
CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Jan Lieskovsky
Re: CVE request: Curl insecure usage Kurt Seifried
Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Kurt Seifried
Re: tor DoS via SENDME cells Kurt Seifried
Re: CVE Request -- Symfony (php-symfony-symfony) < 1.4.20: Ability to read arbitrary files on the server, readable with the web server privileges Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Forest Monsen
Re: CVE Request: Gimp memory corruption vulnerability Kurt Seifried
Re: CVE Request for Drupal Contributed Modules Kurt Seifried
Re: CVE Request: Python keyring Kurt Seifried
Re: CVE Request: Python keyring Kurt Seifried

Tuesday, 27 November

CVE request: libproxy issue Matthias Weckbecker
Re: CVE request: libproxy issue Tomas Hoger
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Jan Lieskovsky
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Andrea Barisani
Re: CVE request: libproxy issue Kurt Seifried
CVE-2012-5532 hypervkvpd DoS Vincent Danen
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen
Re: CVE-2012-5532 hypervkvpd DoS Vincent Danen
Re: CVE request: Curl insecure usage Steven M. Christey
Re: [oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision Steven M. Christey
rssh: incorrect filtering of command line options Yves-Alexis Perez
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez
libtiff: Stack based buffer overflow when handling DOTRANGE tags Huzaifa Sidhpurwala
Re: rssh: incorrect filtering of command line options Yves-Alexis Perez
Re: rssh: incorrect filtering of command line options Derek Martin

Wednesday, 28 November

Re: CVE-2012-5532 hypervkvpd DoS Sebastian Krahmer
[OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571) Thierry Carrez
[OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563) Thierry Carrez
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Kurt Seifried
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Ricardo Mones
Re: CVE request -- vCalendar plugin for Claws Mail: credentials exposed on interface Vincent Danen
Re: CVE request: Curl insecure usage Kurt Seifried
Re: CVE request: Curl insecure usage Kurt Seifried
CVE request for Drupal contributed modules Forest Monsen
Re: CVE request for Drupal contributed modules Kurt Seifried

Thursday, 29 November

Re: CVE request: Curl insecure usage Fabian Keil
CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Jan Lieskovsky
Re: CVE Request -- wireshark: Wireshark 1.6.12 and Wireshark 1.8.4 fixes Kurt Seifried
Re: CVE request: Curl insecure usage Moritz Mühlenhoff
CVE request for Ushahidi security vulnerability 2012-008 Robbie Mackay

Friday, 30 November

CVE Request: owncloud Jamie Strandboge
Re: CVE Request: owncloud Kurt Seifried
Re: [security] [oss-security] CVE Request: owncloud Lukas Reschke

Saturday, 01 December

CVE request: TSK misrepresents "." files on FAT filesystems Timo Warns
Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried

Sunday, 02 December

Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Huzaifa Sidhpurwala
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Yves-Alexis Perez
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Steven M. Christey
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Kurt Seifried
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday Sergei Golubchik

Monday, 03 December

CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen
CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Jan Lieskovsky
Xen Security Advisory 26 (CVE-2012-5510) - Grant table version switch list corruption vulnerability Xen . org security team
Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak Xen . org security team
Xen Security Advisory 32 (CVE-2012-5525) - several hypercalls do not validate input GFNs Xen . org security team
Xen Security Advisory 31 (CVE-2012-5515) - Several memory hypercall operations allow invalid extent order values Xen . org security team
Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Xen . org security team
Xen Security Advisory 29 (CVE-2012-5513) - XENMEM_exchange may overwrite hypervisor memory Xen . org security team
Xen Security Advisory 30 (CVE-2012-5514) - Broken error handling in guest_physmap_mark_populate_on_demand() Xen . org security team
CVE-2012-5468: bogofilter-SA-2012-01 Matthias Andree
Re: CVE request for Ushahidi security vulnerability 2012-008 Kurt Seifried
Re: CVE request: TSK misrepresents "." files on FAT filesystems Kurt Seifried
Re: CVE Request -- Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name Kurt Seifried
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried
Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday king cope
Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried

