oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

648 messages starting Apr 01 13 and ending Jun 30 13
Date index | Thread index | Author index

Monday, 01 April

Re: Re: Security vulnerability tools Corey Bryant
Re: Re: Security vulnerability tools Corey Bryant
Re: Re: Security vulnerability tools Larry W. Cashdollar

Tuesday, 02 April

CVE-2013-1912 : haproxy may crash on TCP content inspection rules Willy Tarreau

Wednesday, 03 April

CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner
CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky
Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer
Re: CVE Request: glibc getaddrinfo() stack overflow Sebastian Krahmer
Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried
Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Kurt Seifried
Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer
Re: CVE request: WordPress plugin user-photo file upload arbitrary PHP code execution Kurt Seifried
browser document.cookie DoS vulnerability Stefan Bühler
Re: Further issue details about flaws corrected in upstream ClamAV 0.97.7 version Kurt Seifried
ownCloud Security Advisories (2013-011, 2013-012) Lukas Reschke
CVE request for Drupal contributed modules Forest Monsen
CVE request: rpc-gssd is vulnerable to DNS spoofing Vincent Danen

Thursday, 04 April

Xen Security Advisory 47 (CVE-2013-1920) - Potential use of freed memory in event channel operations Xen . org security team
RE: Confused with Drupal CVEs Christey, Steven M.
Re: CVE request: rpc-gssd is vulnerable to DNS spoofing Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
PostgreSQL security update Solar Designer
Re: PostgreSQL security update Solar Designer
Confused with Drupal CVEs Henri Salo
Multiple CVE requests for MantisBT Damien Regad

Friday, 05 April

Re: CVE Request: glibc getaddrinfo() stack overflow Marcus Meissner
CVE Request: tg3 VPD firmware -> driver injection Marcus Meissner
CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Marcus Meissner
Zimbra XSS in aspell.php, CVE request Michael Scherer
Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Kurt Seifried
Re: CVE Request: tg3 VPD firmware -> driver injection Kurt Seifried
Re: Multiple CVE requests for MantisBT Kurt Seifried
Re: Zimbra XSS in aspell.php, CVE request Michael Scherer

Sunday, 07 April

New vulnerabilty in imagemagick Bastien ROUCARIES
cve request: util-linux Michael Gilbert
Any info on dovecot CVE-2010-0535? Michael Gilbert

Monday, 08 April

Re: cve request: util-linux Adam D. Barratt
Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Larry W. Cashdollar
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: Multiple CVE requests for MantisBT Damien Regad
Re: Re: Multiple CVE requests for MantisBT Kurt Seifried
Re: Re: Multiple CVE requests for MantisBT Kurt Seifried
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter
Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter
Re: New vulnerabilty in imagemagick Kurt Seifried
Re: Remote Command Injection Ruby Gem Karteek Docsplit 0.5.4 Kurt Seifried
Re: browser document.cookie DoS vulnerability Kurt Seifried
Re: Re: Multiple CVE requests for MantisBT Damien Regad
Re: Any info on dovecot CVE-2010-0535? Geoff Keating
Re: Re: Re: Multiple CVE requests for MantisBT Kurt Seifried
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE Dan Carpenter

Tuesday, 09 April

Re: CVE Request: kernel information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE P J P
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Jan Lieskovsky
CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Salvatore Bonaccorso
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Breno Silva
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj
Re: Re: CVE Request -- ModSecurity (X < 2.7.3): Vulnerable to XXE attacks Athmane Madjoudj
Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8 Kurt Seifried
Re: Zimbra XSS in aspell.php, CVE request Kurt Seifried
Re: Zimbra XSS in aspell.php, CVE request Jeff Flanigan
Postfix incorrect permissions on configurations. Request. Russ Thompson
Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev
Re: Postfix incorrect permissions on configurations. Request. Russ Thompson
Re: Postfix incorrect permissions on configurations. Request. Michael Tokarev
Re: Postfix incorrect permissions on configurations. Request. Mike

Friday, 12 April

Re: CVE request for Drupal contributed modules Kurt Seifried
Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Kurt Seifried
CVE-2013-1900 looks like an OpenSSL bug Florian Weimer
Re: CVE-2013-1900 looks like an OpenSSL bug Solar Designer
Re: CVE-2013-1900 looks like an OpenSSL bug Florian Weimer
Re-evaluating expat/libxml2 CVE assignments Steven M. Christey
CVE for XSS in EasyPHPCalender script Anant Shrivastava
Remote command injection md2pdf ruby gem Larry W. Cashdollar

Saturday, 13 April

Re: Remote command injection md2pdf ruby gem Kurt Seifried
Summary of security bugs (now fixed) in user namespaces Andy Lutomirski
CVE-2013-1949 Social Media Widget remote file inclusion Kurt Seifried

Sunday, 14 April

CVE Request: VLC Buffer Overflow in ASF Demuxer Salvatore Bonaccorso
Linux kernel: more net info leak fixes for v3.9 Mathias Krause

