oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

688 messages starting Jun 30 13 and ending Sep 30 13
Date index | Thread index | Author index

Sunday, 30 June

CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!) Kurt Seifried
CVE Request: Ansible not caching SSH host keys Michael Samuel

Monday, 01 July

Re: Kernel: 2.6.32+ IP_RETOPTS Buffer Poisoning DoS hemlock.c Sebastian Krahmer
Request for linux-distros list membership Sona Sarmadi
CVE Request: information leak in AF_KEY notify messages Marcus Meissner
CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Petr Matousek
Re: Request for linux-distros list membership Solar Designer
Re: Request for linux-distros list membership Kurt Seifried
Re: [Libvirt-Security] [oss-security] CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Eric Blake
Re: CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Kurt Seifried
CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev
Re: CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Agostino Sarubbo
Re: [Libvirt-Security] [oss-security] CVE-2013-2218 -- libvirt: crash when listing network interfaces with filters Kurt Seifried
Question about signed email Kurt Seifried

Tuesday, 02 July

Re: Question about signed email Florian Weimer
RE: Request for linux-distros list membership Sona Sarmadi
CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Marcus Meissner
Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS Petr Matousek
Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg Kurt Seifried
Re: CVE Request: Ansible not caching SSH host keys Kurt Seifried
Re: CVE Request: information leak in AF_KEY notify messages Kurt Seifried

Wednesday, 03 July

CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Marcus Meissner
CVE request: Quagga OSPF-API stack overrun David Lamparter
Re: CVE request: Quagga OSPF-API stack overrun Kurt Seifried
Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush Kurt Seifried
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried
Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS Kurt Seifried

Thursday, 04 July

CVE requests for Ajaxplorer Mehrenberger, Xavier
CVE Request -- gallery3 (3.0.9): Fixing two security flaws Jan Lieskovsky
Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert
OpenVZ security repport - Multiple memory leaks (CVE-2013-2239) Jonathan Salwan
Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Bharat Mediratta
Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Kurt Seifried
Re: CVE Request: glibc getaddrinfo() stack overflow Maksymilian
CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes

Friday, 05 July

LSE Leading Security Experts GmbH - LSE-2013-07-03 - rsyslog ElasticSearch Plugin LSE Leading Security Experts GmbH (Security Advisories)
Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws Shad Laws
Possible CVE request: virtualbox virtio-net host DoS Raphael Geissert
CVE Request: libxml2 external parsed entities issue Marc Deslauriers
Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner
Re: CVE Request: libxml2 external parsed entities issue Marc Deslauriers
Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner
NULL pointer dereferences; multiple issues mancha
Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried
Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried
Question about CVE for X!! DoS Kurt Seifried
CVE request for Drupal contrib module Forest Monsen
Re: Question about CVE for X!! DoS Julien Cristau
Re: Possible CVE request: virtualbox virtio-net host DoS Oracle Security Alerts
Re: Question about CVE for X!! DoS Alan Coopersmith
Re: Question about CVE for X!! DoS Kurt Seifried

Saturday, 06 July

Re: CVE request for Drupal contrib module Kurt Seifried

Monday, 08 July

[oCERT-2013-001] File Roller path sanitization errors Daniele Bianco
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
new FFMpeg stuff Kurt Seifried
cryptocat/decryptocat - needs a cve? Kurt Seifried
Re: new FFMpeg stuff Moritz Muehlenhoff

Tuesday, 09 July

Re: [security () suse de] Re: [oss-security] Question about CVE for X!! DoS Marcus Meissner
Re: new FFMpeg stuff Michael Niedermayer
Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi
Linux kernel libceph NULL function pointer dereference (CVE-2013-1059) Tyler Hicks
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Kurt Seifried
Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Adam D. Barratt
Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows Michael Tokarev