Tuesday, 04 December

CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Jan Lieskovsky
Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection Kurt Seifried
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Matthias Weckbecker
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Moritz Muehlenhoff
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Vincent Danen
Re: CVE request: Dovecot DoS in 2.x (fixed in 2.1.11) Kurt Seifried
Re: Linux kernel handling of IPv6 temporary addresses Kurt Seifried
CVE request: Mysql/Mariadb insecure salt-usage Huzaifa Sidhpurwala

Wednesday, 05 December

Re: Linux kernel handling of IPv6 temporary addresses Ludwig Nussel
Re: CVE request: Mysql/Mariadb insecure salt-usage Sergei Golubchik
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen
Re: Strange CVE situation (at least one ID should come of this) Josh Bressers
Re: Strange CVE situation (at least one ID should come of this) Vincent Danen

Thursday, 06 December

Re: CVE request: Mysql/Mariadb insecure salt-usage Kurt Seifried

Monday, 10 December

CVE-2012-6302 Soapbox 0.3.1 sandbox bypass cve-assign
CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows cve-assign
CVE-2012-6306 HCView Write Access Violation with GIF file cve-assign
CVE-2012-6307 JPEGsnoop Write Access Violation with JPEG file cve-assign
CVE-2012-6309 Arctic Torrent crash with .torrent file cve-assign
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried

Tuesday, 11 December

CVE request: opus codec before 1.0.2 Hanno Böck
CVE request: perl-modules Jamie Strandboge
Re: CVE request: opus codec before 1.0.2 Kurt Seifried
Re: CVE request: perl-modules Kurt Seifried
[OSSA 2012-020] Information leak in libvirt LVM-backed instances (CVE-2012-5625) Thierry Carrez

Wednesday, 12 December

CVE request: thttpd: Denial of Service (App. crash, local) Matthias Weckbecker
Re: CVE request: thttpd: Denial of Service (App. crash, local) Henri Salo
Due to Nagios (core) 3.4.3 history.cgi crash (fulldisclosure/2012/Dec/107 post) Jan Lieskovsky
Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky
Robust XML validation Florian Weimer
Re: CVE request: perl-modules cve-assign
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Frank Lanitz
CVE-2012-5617: gksu-polkit privileged code execution with unprivileged credentials Vincent Danen
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Eitan Adler

Thursday, 13 December

Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Jan Lieskovsky
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Simon McVittie
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson
Re: Robust XML validation Timo Warns
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Matthew Brush
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Andreas Ericsson
Remote file inclusion by office applications Timo Warns
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Kurt Seifried
Re: Robust XML validation Tim
Re: Remote file inclusion by office applications Kurt Seifried
Re: Remote file inclusion by office applications Timo Warns
Re: Robust XML validation Timo Warns
Re: Remote file inclusion by office applications Daniel Kahn Gillmor
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Colomban Wendling
Re: Geany IDE not escaping filenames during compilation / build - a security issue or not? Peter Bex
pacemaker strcmp Simon .
CVE-2012-5374 CVE-2012-5375 Btrfs CRC32C denial of service issues cve-assign
Re: CVE request: opus codec before 1.0.2 Hanno Böck
Re: Xen Security Advisory 27 (CVE-2012-5511) - several HVM operations do not validate the range of their inputs Steven M. Christey
Re: CVE request: opus codec before 1.0.2 Kurt Seifried
Re: Remote file inclusion by office applications Kurt Seifried
CVE for tog-pegasus Hash DoS issue from 2011 Kurt Seifried
Re: Remote file inclusion by office applications Tim Brown

Friday, 14 December

Re: Remote file inclusion by office applications Florian Weimer
Re: Robust XML validation Florian Weimer
Re: CVE request: thttpd: Denial of Service (App. crash, local) Kurt Seifried
Re: pacemaker strcmp Kurt Seifried

Monday, 17 December

CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Vincent Danen
Re: CVE request: fail2ban 0.8.8 fixes an input variable quoting flaw on <matches> content Kurt Seifried
CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Jan Lieskovsky
Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks Kurt Seifried
Django 1.3.5, Django 1.4.3, and Django 1.5 beta 2 Security Update Kurt Seifried
CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Nicolas Grégoire