Monday, 15 April

CVE request - Linux kernel: tracing NULL pointer dereference P J P
CVE request: Linux kernel: cifs: NULL pointer dereference P J P
Xen Security Advisory 48 (CVE-2013-1922) - qemu-nbd format-guessing due to missing format specification Xen . org security team
re: Summary of security bugs (now fixed) in user namespaces Brian Martin
Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski

Tuesday, 16 April

autotrace: stack-based buffer overflow in bmp parser Murray McAllister
CVE-2013-1922 -- qemu: qemu-nbd block format auto-detection vulnerability Petr Matousek
Re: autotrace: stack-based buffer overflow in bmp parser Kurt Seifried
Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried
Re: CVE Request: VLC Buffer Overflow in ASF Demuxer Kurt Seifried
Re: CVE for XSS in EasyPHPCalender script Kurt Seifried
A note on CVE assignment timelines Kurt Seifried
CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Thijs Kinkhorst
Re: Summary of security bugs (now fixed) in user namespaces Florian Weimer
Re: Re: Summary of security bugs (now fixed) in user namespaces Andy Lutomirski
Re: Re: Summary of security bugs (now fixed) in user namespaces Kurt Seifried
Re: CVE Request: MediaWiki Security Releases 1.20.4 and 1.19.5 Kurt Seifried
Fwd: Multiple Vulnerabilities in Simple HRM system v2.3 and below Doraemon Sk8ers
Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers

Wednesday, 17 April

debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Thomas Biege
CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Agostino Sarubbo
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo
Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried
Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Daniel Kahn Gillmor
CVE request for Drupal contributed modules Forest Monsen
Fwd: Re: CVE Request: ownCloud 5.0.5 and 4.5.10 Kurt Seifried

Thursday, 18 April

plone, rrdtool, zenoss bugs Thomas Pollet
CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file Jan Lieskovsky
Xen Security Advisory 46 (CVE-2013-1919) - Several access permission issues with IRQs for unprivileged guests Xen . org security team
Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team
partial signed message verification in MUAs [was: Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data] Daniel Kahn Gillmor
Xen Security Advisory 44 (CVE-2013-1917) - Xen PV DoS vulnerability with SYSENTER Xen . org security team
Re: debian: gpg --verify suggests entire file was verified, even if file contains auxiliary data Kurt Seifried
Xorg-x11-server: Information disclosure due enabling events from hot-plug devices despite input from the device being momentarily disabled Huzaifa Sidhpurwala
Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance Xen . org security team
Re: CVE-2012-XXYY Request -- google-authenticator: Information disclosure due insecure requirement on the secrets file Kurt Seifried
Re: plone, rrdtool, zenoss bugs Kurt Seifried
Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities Kurt Seifried
CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Kurt Seifried

Friday, 19 April

distros list news Solar Designer

Saturday, 20 April

Request for linux-distros list membership Allan McRae
Re: CVE-2013-1942 jPlayer 2.2.19 XSS Lukas Reschke
Re: Request for linux-distros list membership Solar Designer
upstream source code authenticity checking Solar Designer
Re: Request for linux-distros list membership Allan McRae

Sunday, 21 April

ownCloud Security Advisories (2013-017, 2013-018) Lukas Reschke
Re: upstream source code authenticity checking Alan Coopersmith
Re: upstream source code authenticity checking Marcus Meissner
OS command injection vulnerability in Chicken Scheme Peter Bex
Vulnerabilities in jPlayer MustLive
Re: upstream source code authenticity checking Jeremy Stanley
Re: upstream source code authenticity checking Allan McRae
Re: Request for linux-distros list membership Solar Designer
Re: upstream source code authenticity checking Alistair Crooks
Re: upstream source code authenticity checking Allan McRae
Re: upstream source code authenticity checking Alistair Crooks
Re: Linux kernel: more net info leak fixes for v3.9 cve-assign

Monday, 22 April

Re: upstream source code authenticity checking Stuart Henderson
CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Agostino Sarubbo
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P
Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P
[CVE assignment notification] CVE-2013-1950 libtirpc: Invalid pointer free leads to rpcbind daemon crash (A different vulnerability than CVE-2003-0028) Jan Lieskovsky
Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause
Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH
Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Kurt Seifried
Re: Re: Linux kernel: more net info leak fixes for v3.9 cve-assign
Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH
Vulnerabilities in multiple plugins for WordPress with jPlayer MustLive

Tuesday, 23 April

Re: Re: Linux kernel: more net info leak fixes for v3.9 Petr Matousek
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P
Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause
Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P
Re: CVE-2013-1977 - OpenStack keystone.conf insecure file permissions Thierry Carrez
CVE Request for XSS vulnerability in Ushahidi Web Robbie Mackay
CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Kurt Seifried

