oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

688 messages starting Jul 09 13 and ending Jul 25 13
Date index | Thread index | Author index

Adam D. Barratt

Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt (Jul 09)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt (Jul 09)

Adéla Goldová

[CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
[CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová (Aug 10)
[CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová (Aug 11)
[CVE Request] Event Easy Calendar Adéla Goldová (Sep 09)
[CVE Request] IndiaNIC Testimonial 2.2 WP plugin Adéla Goldová (Sep 01)

Agostino Sarubbo

Re: CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Agostino Sarubbo (Jul 01)
CVE request: Torque privilege escalation Agostino Sarubbo (Sep 09)
CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 04)
CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Agostino Sarubbo (Sep 14)
CVE request: nullmailer world readable /etc/nullmailer/remotes Agostino Sarubbo (Aug 09)
Re: CVE request: Torque privilege escalation Agostino Sarubbo (Sep 09)
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 05)

Alan Coopersmith

Re: Question about CVE for X!! DoS Alan Coopersmith (Jul 05)

Alessandro Cresto Miseroglio

Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)
Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio (Aug 21)

Alexander Cherepanov

Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov (Sep 14)
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov (Sep 18)
Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
Re: HTTPS Alexander Cherepanov (Aug 26)
Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)

Alexandre Dulaunoy

CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution" Alexandre Dulaunoy (Jul 29)

Alex Legler

Re: Re: CVE oops in GLSA 201308-05 (wireshark) Alex Legler (Aug 29)

Andreas Ericsson

Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson (Sep 04)
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson (Sep 04)

Andreas Nilsson

Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson (Jul 30)

Andrew Nacin

CVE Requests for WordPress 3.6.1 Andrew Nacin (Sep 11)
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)

Andrey Korolyov

Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov (Aug 22)
Re: Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov (Aug 22)

Andy Lutomirski

Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski (Aug 06)
Re: CLONE_NEWUSER local DoS Andy Lutomirski (Aug 06)

Bastien ROUCARIES

CVE request for imagemagick bug Bastien ROUCARIES (Aug 30)

Bernhard Miklautz

Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Bernhard Miklautz (Jul 12)

Bharat Mediratta

Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Bharat Mediratta (Jul 04)

Brian Cameron

Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Brian Cameron (Aug 15)

Chris Reffett

CVE request: X2Go server Chris Reffett (Sep 24)

Christey, Steven M.

RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
RE: CVE Request - Coin Widget serves code over plain http. Christey, Steven M. (Jul 28)
RE: rubygems insecure download (and other problems) Christey, Steven M. (Aug 15)
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
RE: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Christey, Steven M. (Jul 23)
RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M. (Aug 09)

Christian Heimes

Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Christian Heimes (Aug 15)

cve-assign

Re: graphite CVE-2013-5903 confusion cve-assign (Sep 27)
Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 cve-assign (Aug 24)
CVEs for Wireshark 1.8.10 and 1.10.2 releases cve-assign (Sep 11)
Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences cve-assign (Aug 26)
valid but unusual sequence of CVEs in SYM13-009 cve-assign (Aug 05)
Re: CVE request: unauthorized host/service views displayed in servicegroup view cve-assign (Sep 04)
Re: CVE request: serendipity before 1.7.3 XSS cve-assign (Sep 01)
Re: SSL BREACH cve-assign (Sep 23)
CVE-2013-5641 CVE-2013-5642 recent Asterisk issues cve-assign (Aug 28)
Re: CVE-2013-5696: split needed cve-assign (Sep 23)
Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 23)
CVE-2013-5575 LibTIFF through 3.9.5 integer overflow cve-assign (Aug 24)
Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin cve-assign (Sep 01)
Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
Re: CVE oops in GLSA 201308-05 (wireshark) cve-assign (Aug 28)
Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem cve-assign (Sep 01)
Re: CVE request, libdigidoc arbitrary file overwrite flaw cve-assign (Aug 28)
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload cve-assign (Aug 29)
Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b cve-assign (Aug 25)
Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access cve-assign (Aug 29)
Re: Command Injection in Ruby Gem Sounder 1.0.1 cve-assign (Aug 28)
Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign (Jul 29)
Re: SSL BREACH cve-assign (Aug 06)
pending Bitcoin/Android CVE assignments cve-assign (Aug 12)
Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign (Aug 28)
Re: tomcat CVE confusion cve-assign (Aug 08)

Dag-Erling Smørgrav

Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav (Aug 22)
Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav (Aug 22)

Dan Carpenter

Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)

Daniele Bianco

[oCERT-2013-001] File Roller path sanitization errors Daniele Bianco (Jul 08)

Daniel Kahn Gillmor

Re: Requesting CVE-ID(s) for Python's pip Daniel Kahn Gillmor (Aug 01)
Re: npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor (Jul 10)
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor (Jul 10)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Daniel Kahn Gillmor (Sep 04)
Re: Possibly insecure permissions on sshd_config in Debian-based distros Daniel Kahn Gillmor (Aug 22)
GnuPG treats no-usage-permitted keys as all-usages-permitted Daniel Kahn Gillmor (Sep 12)
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor (Jul 25)
Re: PostgreSQL insecure install via yum (multiple problems) Daniel Kahn Gillmor (Aug 20)

Dan Pasette

Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette (Jul 18)