Tuesday, 18 December

Plug-and-wipe and Secure Boot semantics Florian Weimer
CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Jan Lieskovsky
Re: Plug-and-wipe and Secure Boot semantics Greg KH
Re: Plug-and-wipe and Secure Boot semantics Florian Weimer
Re: CVE Request -- Freeciv (X < 2.3.3): DoS (memory exhaustion or excessive CPU consumption) via malformed network packets Kurt Seifried
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried
Re: Plug-and-wipe and Secure Boot semantics Greg KH

Wednesday, 19 December

Re: Plug-and-wipe and Secure Boot semantics Florian Weimer
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Jan Lieskovsky
[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse
Re: Plug-and-wipe and Secure Boot semantics Greg KH
Re: Plug-and-wipe and Secure Boot semantics Kurt Seifried
CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev
CVE request for Drupal core, and contributed modules Forest Monsen
Re: CVE request for Drupal core, and contributed modules Kurt Seifried
CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Vincent Danen
Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images Kurt Seifried
Re: CVE request: information disclosure flaw in php-ZendFramework (ZF2012-05) Kurt Seifried

Thursday, 20 December

Multiple SQL injection vulnerabilities in the puppetclass.rb and search.rb scripts in Foreman 1.0.1 Amos Benari
Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping Frédéric Basse

Friday, 21 December

Isearch insecure temporary files David Holland
Re: Isearch insecure temporary files Kurt Seifried
Re: Isearch insecure temporary files David Holland
CVE Request: grep Seth Arnold
CVE request: ownCloud Lukas Reschke
Re: CVE Request: grep Paul Eggert
About CVE-2012-5645 Marko Lindqvist
Re: CVE request: ownCloud Kurt Seifried
Re: CVE Request: grep Kurt Seifried

Monday, 24 December

CVE Request - Multiple security fixes in freetype - 2.4.11 Huzaifa Sidhpurwala
Re: CVE Request - Multiple security fixes in freetype - 2.4.11 Kurt Seifried

Wednesday, 26 December

Re: CVE request: Curl insecure usage Moritz Muehlenhoff

Thursday, 27 December

Re: CVE request: Curl insecure usage Kurt Seifried
CVE request: Jenkins Moritz Muehlenhoff
Re: CVE request: Jenkins Kurt Seifried

Friday, 28 December

CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried

Saturday, 29 December

Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Michael Tokarev
Re: CVE Request: W3 Total Cache - public cache exposure Jason A. Donenfeld
Inkscape reads .eps files from /tmp instead of the current directory Salvatore Bonaccorso
CVE request: MoinMoin Wiki (remote code execution vulnerability) Tilmann Haak
CVE request: MoinMoin Wiki (XSS in rss link) Tilmann Haak
CVE request: MoinMoin Wiki (path traversal vulnerability) Tilmann Haak
Re: CVE request: qemu e1000 emulated device gues-side buffer overflow Kurt Seifried
Re: Inkscape reads .eps files from /tmp instead of the current directory Kurt Seifried
Re: CVE Request: W3 Total Cache - public cache exposure Kurt Seifried
Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Kurt Seifried
Re: CVE request: MoinMoin Wiki (XSS in rss link) Kurt Seifried
Re: CVE request: MoinMoin Wiki (path traversal vulnerability) Kurt Seifried
Re: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried
Re: About CVE-2012-5645 Kurt Seifried
Re: Isearch insecure temporary files Kurt Seifried
2012 close out/cleanup Kurt Seifried

Sunday, 30 December

Re: About CVE-2012-5645 Marko Lindqvist
Re: Isearch insecure temporary files Henri Salo
Re: Isearch insecure temporary files Kurt Seifried
Re: About CVE-2012-5645 Kurt Seifried

Monday, 31 December

CVE request (maybe): magento before 1.7.0.2 Hanno Böck
Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Henri Salo
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Moritz Naumann
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Hanno Böck
Re: Dispute CVE-2012-5903 SMF index.php scheduled-parameter XSS Emanuele
Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Mustapha Rabiu
CVE Request: Charybdis and ircd-ratbox remote crash flaw Huzaifa Sidhpurwala
Re: CVE Request: Charybdis and ircd-ratbox remote crash flaw Kurt Seifried
Re: Charybdis: Improper assumptions in the server handshake code may lead to a remote crash Kurt Seifried
Re: GnuPG 1.4.12 and lower - memory access errors and keyring database corruption Kurt Seifried

Previous period

Next period