Wednesday, 24 April

Re: CVE-2013-2006 OpenStack keystone LDAP password disclosure in log files Thierry Carrez
Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo
CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Simon McVittie
Advisory dates Dag-Erling Smørgrav
CVE-2013-3221 can also relate to Microsoft SQL Server and IBM DB2 cve-assign
WP-Super-Cache XSS and Remote Code Exec Kurt Seifried
W3 Total Cache 0.9.2.8 Remote Code Exec Kurt Seifried
Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried
Re: Advisory dates Kurt Seifried
Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo
Re: WP-Super-Cache XSS and Remote Code Exec Henri Salo
Vulnerabilities in multiple themes for WordPress with jPlayer MustLive
Re: WP-Super-Cache XSS and Remote Code Exec Hanno Böck
Re: WP-Super-Cache XSS and Remote Code Exec Kurt Seifried
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried
Re: upstream source code authenticity checking Eric H. Christensen
WP-Super-Cache 1.3.1 Remote Code Exec - properly fixed? Kurt Seifried
Re: upstream source code authenticity checking Alistair Crooks
Re: upstream source code authenticity checking Allan McRae

Thursday, 25 April

Re: upstream source code authenticity checking Kurt Seifried
Re: Advisory dates Dag-Erling Smørgrav
Re: upstream source code authenticity checking Josh Bressers
Re: upstream source code authenticity checking nicolas vigier
Re: upstream source code authenticity checking nicolas vigier
Re: upstream source code authenticity checking Daniel Kahn Gillmor
CVE Request -- autojump: autojump profile will load random stuff from a directory called custom_install Jan Lieskovsky
Re: CVE Request -- autojump: autojump profile will load random stuff from a directory called custom_install Kurt Seifried
Re: upstream source code authenticity checking Alistair Crooks
Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Kurt Seifried
Re: upstream source code authenticity checking Alistair Crooks
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Alistair Crooks
Re: upstream source code authenticity checking Alistair Crooks
CVE-2013-2013 - OpenStack keystone password disclosure on command line Kurt Seifried
Re: upstream source code authenticity checking Kurt Seifried

Friday, 26 April

Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Andrew Alexeev
Re: upstream source code authenticity checking yersinia
Re: upstream source code authenticity checking Dag-Erling Smørgrav
Re: upstream source code authenticity checking Marcus Meissner
Re: upstream source code authenticity checking Kurt Seifried
Re: upstream source code authenticity checking Dag-Erling Smørgrav
Re: upstream source code authenticity checking Florian Weimer
CVE request: Linux kernel: ext4: hang during mount(8) P J P
Re: CVE request: Linux kernel: ext4: hang during mount(8) Kurt Seifried
Re: upstream source code authenticity checking Alistair Crooks
Re: upstream source code authenticity checking Kurt Seifried

Saturday, 27 April

Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Shawn

Sunday, 28 April

Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Petr Matousek
Multiple vulnerabilities in BOINC Alyssa Milburn
Multiple Linux setuid output redirection vulnerabilities Andy Lutomirski
distros vs. linux-distros lists Solar Designer
Re: CVE request - Linux kernel: tracing NULL pointer dereference cve-assign
Re: CVE request: Linux kernel: cifs: NULL pointer dereference cve-assign

Monday, 29 April

Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Kurt Seifried
Re: Re: [PATCH 1/3] virtio-pci: properly validate address before accessing config Michael S. Tsirkin
CVE request -- Linux kernel: veth: double-free in case of congestion Petr Matousek
Re: Nginx ngx_http_close_connection function integer overflow - can anyone confirm this? Andrew Alexeev
Re: upstream source code authenticity checking Eric H. Christensen
Re: CVE request -- Linux kernel: veth: double-free in case of congestion Kurt Seifried
Re: Multiple vulnerabilities in BOINC Kurt Seifried
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried
Re: CVE Request for XSS vulnerability in Ushahidi Web Kurt Seifried
Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried
Re: OS command injection vulnerability in Chicken Scheme Peter Bex
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso
Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried
Re: CVE(-2007-xxxx?) request: telepathy-idle does not check SSL certificates Kurt Seifried
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried
RE: OS command injection vulnerability in Chicken Scheme Christey, Steven M.
Re: OS command injection vulnerability in Chicken Scheme Kurt Seifried
memcached remote seg fault Kurt Seifried
Re: memcached remote seg fault Kurt Seifried

Tuesday, 30 April

[NOTIFICATION] strongSwan-5.0.4 correcting ECDSA flaw (CVE-2013-2944) Jan Lieskovsky
Flightgear remote format string Andrés Gómez Ramírez
Re: Flightgear remote format string Kurt Seifried
Re: upstream source code authenticity checking Daniel Kahn Gillmor
CVE-2013-2029: Nagios RPM nagios.upgrade_to_v3.sh Kurt Seifried
Re-emergence of CVE-2008-4796 in Nagios current Kurt Seifried
Re: Re-emergence of CVE-2008-4796 in Nagios current David Jorm