Wednesday, 10 July

[NOT A CVE REQUEST] CVE-2013-2230 -- libvirt: multiple registered events crash Petr Matousek
CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Jan Lieskovsky
Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer
Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes
Re: cryptocat/decryptocat - needs a cve? Nadim Kobeissi
Re: Re: Re: cryptocat/decryptocat - needs a cve? security curmudgeon
CVE request for Mozilla Firefox (Windows) Stefan Kanthak
CVE request for Mozilla Thunderbird (Windows) Stefan Kanthak
Re: CVE request for Mozilla Thunderbird (Windows) Kurt Seifried
Re: CVE request for Mozilla Firefox (Windows) Kurt Seifried
Re: Re: Re: Re: cryptocat/decryptocat - needs a cve? Kurt Seifried
Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried
npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor
Re: npm uses predictable temporary filenames when unpacking tarballs Daniel Kahn Gillmor
CVE request: Zenphoto waraxe-2012-SA#096 Henri Salo
CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo

Thursday, 11 July

CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Raphael Geissert
CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Jan Lieskovsky
CVE Request - php 5.3.27 fixing heap corruption in the XML parser Jan Lieskovsky
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried
Re: CVE Request - php 5.3.27 fixing heap corruption in the XML parser Kurt Seifried
Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Kurt Seifried
Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling Kurt Seifried
Re: npm uses predictable temporary filenames when unpacking tarballs Kurt Seifried
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Henri Salo
Re: CVE request: WordPress plugin category-grid-view-gallery XSS Kurt Seifried
Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Kurt Seifried

Friday, 12 July

Re: CVE Request -- Nagstamon (prior 0.9.10): Monitor server user credentials exposure in automated requests to get update information Henri Wahl
Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version Bernhard Miklautz
CVE request: Cyrus-sasl NULL ptr. dereference mancha
Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer
Re: CVE request: Cyrus-sasl NULL ptr. dereference mancha
Re: CVE request: Cyrus-sasl NULL ptr. dereference Solar Designer
Re: CVE request: Cyrus-sasl NULL ptr. dereference Kurt Seifried

Monday, 15 July

Re: CVE request: Cyrus-sasl NULL ptr. dereference Sebastian Krahmer
Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Raphael Geissert
CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Petr Matousek
Re: CVE Request -- Linux kernel: ipv6: BUG_ON in fib6_add_rt2node() Kurt Seifried
CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco
CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Petr Matousek
Re: CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush Kurt Seifried
CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Petr Matousek
Re: CVE-2013-4788 - Eglibc PTR MANGLE bug Hector Marco
CVE Request -- spice: unsafe clients ring access abort Petr Matousek
Re: CVE Request -- Linux kernel: bridge: BUG at kernel/timer.c:729 Kurt Seifried
Re: CVE Request -- spice: unsafe clients ring access abort Kurt Seifried

Tuesday, 16 July

CVE Request -- kde-workspace 4.10.5 fixing two security flaws Jan Lieskovsky
Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws Kurt Seifried
Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried
Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119) Kurt Seifried
Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws mancha
CVE Request - xlockmore 5.43 fixes a security flaw mancha
Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried
Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha
CVE request for Drupal contrib modules Forest Monsen
Re: CVE request for Drupal contrib modules Kurt Seifried

Wednesday, 17 July

CVE Request - MongoDB <=2.4.4 uninitialized object Florian
ISC DHCP client and unsolicited DHCP options Florian Weimer
Re: ISC DHCP client and unsolicited DHCP options Kurt Seifried
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried
Please REJECT CVE-2013-4141 Kurt Seifried
Please REJECT CVE-2013-4141 Kurt Seifried

Thursday, 18 July

CVE-2013-4137: StatusNet v1.1.0: SQL injection Joshua Wise
Re: CVE Request - xlockmore 5.43 fixes a security flaw Kurt Seifried
CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2 Marcus Meissner
Re: CVE Request - xlockmore 5.43 fixes a security flaw mancha
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Dan Pasette
SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried
Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M.
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M.
CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities Hamid Zamani
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried
Re: CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities Kurt Seifried
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden

Friday, 19 July

Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes
RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M.
CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Petr Matousek
CVE request -- libvirt: crash of libvirtd without guest agent configuration Petr Matousek
Re: CVE request -- libvirt: double free of returned JSON array in qemuAgentGetVCPUs() Kurt Seifried
Re: CVE request -- libvirt: crash of libvirtd without guest agent configuration Kurt Seifried
CVE Request: smokeping incomplete fix for CVE-2012-0790 Seth Arnold
Re: CVE Request: smokeping incomplete fix for CVE-2012-0790 Kurt Seifried

Saturday, 20 July

CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso

Sunday, 21 July

cve request: cms made simple XSS before 1.11.7 Hanno Böck
CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez

Monday, 22 July

Re: CVE Request: OpenJDK and lcms2 2.5 release fixes various denial of service issues in lcms2 Kurt Seifried
CVE request: webcalendar before 1.2.7 Hanno Böck
CVE-2013-2231 -- qemu: qemu-ga win32 service unquoted search path Petr Matousek
CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Salvatore Bonaccorso
CVE request for Drupal contributed modules Forest Monsen
Re: CVE request: webcalendar before 1.2.7 Kurt Seifried
Re: CVE request for a Drupal contributed module Forest Monsen
Re: CVE request: webcalendar before 1.2.7 security curmudgeon
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Moritz Muehlenhoff

Tuesday, 23 July

Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Salvatore Bonaccorso
Cisco announces agreement to acquire Sourcefire Henri Salo
CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping
CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping
CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. P J P
CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Seth Arnold
Re: CVE Request: Linux kernel: panic while pushing pending data out of an IPv6 socket with UDP_CORK enabled. Kurt Seifried
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu Kurt Seifried
Re: CVE request: Linux kernel: panic while appending data to a corked IPv6 socket in ip6_append_data_mtu P J P
Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Henri Salo
Re: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Donald Stufft
RE: CVE Request: Django: Account enumeration through timing attack in password verification in django.contrib.auth Christey, Steven M.

Wednesday, 24 July

Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team
Re: Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Konrad Rzeszutek Wilk
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team
CVE request: timing leak in bitcoind Paul
Two OpenAFS security advisories Russ Allbery

Thursday, 25 July

Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried
Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried
Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried
Re: CVE request: timing leak in bitcoind Kurt Seifried
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried
Re: cve request: cms made simple XSS before 1.11.7 Kurt Seifried
Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried
Re: new FFMpeg stuff Kurt Seifried
Re: Re: CVE Request - PloneFormGen, multiple vulnerabilities Kurt Seifried
Re: new FFMpeg stuff Kurt Seifried
Re: new FFMpeg stuff Jean-Baptiste Kempf
Re: CVE request: mysecureshell: information disclosure (or worse) Sebastian Pipping
Re: CVE request: mysecureshell: local denial of service (or worse) Sebastian Pipping
CVE request: GnuPG side-channel attack on RSA secret keys Thijs Kinkhorst
Re: CVE Request: evolution mail client GPG key selection issue Yves-Alexis Perez
Re: new FFMpeg stuff Rémi Denis-Courmont
CVE Request: Insecure Software Download in pip Donald Stufft
Re: CVE Request - PloneFormGen, multiple vulnerabilities Matthew Wilkes
Re: new FFMpeg stuff Jean-Baptiste Kempf
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor
CVE request for Drupal contributed modules Forest Monsen
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor
Re: CVE Request: evolution mail client GPG key selection issue Kurt Seifried
Re: CVE Request: evolution mail client GPG key selection issue Daniel Kahn Gillmor

Friday, 26 July

CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Salvatore Bonaccorso
Requesting CVE-ID(s) for Python's pip isis agora lovecruft
CVE-2013-1436: xmonad-contrib remote command injection Raúl Benencia
Re: Requesting CVE-ID(s) for Python's pip Donald Stufft
Re: CVE request: GnuPG side-channel attack on RSA secret keys Kurt Seifried
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Kurt Seifried
FreeBSD Security Advisory FreeBSD-SA-13:08.nfsserver FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-13:07.bind FreeBSD Security Advisories