Dan Williams

Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Dan Williams (Aug 08)

David Jorm

Re: tomcat CVE confusion David Jorm (Aug 07)
Re: CVE-2013-2185 / Tomcat David Jorm (Sep 04)
CVE request: XSS in Google Web Toolkit (GWT) David Jorm (Aug 04)
CVE request: remote code execution due to XML deserialization in Restlet David Jorm (Aug 08)

David Lamparter

CVE request: Quagga OSPF-API stack overrun David Lamparter (Jul 03)

David Walser

tomcat CVE confusion David Walser (Aug 07)
Fw: python CVE typoed in Mageia advisory David Walser (Aug 26)

Dhiru Kholia

Re: Research on better-than-brute-force attacks on PDF cryptography Dhiru Kholia (Sep 22)
Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
Reproducible Builds for Fedora Dhiru Kholia (Sep 24)

Dieter Adriaenssens

Re: [Phpmyadmin-security] [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Dieter Adriaenssens (Jul 30)

Donald Stufft

CVE Request: Insecure Software Download in pip Donald Stufft (Jul 25)
Re: HTTPS Donald Stufft (Aug 15)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 07)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft (Aug 14)
Re: Reserved CVE for pip Donald Stufft (Aug 07)
Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Donald Stufft (Jul 23)
Re: Requesting CVE-ID(s) for Python's pip Donald Stufft (Jul 29)
Re: Requesting CVE-ID(s) for Python's pip Donald Stufft (Jul 26)
Re: rubygems insecure download (and other problems) Donald Stufft (Aug 14)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 27)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 03)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Aug 21)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 29)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 30)
Reserved CVE for pip Donald Stufft (Aug 07)
Re: CVE Request: Insecure Software Download in pip Donald Stufft (Jul 31)

donesh.l

Trend micro contact details donesh.l (Sep 26)

Eric Blake

Re: [Libvirt-Security] [oss-security] CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Eric Blake (Jul 01)

Eric H. Christensen

Re: PostgreSQL insecure install via yum (multiple problems) Eric H. Christensen (Aug 19)

Eric Hodel

Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 20)
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 17)
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 18)
CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel (Sep 09)

Eric W. Biederman

Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Eric W. Biederman (Aug 06)

Eric Wimberley

Watchman - GCC buffer overflow framework Eric Wimberley (Sep 03)

etienne

CVE Request : poppler < 0.13.0 etienne (Sep 18)

Evan Teitelman

CVE Request - Coin Widget serves code over plain http. Evan Teitelman (Jul 27)
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Evan Teitelman (Aug 09)

Florent Daigniere

Re: pending Bitcoin/Android CVE assignments Florent Daigniere (Aug 12)

Florian

Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian (Aug 07)
CVE Request - MongoDB <=2.4.4 uninitialized object Florian (Jul 17)

Florian Weimer

Re: Trend micro contact details Florian Weimer (Sep 29)
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Florian Weimer (Sep 09)
Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Florian Weimer (Aug 19)
Re: HTTPS Florian Weimer (Aug 15)
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Sep 14)
Re: [PATCH] implement privmode support in dash Florian Weimer (Aug 23)
Re: Question about signed email Florian Weimer (Jul 02)
Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Florian Weimer (Aug 11)
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer (Aug 22)
X.509 name constraints and potential interpretation conflict Florian Weimer (Aug 12)
ISC DHCP client and unsolicited DHCP options Florian Weimer (Jul 17)
Research on better-than-brute-force attacks on PDF cryptography Florian Weimer (Sep 17)

Forest Monsen

CVE request for Drupal contributed modules Forest Monsen (Aug 21)
CVE request for Drupal contributed modules Forest Monsen (Aug 09)
CVE request for Drupal contrib modules Forest Monsen (Sep 03)
CVE request for Drupal contributed modules Forest Monsen (Jul 25)
CVE request for Drupal contributed modules Forest Monsen (Jul 22)
CVE request for Drupal contrib modules Forest Monsen (Jul 16)
CVE request for Drupal contributed modules Forest Monsen (Sep 26)
Re: CVE request for a Drupal contributed module Forest Monsen (Jul 22)
Re: CVE request for Drupal contributed modules Forest Monsen (Aug 11)
CVE request for Drupal contributed module Forest Monsen (Jul 31)
CVE request for Drupal contrib module Forest Monsen (Jul 05)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-13:10.sctp FreeBSD Security Advisories (Aug 21)
FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver FreeBSD Security Advisories (Jul 26)
FreeBSD Security Advisory FreeBSD-SA-13:07.bind FreeBSD Security Advisories (Jul 26)

Giuseppe Iuculano

Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Giuseppe Iuculano (Aug 13)

Greg KH

Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Greg KH (Aug 08)

gremlin

Re: HTTPS gremlin (Aug 16)
Re: HTTPS (was: rubygems insecure download (and other problems)) gremlin (Aug 14)
Re: HTTPS gremlin (Aug 15)
Re: HTTPS gremlin (Aug 15)
Re: HTTPS gremlin (Aug 16)

Hamid Zamani

Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Sep 09)
CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities Hamid Zamani (Jul 18)
CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Aug 15)
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani (Aug 19)