Wednesday, 01 May

Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Hanno Böck
Re: Mediawiki CVE request ( was Fw: [MediaWiki-announce] MediaWiki Security Release: 1.20.5 and 1.19.6) Kurt Seifried
Re: Flightgear remote format string Andrés Gómez Ramírez
Re: upstream source code authenticity checking Robbie MacKay
CVE Request: httplib2 ssl cert incorrect error handling Marc Deslauriers
CVE Request for Drupal contributed module Forest Monsen
Re: Flightgear remote format string Kurt Seifried
Fwd: Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala
Two libtiff (tiff2pdf flaws) Huzaifa Sidhpurwala
Re: CVE Request for Drupal contributed module Kurt Seifried
Re: CVE Request: httplib2 ssl cert incorrect error handling Kurt Seifried

Thursday, 02 May

CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky
Xen Security Advisory 45 (CVE-2013-1918) - Several long latency operations are not preemptible Xen . org security team
Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges Xen . org security team
Re: Flightgear remote format string Andrés Gómez Ramírez
Re: upstream source code authenticity checking Alistair Crooks
RE: Flightgear remote format string Christey, Steven M.
OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Daniel Kahn Gillmor
Re: upstream source code authenticity checking Kurt Seifried
Re: upstream source code authenticity checking Russ Allbery
Re: OpenPGP certifications are identity assertions [was: Re: upstream source code authenticity checking] Simon McVittie
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Kurt Seifried
Re: upstream source code authenticity checking Alan Coopersmith
Re: upstream source code authenticity checking Russ Allbery
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond
Re: Flightgear remote format string Andrés Gómez Ramírez

Friday, 03 May

CVE request: Linux kernel: chipidea: allow disabling streaming in host mode P J P
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Salvatore Bonaccorso
Re: Re-emergence of CVE-2008-4796 in Nagios current Michael Gilbert

Saturday, 04 May

Re: upstream source code authenticity checking Daniel Kahn Gillmor
CVE Request: YaBB 2.5.2 and earlier arbitrary code execution John Lightsey
Re: CVE Request: YaBB 2.5.2 and earlier arbitrary code execution Kurt Seifried
Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Kurt Seifried
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried

Sunday, 05 May

CVE request: WordPress advanced-xml-reader XXE Henri Salo

Monday, 06 May

Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Marcus Meissner
Re: CVE request: Linux kernel: chipidea: allow disabling streaming in host mode Greg KH
CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Vincent Danen
Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions Xen . org security team
Re: CVE request: OpenVPN use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt Kurt Seifried
CVE-2013-2060 OpenShift Origin: Potential remote command execution vulnerability in download cart url Kurt Seifried

Tuesday, 07 May

Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Jan Lieskovsky
nginx security advisory (CVE-2013-2028) Andrew Alexeev
Re: nginx security advisory (CVE-2013-2028) Florian Weimer
Re: CVE Request -- gpsd 3.9 fixing a denial of service flaw Eric S. Raymond

Wednesday, 08 May

When does resource consumption become a security vulnerability? Kurt Seifried
CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex

Thursday, 09 May

Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Peter Bex
[OSSA 2013-010] Nova uses insecure keystone middleware tmpdir by default (CVE-2013-2030) Thierry Carrez
[OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Thierry Carrez
RE: [Openstack] [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059) Miller, Mark M (EB SW Cloud - R&D - Corvallis)

Friday, 10 May

Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Doraemon Sk8ers
CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct P J P
Re: CVE request: Linux kernel: tuntap refuse to re-attach to different tun_struct Petr Matousek
CVE request: password exposure in kdelibs when showing "internal server error" messages Vincent Danen
CVE Request: kdelibs Seth Arnold
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Kurt Seifried
Re: CVE request: password exposure in kdelibs when showing "internal server error" messages Kurt Seifried
Re: CVE request: CHICKEN Scheme incomplete fix for CVE-2012-6122 (select() fs_set buffer overrun) Kurt Seifried
Re: CVE Request: kdelibs Kurt Seifried

Saturday, 11 May

CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as
Re: CVE Request: Dolibarr - Multiple Vulnerabilities chevalier 3as

Sunday, 12 May

CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello
CVE request: MoinMoin Wiki (remote code execution vulnerability) Luciano Bello
Re: CVE request: MoinMoin Wiki (remote code execution vulnerability) Thomas Waldmann
CVE Request: Storable::thaw called on cookie data in multiple CPAN modules John Lightsey

Monday, 13 May

CVE request: Gallery multiple XSS vulnerabilities Henri Salo
nginx security advisory (CVE-2013-2070) Andrew Alexeev
CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen

Tuesday, 14 May

Re: CVE request: Gallery multiple XSS vulnerabilities Kurt Seifried
Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules Kurt Seifried
Re: Re: CVE Request: Dolibarr - Multiple Vulnerabilities Kurt Seifried
CVE Request: linux kernel perf out-of-bounds access Marc Deslauriers
Re: CVE Request: linux kernel perf out-of-bounds access Raphael Geissert
Re: CVE Request: linux kernel perf out-of-bounds access Petr Matousek
Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability George Theall
ownCloud Security Advisories oC-SA-0{19-27} Lukas Reschke
Re: Re: CVE-2002-2443: Kerberos kpasswd UDP ping-pong vulnerability Vincent Danen
Remote command Injection in Creme Fraiche 0.6 Ruby Gem Larry W. Cashdollar
Re: Remote command Injection in Creme Fraiche 0.6 Ruby Gem Kurt Seifried
Re: CVE Request: linux kernel perf out-of-bounds access Eugene Teo
Re: CVE Request: linux kernel perf out-of-bounds access Michael Gilbert
Re: CVE Request: linux kernel perf out-of-bounds access Greg KH
Re: CVE Request: linux kernel perf out-of-bounds access sd