Saturday, 27 July

Re: CVE Request: Xymon Systems and Network Monitor - remote file deletion vulnerability Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request: mysecureshell: local denial of service (or worse) Kurt Seifried
Re: CVE request: mysecureshell: information disclosure (or worse) Kurt Seifried
Re: CVE request for a Drupal contributed module Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Donald Stufft
Re: CVE Request: Insecure Software Download in pip Donald Stufft
CVE Request - Coin Widget serves code over plain http. Evan Teitelman
Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried

Sunday, 28 July

Re: ISC DHCP client and unsolicited DHCP options Helmut Grohne
RE: CVE Request - Coin Widget serves code over plain http. Christey, Steven M.

Monday, 29 July

CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution" Alexandre Dulaunoy
CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky
Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Tomas Hoger
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Kurt Seifried
Re: FreeBSD Security Advisory FreeBSD-SA-13:07.bind Solar Designer
Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released cve-assign
Re: CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution" Kurt Seifried
Re: CVE Request - Coin Widget serves code over plain http. Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Donald Stufft
Re: Requesting CVE-ID(s) for Python's pip Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: Requesting CVE-ID(s) for Python's pip Donald Stufft

Tuesday, 30 July

Re: Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Jan Lieskovsky
Re: CVE Request - MongoDB <=2.4.4 uninitialized object Andreas Nilsson
[OSSA 2013-018] Missing SSL certificate check in Python glance client (CVE-2013-4111) Thierry Carrez
Re: [Phpmyadmin-security] [oss-security] Re: CVE Request -- phpMyAdmin 3.5.8.2 and 4.0.4.2 are released Dieter Adriaenssens
Re: CVE Request: Insecure Software Download in pip Donald Stufft
CVE Request: CPAN perl module Data::UUID symlink attacks Tim Retout
Re: CVE Request: CPAN perl module Data::UUID symlink attacks Salvatore Bonaccorso

Wednesday, 31 July

Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: CVE Request: CPAN perl module Data::UUID symlink attacks Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Donald Stufft
Re: CVE Request: Insecure Software Download in pip Raphael Geissert
Re: CVE Request: Insecure Software Download in pip Donald Stufft
CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Jan Lieskovsky
CVE request for Drupal contributed module Forest Monsen
Re: CVE request for Drupal contributed module Kurt Seifried
Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors) Kurt Seifried

Thursday, 01 August

Re: Requesting CVE-ID(s) for Python's pip isis agora lovecruft
Re: Requesting CVE-ID(s) for Python's pip Daniel Kahn Gillmor
Re: Requesting CVE-ID(s) for Python's pip Jeremy Stanley
Re: [vs-plain] Request for CVE Identifiers Kurt Seifried

Friday, 02 August

Rgpg Ruby Gem Remote Command Injection (CVE Request) Larry W. Cashdollar
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
Re: Rgpg Ruby Gem Remote Command Injection (CVE Request) Kurt Seifried

Saturday, 03 August

Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer
Re: CVE Request: Insecure Software Download in pip Donald Stufft

Sunday, 04 August

CVE request: XSS in Google Web Toolkit (GWT) David Jorm
CVE request: lcms 1.x buffer overflows Thijs Kinkhorst
Re: CVE request: XSS in Google Web Toolkit (GWT) Kurt Seifried

Monday, 05 August

Re: CVE request: lcms 1.x buffer overflows Raphael Geissert
valid but unusual sequence of CVEs in SYM13-009 cve-assign
Update for CVE-2013-4852: PuTTY SSH handshake heap overflow (FileZilla reportedly embeds a copy) Kurt Seifried
owncloud 5.0.8 and 4.5.13 (oC-SA-2013-029 and oC-SA-2013-030) - CVE assignments? Salvatore Bonaccorso