Hannes Frederic Sowa

Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) Hannes Frederic Sowa (Aug 20)
Re: PoC: Function Pointer Protection in C Programs Hannes Frederic Sowa (Aug 21)
Fix for CVE-2013-0343 queued up (linux-kernel/ipv6 temp. addresses) Hannes Frederic Sowa (Aug 20)
linux kernel memory corruption with ipv6 udp offloading Hannes Frederic Sowa (Sep 27)

Hanno Böck

CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 Hanno Böck (Aug 24)
cve request: cms made simple XSS before 1.11.7 Hanno Böck (Jul 21)
CVE request: webcalendar before 1.2.7 Hanno Böck (Jul 22)
CVE request: serendipity before 1.7.3 XSS Hanno Böck (Aug 31)

Harald van Dijk

Re: [PATCH] implement privmode support in dash Harald van Dijk (Aug 22)

Hector Marco

Re: CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco (Jul 15)
CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco (Jul 15)

Helmut Grohne

Re: ISC DHCP client and unsolicited DHCP options Helmut Grohne (Jul 28)

Henri Salo

Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Henri Salo (Sep 10)
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 11)
Re: rubygems insecure download (and other problems) Henri Salo (Aug 15)
CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo (Jul 10)
CVE request: Zenphoto waraxe-2012-SA#096 Henri Salo (Jul 10)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 24)
Cisco announces agreement to acquire Sourcefire Henri Salo (Jul 23)
Re: CVE request for Drupal contributed modules Henri Salo (Aug 10)
CVE request: TYPO3-CORE-SA-2013-003 Henri Salo (Sep 07)
Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Henri Salo (Jul 23)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 25)
Re: Command Injection in Ruby Gem Sounder 1.0.1 Henri Salo (Aug 28)
CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo (Sep 15)
CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002 Henri Salo (Aug 14)

Henri Wahl

Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Henri Wahl (Jul 12)

Huzaifa Sidhpurwala

Re: CVE-2013-5575 LibTIFF through 3.9.5 integer overflow Huzaifa Sidhpurwala (Aug 25)
Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Huzaifa Sidhpurwala (Aug 22)

isis agora lovecruft

Re: Requesting CVE-ID(s) for Python's pip isis agora lovecruft (Aug 01)
Requesting CVE-ID(s) for Python's pip isis agora lovecruft (Jul 26)

Jakob Lell

Quick Blind TCP Connection Spoofing with SYN Cookies Jakob Lell (Aug 13)

Jan Lieskovsky

CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Jan Lieskovsky (Jul 11)
Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Jan Lieskovsky (Aug 08)
Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Jan Lieskovsky (Jul 31)
CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Jan Lieskovsky (Aug 08)
Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Jan Lieskovsky (Aug 08)
CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Jan Lieskovsky (Jul 10)
CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Jan Lieskovsky (Aug 08)
CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 29)
CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Jan Lieskovsky (Aug 11)
[Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29 Jan Lieskovsky (Aug 09)
Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky (Jul 30)
CVE Request -- gallery3 (3.0.9): Fixing two security flaws Jan Lieskovsky (Jul 04)
CVE Request - php 5.3.27 fixing heap corruption in the XML parser Jan Lieskovsky (Jul 11)
[CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky (Aug 09)
CVE Request -- kde-workspace 4.10.5 fixing two security flaws Jan Lieskovsky (Jul 16)

Jean-Baptiste Kempf

Re: new FFMpeg stuff Jean-Baptiste Kempf (Jul 25)
Re: new FFMpeg stuff Jean-Baptiste Kempf (Jul 25)

Jérémie Courrèges-Anglas

Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)
Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas (Aug 23)

Jeremy Stanley

Re: Requesting CVE-ID(s) for Python's pip Jeremy Stanley (Aug 01)
Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) Jeremy Stanley (Sep 19)
Re: HTTPS Jeremy Stanley (Aug 15)
[OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) Jeremy Stanley (Aug 06)
[OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256) Jeremy Stanley (Aug 06)
[OSSA 2013-021] Cinder LVM volume driver does not support secure deletion (CVE-2013-4183) Jeremy Stanley (Aug 07)

Jilles Tjoelker

Re: [PATCH] implement privmode support in dash Jilles Tjoelker (Aug 22)

Jochen Bern

Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jochen Bern (Sep 04)

Joel Weinberger

Re: browser document.cookie DoS vulnerability Joel Weinberger (Sep 20)

John Haxby

Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) John Haxby (Aug 21)

Jonas Meurer

Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Aug 30)
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Jul 10)
Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer (Sep 04)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer (Aug 03)

Jonathan Salwan

OpenVZ security repport - Multiple memory leaks (CVE-2013-2239) Jonathan Salwan (Jul 04)

Joshua Wise

CVE-2013-4137: StatusNet v1.1.0: SQL injection Joshua Wise (Jul 18)

Julien Cristau

Re: Question about CVE for X!! DoS Julien Cristau (Jul 05)

Kees Cook

Linux HID security flaws Kees Cook (Aug 28)

Kevin Fenzi

Re: PostgreSQL insecure install via yum (multiple problems) Kevin Fenzi (Aug 19)

Konrad Rzeszutek Wilk

Re: Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Konrad Rzeszutek Wilk (Jul 24)

Kousuke Ebihara

CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kousuke Ebihara (Sep 09)