Wednesday, 15 May

CVE Request: Man in the middle on Gentoo Portage binary package installer Jason A. Donenfeld
CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Jan Lieskovsky
CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Jan Lieskovsky
CVE request for a Drupal contributed module Forest Monsen
CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried
Re: CVE request for a Drupal contributed module Kurt Seifried
Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Kurt Seifried
Re: CVE Request: linux kernel perf out-of-bounds access Kurt Seifried
Re: CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters Kurt Seifried
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried

Thursday, 16 May

[OSSA 2013-012] Nova fails to verify image virtual size (CVE-2013-2096) Michael Still
CVE request: WordPress plugin mail-on-update CSRF Henri Salo
CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Petr Matousek
CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo
Re: WordPress plugins vulnerable to CVE-2013-1808 Henri Salo
Re: CVE-2013-2097: zPanel themes remote command execution as root Kurt Seifried
Re: CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Agostino Sarubbo
CVE Request: WebAuth: Authentication credential disclosure Salvatore Bonaccorso
Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery
Re: CVE-2013-2097: zPanel themes remote command execution as root Daniel Kahn Gillmor
Re: CVE-2013-1962 libvirt: DoS (max count of open files exhaustion) due sockets leak in the storage pool Petr Matousek

Friday, 17 May

Xen Security Advisory 56 (CVE-2013-2072) - Buffer overflow in xencontrol Python bindings affecting xend Xen . org security team
Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Larry W. Cashdollar

Saturday, 18 May

Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried
Re: CVE request: WordPress plugin mail-on-update CSRF Kurt Seifried
Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried
Re: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability Kurt Seifried
Re: CVE Request: WebAuth: Authentication credential disclosure Russ Allbery
Re: CVE Request: WebAuth: Authentication credential disclosure Kurt Seifried
Re: CVE request: WordPress plugin wp-cleanfix CSRF Henri Salo
CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld
Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade
Re: Multiple vulnerabilities in PHP Address Book v8.2.5 Henri Salo
Re: CVE request: WordPress plugin wp-cleanfix CSRF Kurt Seifried
Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried
Re: CVE Request: DoS in OpenSMTPD TLS Support Jason A. Donenfeld
More zPanel security flaws? Trying to sort them out Kurt Seifried
Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Kurt Seifried

Sunday, 19 May

Re: Re: CVE Request: DoS in OpenSMTPD TLS Support Gilles Chehade
Re: plone, rrdtool, zenoss bugs Henri Salo

Monday, 20 May

Re: CVE Request: Man in the middle on Gentoo Portage binary package installer Pavel Labushev
CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Jan Lieskovsky
tty-hijacking & CVE-2005-4890 - redux mancha
Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger
Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes cve-assign
Re: Re: CVE Request -- Wireshark: Upstream v1.8.7, v1.6.15 fixes Kurt Seifried
CVE assignments for Wireshark 1.8.7 and 1.6.15 cve-assign
Moodle security notifications public Michael de Raadt

Tuesday, 21 May

CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Agostino Sarubbo

Wednesday, 22 May

Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Kurt Seifried
Re: nginx security advisory (CVE-2013-2028) Solar Designer
CVE request: MediaWiki chunked uploads vulnerability Thijs Kinkhorst
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Huzaifa Sidhpurwala
Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Jan Lieskovsky
Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Timo Sirainen
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy
CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9) Jan Lieskovsky
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor
Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson

Thursday, 23 May

Re: CVE Request (minor) -- Python 3.2: DoS when matching certificate with many '*' wildcard characters {was: [oss-security] CVE Request (minor) -- python-backports-ssl_match_hostname: Denial of service when matching certificate with many '*' wildcard characters } Tomas Hoger
CVE-2013-2069 livecd-tools: improper handling of passwords Brian C. Lane
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries Alan Coopersmith
[OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley

Friday, 24 May

Re: CVE request: dovecot : "APPEND" Parameters Processing Denial of Service Vulnerability Kurt Seifried
Re: plone, rrdtool, zenoss bugs Kurt Seifried
Re: CVE request: MediaWiki chunked uploads vulnerability Kurt Seifried
Re: plone, rrdtool, zenoss bugs Henri Salo
Re: plone, rrdtool, zenoss bugs Kurt Seifried
Re: plone, rrdtool, zenoss bugs Matthew Wilkes
CVE Request: pwgen Seth Arnold
Re: CVE Request: pwgen Kurt Seifried

Saturday, 25 May

CVE Request: SPIP privilege escalation Salvatore Bonaccorso
CVE Request: cgit directory traversal Jason A. Donenfeld

Sunday, 26 May

socat security advisory 4 - CVE-2013-3571 Gerhard Rieger

Monday, 27 May

Re: CVE Request: cgit directory traversal Jan Lieskovsky
Re: CVE Request: SPIP privilege escalation Kurt Seifried
Re: CVE Request: cgit directory traversal Kurt Seifried
Re: CVE Request: cgit directory traversal Jason A. Donenfeld
Re: CVE Request: cgit directory traversal Jason A. Donenfeld
Re: CVE Request: pwgen Michael Samuel
Re: CVE Request: pwgen Solar Designer

Tuesday, 28 May

CVE request: libraw: multiple issues Raphael Geissert
[Notification] CVE-2013-2765 mod_security: NULL pointer dereference (DoS, crash) when forceRequestBodyVariable action triggered and unknown Content-Type was used Jan Lieskovsky
KDE Paste Applet Michael Samuel
Re: CVE request: libraw: multiple issues Kurt Seifried
[OSSA 2013-014] Missing expiration check in Keystone PKI tokens validation (CVE-2013-2104) Thierry Carrez

Wednesday, 29 May

Re: CVE request: libraw: multiple issues Raphael Geissert
CVE Request -- libguestfs (1.21.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Jan Lieskovsky
Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Richard W.M. Jones
CVE request for Drupal contributed modules Forest Monsen
GnuTLS 2.x Lucky13 fix regression CVE-2013-2116 Tomas Hoger
Re: KDE Paste Applet Kurt Seifried
Re: CVE request: libraw: multiple issues Kurt Seifried
Re: Re: CVE Request -- libguestfs (1.20.6 | 1.22.0 | 1.23.0 <= X < 1.22.1 | 1.23.1): Denial of service due to a double-free when inspecting certain guest files / images Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) P J P
Re: CVE request: Linux kernel: net: oops from tcp_collapse() when using splice(2) Kurt Seifried
Drupal contrib CVE Forest Monsen
Re: Drupal contrib CVE Kurt Seifried

Thursday, 30 May

CVE request: znc: null pointer dereference in webadmin Raphael Geissert
CVE-2013-1431: telepathy-gabble: TLS bypass via use of legacy Jabber Simon McVittie
Re: CVE request: znc: null pointer dereference in webadmin Kurt Seifried
Re: KDE Paste Applet Michael Samuel
Re: plone, rrdtool, zenoss bugs Kurt Seifried

Friday, 31 May

Re: KDE Paste Applet Jeff Mitchell
CVE request: monkeyd Denial of Service Agostino Sarubbo
CVE Request: libimobiledevice insecure /tmp use Marc Deslauriers
CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried
Re: CVE request: monkeyd Denial of Service cve-assign
Re: CVE-2013-2132 MongoDB: User-triggerable NULL pointer dereference due to utter plebbery Kurt Seifried

Saturday, 01 June

CVE-2013-2850: Linux kernel iSCSI target heap overflow Kees Cook

Sunday, 02 June

CVE Request: kernel info leak in tkill/tgkill Marcus Meissner

Monday, 03 June

Xen Security Advisory 52 (CVE-2013-2076) - Information leak on XSAVE/XRSTOR capable AMD CPUs Xen . org security team
Xen Security Advisory 53 (CVE-2013-2077) - Hypervisor crash due to missing exception recovery on XRSTOR Xen . org security team
Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV Xen . org security team
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Lloyd Dewolf
Re: [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Jeremy Stanley
Re: [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Robert Collins

Tuesday, 04 June

CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks Jan Lieskovsky
Re: CVE request: libraw: multiple issues Raphael Geissert
CVE request: libsrtp buffer overflow flaw Vincent Danen
CVE Request: More perf security fixes Marcus Meissner
CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Henri Salo
Re: CVE Request: More perf security fixes Andi Kleen
Re: CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Kurt Seifried
Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried
Re: CVE Request -- Gallery < 3.0.8 - Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks Kurt Seifried
Re: CVE Request: kernel info leak in tkill/tgkill Kurt Seifried
Re: CVE Request: libimobiledevice insecure /tmp use Kurt Seifried
Re: CVE request: libsrtp buffer overflow flaw Vincent Danen
Re: [security] [oss-security] CVE request: CKEditor module for Drupal access bypass SA-CONTRIB-2011-054 Derek Wright