Kurt Seifried

Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
Re: tomcat CVE confusion Kurt Seifried (Aug 07)
Re: ISC DHCP client and unsolicited DHCP options Kurt Seifried (Jul 17)
Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Kurt Seifried (Jul 02)
Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 18)
Re: CVE request for imagemagick bug Kurt Seifried (Sep 03)
Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried (Jul 11)
Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws Kurt Seifried (Jul 16)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 31)
Re: [Libvirt-Security] [oss-security] CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Kurt Seifried (Jul 01)
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried (Jul 03)
Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried (Jul 25)
Re: CVE request: GnuPG side-channel attack on RSA secret keys Kurt Seifried (Jul 26)
Re: cve requests for python-oauth2 Kurt Seifried (Sep 12)
Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried (Jul 25)
Re: CVE Request: Ansible not caching SSH host keys Kurt Seifried (Jul 02)
Re: [PATCH] implement privmode support in dash Kurt Seifried (Aug 22)
Re: CVE request: pyOpenSSL hostname check bypassing vulnerability Kurt Seifried (Sep 06)
Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 10)
Re: CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities Kurt Seifried (Jul 18)
Re: CVE Request: FFmpeg 2.0.1 multiple problems Kurt Seifried (Aug 21)
Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 09)
Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
Re: Buffer overrun vulnerability in CHICKEN Scheme Kurt Seifried (Sep 26)
Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration Kurt Seifried (Jul 19)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 27)
Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried (Jul 27)
Re: CVE request: X2Go server Kurt Seifried (Sep 25)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Jul 08)
Re: CVE request for Drupal contrib modules Kurt Seifried (Sep 11)
Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried (Aug 22)
Re: CVE request for Drupal contributed modules Kurt Seifried (Jul 27)
OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)
Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 12)
Re: [vs-plain] Request for CVE Identifiers Kurt Seifried (Aug 01)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 16)
OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) Kurt Seifried (Sep 19)
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried (Sep 16)
Re: [CVE Request] Event Easy Calendar Kurt Seifried (Sep 09)
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 17)
Re: CVE request: Quagga OSPF-API stack overrun Kurt Seifried (Jul 03)
Re: CVE Request - php 5.3.27 fixing heap corruption in the XML parser Kurt Seifried (Jul 11)
Some Nagios /tmp vulns (no reply from upstream) Kurt Seifried (Aug 07)
Re: CVE request: XSS in Google Web Toolkit (GWT) Kurt Seifried (Aug 04)
Re: CVE request for Drupal contributed modules Kurt Seifried (Sep 26)
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
Re: CVE-2013-5696: split needed Kurt Seifried (Sep 20)
Re: Reserved CVE for pip Kurt Seifried (Aug 07)
Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Kurt Seifried (Jul 31)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 09)
Re: CVE Request: smokeping incomplete fix for CVE-2012-0790 Kurt Seifried (Jul 19)
Re: CVE request: qemu host crash from within guest Kurt Seifried (Sep 26)
Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried (Aug 22)
Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Kurt Seifried (Jul 04)
Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Kurt Seifried (Aug 08)
Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried (Jul 05)
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 18)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 09)
Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried (Aug 12)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried (Jul 03)
Re: CVE Requests for WordPress 3.6.1 Kurt Seifried (Sep 11)
Re: CVE-Request FFmpeg vulnerability Kurt Seifried (Sep 16)
Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 22)
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
Re: CVE Request -- spice: unsafe clients ring access abort Kurt Seifried (Jul 15)
Re: CVE request for a Drupal contributed module Kurt Seifried (Jul 27)
Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried (Aug 08)
CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!) Kurt Seifried (Jun 30)
Please REJECT CVE-2013-4141 Kurt Seifried (Jul 17)
Re: CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Kurt Seifried (Jul 15)
Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2 Kurt Seifried (Jul 22)
Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried (Jul 27)
SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
Re: Rgpg Ruby Gem Remote Command Injection (CVE Request) Kurt Seifried (Aug 02)
Re: CVE request for Drupal contrib module Kurt Seifried (Jul 06)
cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 08)
Re: CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kurt Seifried (Sep 11)
Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Kurt Seifried (Sep 16)
Re: npm uses predictable temporary filenames when unpacking tarballs Kurt Seifried (Jul 11)
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
Re: HTTPS Kurt Seifried (Aug 21)
Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Kurt Seifried (Jul 16)
PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Kurt Seifried (Jul 11)
Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Kurt Seifried (Aug 12)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 16)
Please REJECT CVE-2013-4141 Kurt Seifried (Jul 17)
Re: CVE request for Mozilla Firefox (Windows) Kurt Seifried (Jul 10)
Kurt go byebye for vacation next week Kurt Seifried (Aug 21)
Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried (Jul 16)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
Re: GnuPG treats no-usage-permitted keys as all-usages-permitted Kurt Seifried (Sep 13)
Re: CVE request: three additional flaws fixed in putty 0.63 Kurt Seifried (Aug 06)
Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Kurt Seifried (Aug 12)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Jul 29)
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried (Jul 25)
Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Kurt Seifried (Jul 27)
Re: Requesting CVE-ID(s) for Python's pip Kurt Seifried (Jul 29)
Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Kurt Seifried (Aug 09)
Re: CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Kurt Seifried (Jul 15)
Re: CVE Request: CPAN perl module Data::UUID symlink attacks Kurt Seifried (Jul 31)
Re: CVE request: remote code execution due to XML deserialization in Restlet Kurt Seifried (Aug 08)
Re: CVE Request: Insecure Software Download in pip Kurt Seifried (Aug 21)
Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried (Jul 25)
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Kurt Seifried (Aug 16)
SSL BREACH Kurt Seifried (Aug 06)
Re: CVE Request -- php - handling of certs with null bytes Kurt Seifried (Aug 14)
Re: CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Kurt Seifried (Jul 15)
Re: CVE request for Drupal contrib modules Kurt Seifried (Jul 16)
Re: CVE Request: information leak in AF_KEY notify messages Kurt Seifried (Jul 02)
Re: Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Kurt Seifried (Aug 12)
Re: Re: Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried (Jul 10)
Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Kurt Seifried (Aug 12)
Re: CVE request: davfs2 - Unsecure use of system() Kurt Seifried (Sep 18)
Re: Xen Security Advisory 61 - libxl partially sets up HVM passthrough even with disabled iommu Kurt Seifried (Sep 10)
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Kurt Seifried (Jul 29)
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 07)
Re: CVE requests for Ajaxplorer Kurt Seifried (Aug 21)
Re: new FFMpeg stuff Kurt Seifried (Jul 25)
Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried (Jul 29)
Re: CVE Request -- vdsm: incomplete fix for CVE-2013-0167 issue Kurt Seifried (Aug 12)
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Kurt Seifried (Aug 19)
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)
Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Kurt Seifried (Jul 19)
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried (Aug 09)
Re: Re: browser document.cookie DoS vulnerability Kurt Seifried (Sep 25)
Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8 Kurt Seifried (Sep 04)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried (Sep 25)
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Kurt Seifried (Aug 09)
Re: CVE request: Torque privilege escalation Kurt Seifried (Sep 09)
Update for CVE-2013-4852: PuTTY SSH handshake heap overflow (FileZilla reportedly embeds a copy) Kurt Seifried (Aug 05)
Re: Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Sep 04)
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Kurt Seifried (Sep 09)
Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
Re: CVE request for Drupal contributed module Kurt Seifried (Jul 31)
Re: HTTPS Kurt Seifried (Aug 15)
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried (Sep 16)
Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Jul 05)
Re: CVE request: Torque privilege escalation Kurt Seifried (Sep 09)
Question about CVE for X!! DoS Kurt Seifried (Jul 05)
Re: Question about CVE for X!! DoS Kurt Seifried (Jul 05)
Re: CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root Kurt Seifried (Aug 14)
Re: CVE Request: lightdm incorrect .Xauthority permissions Kurt Seifried (Sep 11)
Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 09)
Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried (Aug 08)
Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried (Jul 27)
Re: linux kernel memory corruption with ipv6 udp offloading Kurt Seifried (Sep 28)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Aug 02)
Re: CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Kurt Seifried (Jul 01)
Re: new FFMpeg stuff Kurt Seifried (Jul 25)
Re: CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002 Kurt Seifried (Aug 14)
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried (Jul 03)
Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried (Jul 12)
Re: cve request: cms made simple XSS before 1.11.7 Kurt Seifried (Jul 25)
Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Kurt Seifried (Jul 11)
Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Kurt Seifried (Sep 26)
new FFMpeg stuff Kurt Seifried (Jul 08)
Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. Kurt Seifried (Jul 23)
Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Kurt Seifried (Sep 13)
Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 19)
Re: CVE request: TYPO3-CORE-SA-2013-003 Kurt Seifried (Sep 09)
Re: rubygems insecure download (and other problems) Kurt Seifried (Aug 15)
Re: CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution" Kurt Seifried (Jul 29)
Re: CVE request: timing leak in bitcoind Kurt Seifried (Jul 25)
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried (Jul 26)
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried (Jul 11)
Question about signed email Kurt Seifried (Jul 01)
Re: CVE request for Drupal contributed modules Kurt Seifried (Aug 21)
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)
rubygems insecure download (and other problems) Kurt Seifried (Aug 14)
Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried (Jul 25)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried (Sep 03)
Re: [CVE request] Django 1.4.6 security release Kurt Seifried (Aug 14)
Re: OpenX Ad Server Backdoor CVE? Kurt Seifried (Aug 06)
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Kurt Seifried (Jul 23)
Re: CVE request for Mozilla Thunderbird (Windows) Kurt Seifried (Jul 10)
Re: CLONE_NEWUSER local DoS Kurt Seifried (Aug 06)
Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried (Sep 18)
Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 25)
Re: Request for linux-distros list membership Kurt Seifried (Jul 01)
Re: CVE Request: Three integer overflows in glibc memory allocator Kurt Seifried (Sep 11)
Re: HTTPS Kurt Seifried (Aug 15)