Wednesday, 05 June

CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P
CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user P J P
Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() P J P
Re: CVE Request: More perf security fixes Peter Zijlstra
Re: CVE request: WordPress advanced-xml-reader XXE Henri Salo
Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE Request: More perf security fixes Peter Zijlstra
Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE Request: More perf security fixes Peter Zijlstra
Re: CVE Request: More perf security fixes Petr Matousek
Re: Re: CVE Request: More perf security fixes Petr Matousek
Joomla URL change Henri Salo
Re: Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE Request: More perf security fixes Stephane Eranian
Re: CVE Request: More perf security fixes Stephane Eranian
CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Russ Allbery
xen/blkback: Check device permissions before allowing OP_DISCARD Konrad Rzeszutek Wilk
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability 唐鳳
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Daniel Kahn Gillmor
Re: xen/blkback: Check device permissions before allowing OP_DISCARD Kurt Seifried
Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE Request: More perf security fixes Kurt Seifried
Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl() Kurt Seifried
Re: CVE Request: Linux kernel: fanotify: info leak in copy_event_to_user Kurt Seifried
Re: CVE Request: More perf security fixes Andi Kleen
Re: CVE Request: pwgen Michael Samuel

Thursday, 06 June

Re: CVE Request: More perf security fixes Stephane Eranian
CVE Request: Linux Kernel - Leak information in cdrom driver. Jonathan Salwan
[PATCH] perf: fix hypervisor branch sampling permission check Stephane Eranian
Re: [PATCH] perf: fix hypervisor branch sampling permission check Petr Matousek
Re: CVE Request: More perf security fixes Petr Matousek
Re: CVE Request: More perf security fixes Stephane Eranian
chroots & uid sharing Jason A. Donenfeld
Re: chroots & uid sharing Jason A. Donenfeld
CVE request: WordPress plugin uk-cookie CSRF Henri Salo
Re: chroots & uid sharing Seth Arnold
CVE request for Drupal contributed module Forest Monsen
Linux kernel format string flaws Kees Cook
Re: Linux kernel format string flaws Greg KH
Re: chroots & uid sharing Kurt Seifried
Re: CVE request for Drupal contributed module Kurt Seifried

Friday, 07 June

ownCloud Security Advisory oC-SA-2013-028 Lukas Reschke
Broken authentication on Monkey HTTPD Auth plugin Felipe Pena
Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team
Re: chroots & uid sharing Tom Maher
CVE request: Monkey HTTPD - DoS due bug on Range header handling Felipe Pena

Saturday, 08 June

CVE request: Debian's package "mysql-server" leaks credential information vladz
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin
Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin
Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin
Re: CVE request: Debian's package "mysql-server" leaks credential information larry Cashdollar
Re: CVE request: Debian's package "mysql-server" leaks credential information Daniel Kahn Gillmor
Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried
Re: CVE request: Debian's package "mysql-server" leaks credential information Kurt Seifried

Sunday, 09 June

RE: CVE request: Debian's package "mysql-server" leaks credential information Christey, Steven M.

Monday, 10 June

Re: CVE request: libraw: multiple issues Alexander Bergmann
Re: CVE request: Debian's package "mysql-server" leaks credential information gremlin
Re: CVE request: Debian's package "mysql-server" leaks credential information Florian Weimer
Re: CVE request: Debian's package "mysql-server" leaks credential information Henri Salo
Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) vladz
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Larry W. Cashdollar
Re: CVE request: Monkey HTTPD - DoS due bug on Range header handling Kurt Seifried
Re: CVE Request: Linux Kernel - Leak information in cdrom driver. Kurt Seifried

Tuesday, 11 June

Re: CVE request: libraw: multiple issues Raphael Geissert
CVE request: resin: Cross site scripting Agostino Sarubbo
CVE request: WordPress 3.5.1 denial of service vulnerability Henri Salo
Re: CVE-2013-2145: perl Module::Signature code execution vulnerability Vincent Danen
CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Alan Coopersmith

Wednesday, 12 June

Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Andrew Nacin
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Kurt Seifried
Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Yves-Alexis Perez
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Alexander Cherepanov
CVE request for Drupal contrib module Forest Monsen
Re: CVE request: WordPress 3.5.1 denial of service vulnerability Solar Designer
Re: KDE Paste Applet Michael Samuel

Thursday, 13 June

CVE-2013-2168: dbus: DoS in system services caused by _dbus_printf_string_upper_bound Simon McVittie
[OSSA 2013-015] Authentication bypass when using LDAP backend (CVE-2013-2157) Thierry Carrez
[OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161) Jeremy Stanley
Re: CVE request: resin: Cross site scripting Kurt Seifried
Re: CVE request for Drupal contrib module Kurt Seifried
Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only) Kurt Seifried
Re: CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+ Kurt Seifried
Re: CVE request: WordPress plugin uk-cookie CSRF Kurt Seifried
CVE request: MovableType before 5.2.6 John Lightsey

Friday, 14 June

Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team
CVE request: XSS on Monkey HTTPD - dirlisting plugin Felipe Pena
CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Felipe Pena
CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena
RE: CVE request: FD leakage for cgi program on Monkey HTTPD Christey, Steven M.
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Felipe Pena
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold
Re: CVE request: MovableType before 5.2.6 Kurt Seifried
Re: CVE request: XSS on Monkey HTTPD - dirlisting plugin Kurt Seifried
Re: CVE request: Bypass protected directory by Monkey HTTPD - Mandril security plugin Kurt Seifried
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Kurt Seifried
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Yves-Alexis Perez
Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey
Re: CVE request: FD leakage for cgi program on Monkey HTTPD Seth Arnold
Re: CVE request: FD leakage for cgi program on Monkey HTTPD John Lightsey

Sunday, 16 June

Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core TYPO3 Security Team

Monday, 17 June

CVE Request: Linux - ext4 support Jonathan Salwan
Re: CVE Request: Linux - ext4 support Greg KH
Re: CVE Request: Linux - ext4 support Jonathan Salwan
Re: CVE Request: Linux - ext4 support Greg KH
CVE-2013-2175 : haproxy may crash when using header occurrences relative to the tail Willy Tarreau
Re: CVE Request: Linux - ext4 support Kurt Seifried
Thoughts on a vuln/CVE? Kurt Seifried
Re: Thoughts on a vuln/CVE? Yves-Alexis Perez
Re: Thoughts on a vuln/CVE? Russ Allbery
Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff
Re: Thoughts on a vuln/CVE? Kurt Seifried

Tuesday, 18 June

CVE request: gnome-shell crash, screen unlock on resume Florian Weimer
Re: Thoughts on a vuln/CVE? Florian Weimer
Re: Thoughts on a vuln/CVE? Simon McVittie
Re: Thoughts on a vuln/CVE? Dave Walker
Re: Thoughts on a vuln/CVE? Tim
Re: Thoughts on a vuln/CVE? Moritz Muehlenhoff
Re: Thoughts on a vuln/CVE? Kurt Seifried
Re: CVE request: gnome-shell crash, screen unlock on resume Kurt Seifried
Re: Thoughts on a vuln/CVE? Florian Weimer
Re: Thoughts on a vuln/CVE? Kurt Seifried

Wednesday, 19 June

Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried
[OSSA 2013-017] Issues in Keystone middleware memcache signing/encryption feature (CVE-2013-2166, CVE-2013-2167) Thierry Carrez
[CVE identifier assignment notification] CVE-2013-2191 python-bugzilla: Does not verify Bugzilla server certificate Jan Lieskovsky
CVE request for Drupal contributed module Forest Monsen

Thursday, 20 June

Re: Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling Kurt Seifried
Re: CVE request for Drupal contributed module Kurt Seifried
Xen Security Advisory 55 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling Xen . org security team
CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Petr Matousek
Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference Kurt Seifried

Friday, 21 June

CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Jan Lieskovsky
Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team
Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Kurt Seifried

Monday, 24 June

CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Jan Lieskovsky
Re: CVE Request -- Review Board: Stored XSS due improper sanitization of user's full name in the reviews dropdown (fixed in upstream v1.7.10, v1.6.17 versions) Kurt Seifried

Tuesday, 25 June

Re: Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys Kurt Seifried
Re: [LightDM] light-locker 0.1.0 released Yves-Alexis Perez
Re: KDE Paste Applet Michael Samuel
Re: KDE Paste Applet Kurt Seifried

Wednesday, 26 June

Re: KDE Paste Applet Garth Mollett
Xen Security Advisory 57 (CVE-2013-2211) - libxl allows guest write access to sensitive console related xenstore keys Xen . org security team
Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixes Xen . org security team
CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen
Re: CVE request: unauthorized host/service views displayed in servicegroup view Raphael Geissert
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
1.2k bug reports for Debian, some may be security Kurt Seifried
Re: 1.2k bug reports for Debian, some may be security Russ Allbery
Re: 1.2k bug reports for Debian, some may be security Kurt Seifried

Thursday, 27 June

CVE request for GLPI Mehrenberger, Xavier
CVE Request -- python-suds: Insecure temporary directory use when initializing file-based URL cache Jan Lieskovsky
CVE request: GLPI, multiple issues Raphael Geissert
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Steven M. Christey
Re: CVE Request -- python-suds: Insecure temporary directory use when initializing file-based URL cache Kurt Seifried
Re: 1.2k bug reports for Debian, some may be security Steven M. Christey
Re: 1.2k bug reports for Debian, some may be security Alexandre Rebert

Friday, 28 June

CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Jan Lieskovsky
Re: CVE Request - PHP PECL Radius (php-pecl-radius) v1.2.7 fixing a security flaw in radius_get_vendor_attr() Kurt Seifried
general Krb5 DNS vulnerabilities (e.g. krb5 web auth)? [was: Re: [oss-security] CVE request: rpc-gssd is vulnerable to DNS spoofing] Daniel Kahn Gillmor

Saturday, 29 June

CVE request: Multiple issues in GNU ZRTPCPP Dan Rosenberg

Sunday, 30 June

CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri
Re: CVE request: Multiple issues in GNU ZRTPCPP Kurt Seifried
Re: 1.2k bug reports for Debian, some may be security Kurt Seifried
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Steven Ciaburri
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried
Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Kurt Seifried
Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Kurt Seifried
Re: CVE request for GLPI Kurt Seifried
Re: CVE request: GLPI, multiple issues Kurt Seifried
Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Steven Ciaburri

Previous period

Next period