Landon Hurley

Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)

Larry Cashdollar

Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Larry Cashdollar (Sep 01)

Larry W. Cashdollar

Rgpg Ruby Gem Remote Command Injection (CVE Request) Larry W. Cashdollar (Aug 02)
YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 29)
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Larry W. Cashdollar (Aug 31)
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
Features 0.3.0 Ruby gem /tmp file injection vulnerability Larry W. Cashdollar (Sep 09)
YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar (Aug 30)
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Larry W. Cashdollar (Sep 10)
Re: Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar (Aug 28)
Re: OSS at all? (was: [oss-security] YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload) Larry W. Cashdollar (Aug 30)
Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar (Aug 27)

Leon Weber

CVE request: pyxtrlock Leon Weber (Sep 25)

LSE Leading Security Experts GmbH (Security Advisories)

LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin LSE Leading Security Experts GmbH (Security Advisories) (Jul 05)

Luciano Bello

CVE request: davfs2 - Unsecure use of system() Luciano Bello (Sep 17)

Ludwig Nussel

Re: [PATCH] implement privmode support in dash Ludwig Nussel (Aug 23)
Re: X.509 name constraints and potential interpretation conflict Ludwig Nussel (Aug 20)
Re: Reproducible Builds for Fedora Ludwig Nussel (Sep 25)

Magnus Hagander

Re: [pgsql-security] Re: [oss-security] PostgreSQL insecure install via yum (multiple problems) Magnus Hagander (Aug 20)

Maksymilian

Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian (Jul 04)

mancha

NULL pointer dereferences; multiple issues mancha (Jul 05)
Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 18)
Re: CVE Request: Three integer overflows in glibc memory allocator mancha (Sep 12)
Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha (Aug 10)
CVE request: Cyrus-sasl NULL ptr. dereference mancha (Jul 12)
CVE Request - xlockmore 5.43 fixes a security flaw mancha (Jul 16)
Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mancha (Jul 16)

Marc Deslauriers

Re: Fwd: [vs-plain] polkit races Marc Deslauriers (Sep 18)
CVE Request: lightdm incorrect .Xauthority permissions Marc Deslauriers (Sep 11)
CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
Re: CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)

Marcus Meissner

Re: rubygems insecure download (and other problems) Marcus Meissner (Aug 15)
Re: tomcat CVE confusion Marcus Meissner (Aug 08)
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Marcus Meissner (Jul 02)
CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner (Jul 03)
Re: [security () suse de] Re: [oss-security] Question about CVE for X!! DoS Marcus Meissner (Jul 09)
Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2 Marcus Meissner (Jul 18)
CVE Request: information leak in AF_KEY notify messages Marcus Meissner (Jul 01)

Matthew Wilkes

CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 04)
Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 10)
Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 25)
Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes (Jul 19)

Mehrenberger, Xavier

CVE requests for Ajaxplorer Mehrenberger, Xavier (Jul 04)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Sep 15)

Michael Gilbert

Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert (Aug 12)

Michael Niedermayer

Re: new FFMpeg stuff Michael Niedermayer (Jul 09)
CVE Request: FFmpeg 2.0.1 multiple problems Michael Niedermayer (Aug 20)

Michael Samuel

CVE Request: Ansible not caching SSH host keys Michael Samuel (Jun 30)
RESEND: CVE Request: pwgen Michael Samuel (Sep 25)
Re: [PATCH] implement privmode support in dash Michael Samuel (Aug 22)

Michael Tokarev

Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 09)
CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev (Jul 01)

Moritz Muehlenhoff

CVE-2013-2185 / Tomcat Moritz Muehlenhoff (Sep 04)
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 18)
Re: new FFMpeg stuff Moritz Muehlenhoff (Jul 08)
Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff (Jul 22)
[CVE request] Django 1.4.6 security release Moritz Muehlenhoff (Aug 13)

Moritz Naumann

Re: PostgreSQL insecure install via yum (multiple problems) Moritz Naumann (Aug 19)
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann (Sep 25)

Murray McAllister

CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Murray McAllister (Aug 12)

Nadim Kobeissi

Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi (Jul 09)
Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi (Jul 10)

Nathan March

Re: OpenX Ad Server Backdoor CVE? Nathan March (Aug 07)

Nicolas Vigier

Re: Reproducible Builds for Fedora Nicolas Vigier (Sep 25)

Oden Eriksson

CVE Request -- php - handling of certs with null bytes Oden Eriksson (Aug 14)

Oleg Nesterov

Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)
[PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov (Aug 06)
[PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Oleg Nesterov (Aug 06)
Re: CLONE_NEWUSER local DoS Oleg Nesterov (Aug 06)

Ondřej Bílka

Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 21)
Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka (Aug 22)

Oracle Security Alerts

Re: Possible CVE request: virtualbox virtio-net host DoS Oracle Security Alerts (Jul 05)

Paul

CVE request: timing leak in bitcoind Paul (Jul 24)

Paul Pluzhnikov

Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)

Pavel Labushev

Re: HTTPS Pavel Labushev (Aug 22)
Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev (Aug 16)
Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev (Aug 16)

Peter Bex

Buffer overrun vulnerability in CHICKEN Scheme Peter Bex (Sep 26)

Petr Matousek

CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Petr Matousek (Jul 15)
CLONE_NEWUSER local DoS Petr Matousek (Aug 06)
Re: [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Petr Matousek (Aug 07)
CVE Request -- vdsm: incomplete fix for CVE-2013-0167 issue Petr Matousek (Aug 12)
CVE request -- libvirt: virBitmapParse out-of-bounds read access Petr Matousek (Aug 29)
CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Petr Matousek (Sep 13)
Fwd: Use-after-free in TUNSETIFF Petr Matousek (Sep 12)
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Petr Matousek (Sep 05)
CVE Request -- spice: unsafe clients ring access abort Petr Matousek (Jul 15)
CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Petr Matousek (Jul 15)
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Petr Matousek (Jul 02)
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Petr Matousek (Aug 16)
[NOT A CVE REQUEST] CVE-2013-2230 -- libvirt: multiple registered events crash Petr Matousek (Jul 10)
CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Petr Matousek (Aug 12)
CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Petr Matousek (Jul 01)
CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Petr Matousek (Jul 19)
CVE request -- libvirt: crash of libvirtd without guest agent configuration Petr Matousek (Jul 19)
CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Petr Matousek (Jul 15)
CVE-2013-2231 -- qemu: qemu-ga win32 service unquoted search path Petr Matousek (Jul 22)

P J P

CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root P J P (Aug 14)
CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences P J P (Aug 26)
CVE Request: Linux kernel: arm64: unhandled el0 traps P J P (Aug 08)
CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. P J P (Jul 23)
CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P (Jul 23)

Rafael Luque

Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Rafael Luque (Sep 27)
CVE request: Javamelody blind XSS through X-Forwarded-For header Rafael Luque (Sep 26)

Raphael Geissert

CVE-2013-5696: split needed Raphael Geissert (Sep 20)
Re: CVE Request: Insecure Software Download in pip Raphael Geissert (Jul 31)
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Sep 17)
Possible CVE request: dovecot crash when disconnecting during pop3 LIST Raphael Geissert (Aug 14)
Possible CVE request: virtualbox virtio-net host DoS Raphael Geissert (Jul 05)
Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)
[notification] exactimage DoS, jumping into the unknown Raphael Geissert (Sep 05)
[notification] libraw: multiple denial of service vulnerabilities Raphael Geissert (Aug 29)
OSS at all? (was: [oss-security] YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload) Raphael Geissert (Aug 30)
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert (Aug 12)
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert (Jul 15)
CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Raphael Geissert (Jul 11)
Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert (Jul 04)

Raúl Benencia

CVE-2013-1436: xmonad-contrib remote command injection Raúl Benencia (Jul 26)

Reed Loden

Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
Re: rubygems insecure download (and other problems) Reed Loden (Aug 15)

Rémi Denis-Courmont

Re: new FFMpeg stuff Rémi Denis-Courmont (Jul 25)

Reno Robert

CVE-Request FFmpeg vulnerability Reno Robert (Sep 16)

Roy

Re: [PATCH] implement privmode support in dash Roy (Aug 23)

Russ Allbery

Two OpenAFS security advisories Russ Allbery (Jul 24)

Salvatore Bonaccorso

CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Salvatore Bonaccorso (Jul 26)
Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso (Aug 28)
owncloud 5.0.8 and 4.5.13 (oC-SA-2013-029 and oC-SA-2013-030) - CVE assignments? Salvatore Bonaccorso (Aug 05)
[notification] django: CVE-2013-1443: denial-of-service via large passwords Salvatore Bonaccorso (Sep 15)
CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Salvatore Bonaccorso (Jul 22)
CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso (Aug 25)
CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Salvatore Bonaccorso (Aug 08)
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Salvatore Bonaccorso (Aug 07)
CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso (Jul 20)
[notification] txt2man unsafe use of tempoarary files Salvatore Bonaccorso (Sep 25)
Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Salvatore Bonaccorso (Jul 23)
Re: CVE request: davfs2 - Unsecure use of system() Salvatore Bonaccorso (Sep 17)
Re: CVE Request: CPAN perl module Data::UUID symlink attacks Salvatore Bonaccorso (Jul 30)

Sebastian Krahmer

Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Sebastian Krahmer (Jul 01)
Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
Fwd: [vs-plain] polkit races Sebastian Krahmer (Sep 18)
Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer (Jul 15)
Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)

Sebastian Pipping

CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 23)
CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping (Jul 23)
Re: GIMP Scriptfu Python Remote Command Execution Sebastian Pipping (Sep 14)
Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 25)
Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping (Jul 24)
Re: CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping (Jul 25)

security curmudgeon

Re: Re: Re: cryptocat/decryptocat - needs a cve? security curmudgeon (Jul 10)
Re: CVE request: webcalendar before 1.2.7 security curmudgeon (Jul 22)

Sergey Popov

Re: CVE oops in GLSA 201308-05 (wireshark) Sergey Popov (Aug 29)

Seth Arnold

[seth.arnold () canonical com: CVE Requests openjpeg] Seth Arnold (Sep 11)
Re: [PATCH] implement privmode support in dash Seth Arnold (Aug 22)
CVE Request: smokeping incomplete fix for CVE-2012-0790 Seth Arnold (Jul 19)
graphite CVE-2013-5903 confusion Seth Arnold (Sep 24)
Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Seth Arnold (Aug 08)
cve requests for python-oauth2 Seth Arnold (Sep 12)
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Seth Arnold (Jul 23)

Shad Laws

Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Shad Laws (Jul 05)

Simon McVittie

Re: [PATCH] implement privmode support in dash Simon McVittie (Aug 22)

Solar Designer

Re: Request for linux-distros list membership Solar Designer (Jul 01)
Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Solar Designer (Jul 29)
Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer (Jul 12)

some one

Re: [Full-disclosure] Quick Blind TCP Connection Spoofing with SYN Cookies some one (Aug 14)

Sona Sarmadi

RE: Request for linux-distros list membership Sona Sarmadi (Jul 02)
Request for linux-distros list membership Sona Sarmadi (Jul 01)

Stefan Fritsch

Re: SSL BREACH Stefan Fritsch (Aug 16)

Stefan Kanthak

CVE request for Mozilla Thunderbird (Windows) Stefan Kanthak (Jul 10)
CVE request for Mozilla Firefox (Windows) Stefan Kanthak (Jul 10)

Stephen Röttger

PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 22)
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger (Aug 21)

Steve Grubb

Re: Reproducible Builds for Fedora Steve Grubb (Sep 25)
Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)

Tavis Ormandy

Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)
Re: CVE request: davfs2 - Unsecure use of system() Tavis Ormandy (Sep 18)
Re: [PATCH] implement privmode support in dash Tavis Ormandy (Aug 23)
[PATCH] implement privmode support in dash Tavis Ormandy (Aug 22)

Thierry Carrez

[OSSA 2013-022] Swift Denial of Service using superfluous object tombstones (CVE-2013-4155) Thierry Carrez (Aug 07)
[OSSA 2013-026] Potential denial of service on Nova when using Qpid (CVE-2013-4261) Thierry Carrez (Sep 12)
[OSSA 2013-023] Denial of Service using XML entities in Nova/Cinder extensions (CVE-2013-4179, CVE-2013-4202) Thierry Carrez (Aug 08)
[OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294) Thierry Carrez (Sep 11)
[OSSA 2013-018] Missing SSL certificate check in Python glance client (CVE-2013-4111) Thierry Carrez (Jul 30)
[OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278) Thierry Carrez (Aug 28)

Thijs Kinkhorst

CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 04)
Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst (Aug 14)
Re: CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 21)
CVE request: GnuPG side-channel attack on RSA secret keys Thijs Kinkhorst (Jul 25)
CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8 Thijs Kinkhorst (Sep 04)

Tim

Re: Re: CVE request: davfs2 - Unsecure use of system() Tim (Sep 18)

Tim Brown

Re: [PATCH] implement privmode support in dash Tim Brown (Aug 23)

Timo Sirainen

Re: Possible CVE request: dovecot crash when disconnecting during pop3 LIST Timo Sirainen (Aug 14)

Tim Retout

CVE Request: CPAN perl module Data::UUID symlink attacks Tim Retout (Jul 30)

Tomas Hoger

Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Tomas Hoger (Sep 20)
IcedTea-Web release 1.4.1 fixing CVE-2012-4540 Tomas Hoger (Sep 16)
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Tomas Hoger (Jul 29)
Re: ISC DHCP client and unsolicited DHCP options Tomas Hoger (Aug 13)

Tyler Hicks

Linux kernel libceph NULL function pointer dereference (CVE-2013-1059) Tyler Hicks (Jul 09)

TYPO3 Security Team

Re: [Ticket#2013081510000021] [oss-security] CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-201 [...] TYPO3 Security Team (Aug 14)

Vincent Danen

CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 04)
CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Vincent Danen (Aug 07)
Re: CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Vincent Danen (Aug 08)
Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 29)
Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 28)
Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen (Aug 28)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 04)
CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 23)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Sep 03)
CVE request: three additional flaws fixed in putty 0.63 Vincent Danen (Aug 06)
Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen (Aug 27)
Re: Fwd: [vs-plain] polkit races Vincent Danen (Sep 18)
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen (Aug 02)
GDM TOCTTOU race condition on /tmp/.X11-unix (CVE-2013-4169) Vincent Danen (Sep 05)
CVE request: qemu host crash from within guest Vincent Danen (Sep 26)
CVE request, libdigidoc arbitrary file overwrite flaw Vincent Danen (Aug 28)
CVE request: pyOpenSSL hostname check bypassing vulnerability Vincent Danen (Sep 06)

Vince Weaver

CVE Request: linux-kernel priviledge escalation on ARM/perf Vince Weaver (Aug 14)
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Vince Weaver (Aug 20)

vladz

Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) vladz (Aug 20)

William Pitcock

Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock (Aug 09)

Will Newton

CVE Request: Three integer overflows in glibc memory allocator Will Newton (Sep 11)

Xen . org security team

Xen Security Advisory 64 (CVE-2013-4356) - Memory accessible by 64-bit PV guests under live migration Xen . org security team (Sep 30)
Xen Security Advisory 61 - libxl partially sets up HVM passthrough even with disabled iommu Xen . org security team (Sep 10)
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team (Jul 24)
Xen Security Advisory 59 (CVE-2013-3495) - Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts Xen . org security team (Aug 20)
Xen Security Advisory 61 (CVE-2013-4329) - libxl partially sets up HVM passthrough even with disabled iommu Xen . org security team (Sep 11)
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team (Jul 24)
Xen Security Advisory 62 (CVE-2013-1442) - Information leak on AVX and/or LWP capable CPUs Xen . org security team (Sep 25)
Xen Security Advisory 66 (CVE-2013-4361) - Information leak through fbld instruction emulation Xen . org security team (Sep 30)
Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation Xen . org security team (Sep 30)

Yves-Alexis Perez

CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez (Jul 21)
Re: CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez (Jul 25)

Previous period

Next period