Tuesday, 06 August

CLONE_NEWUSER local DoS Petr Matousek
Re: CLONE_NEWUSER local DoS Kurt Seifried
[OSSA 2013-019] Resource limit circumvention in Nova private flavors (CVE-2013-2256) Jeremy Stanley
[OSSA 2013-020] Denial of Service in Nova network source security groups (CVE-2013-4185) Jeremy Stanley
Re: CLONE_NEWUSER local DoS Oleg Nesterov
[PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Oleg Nesterov
[PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Oleg Nesterov
Re: CLONE_NEWUSER local DoS Andy Lutomirski
Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Andy Lutomirski
Re: CLONE_NEWUSER local DoS Oleg Nesterov
CVE request: three additional flaws fixed in putty 0.63 Vincent Danen
Re: [PATCH 1/1] userns: unshare_userns(&cred) should not populate cred on failure Eric W. Biederman
Re: CVE request: three additional flaws fixed in putty 0.63 Kurt Seifried
OpenX Ad Server Backdoor CVE? Kurt Seifried
SSL BREACH Kurt Seifried
Re: SSL BREACH cve-assign
Re: OpenX Ad Server Backdoor CVE? Kurt Seifried

Wednesday, 07 August

Re: [PATCH 0/1] (Was: CLONE_NEWUSER local DoS) Petr Matousek
Re: OpenX Ad Server Backdoor CVE? Nathan March
[OSSA 2013-021] Cinder LVM volume driver does not support secure deletion (CVE-2013-4183) Jeremy Stanley
[OSSA 2013-022] Swift Denial of Service using superfluous object tombstones (CVE-2013-4155) Thierry Carrez
CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Vincent Danen
CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried
Reserved CVE for pip Donald Stufft
Re: CVE Request: Insecure Software Download in pip Donald Stufft
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Florian
tomcat CVE confusion David Walser
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Salvatore Bonaccorso
Re: tomcat CVE confusion David Jorm
Some Nagios /tmp vulns (no reply from upstream) Kurt Seifried
Re: tomcat CVE confusion Kurt Seifried
Re: Reserved CVE for pip Kurt Seifried
Re: Reserved CVE for pip Donald Stufft

Thursday, 08 August

CVE request: remote code execution due to XML deserialization in Restlet David Jorm
CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Jan Lieskovsky
CVE Request: Linux kernel: arm64: unhandled el0 traps P J P
Re: tomcat CVE confusion Marcus Meissner
[OSSA 2013-023] Denial of Service using XML entities in Nova/Cinder extensions (CVE-2013-4179, CVE-2013-4202) Thierry Carrez
CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Jan Lieskovsky
Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Dan Williams
Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried
Re: CVE request: remote code execution due to XML deserialization in Restlet Kurt Seifried
Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Seth Arnold
Re: Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Jan Lieskovsky
Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Jan Lieskovsky
Re: CVE Request -- Four flaws in WiMAX (afaik upstream is dead for this) Kurt Seifried
CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Salvatore Bonaccorso
Re: CVE Request: Regression introduced in cacti with fix for CVE-2013-1435 Vincent Danen
Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Greg KH
Re: tomcat CVE confusion cve-assign
Re: CVE Request: Linux kernel: arm64: unhandled el0 traps Kurt Seifried

Friday, 09 August

[Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29 Jan Lieskovsky
[CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky
Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Jan Lieskovsky
CVE request: nullmailer world readable /etc/nullmailer/remotes Agostino Sarubbo
RE: CVE request: nullmailer world readable /etc/nullmailer/remotes Christey, Steven M.
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes William Pitcock
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Evan Teitelman
Re: CVE request: nullmailer world readable /etc/nullmailer/remotes Kurt Seifried
CVE request for Drupal contributed modules Forest Monsen
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Kurt Seifried
Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Kurt Seifried

Saturday, 10 August

Re: CVE request for Drupal contributed modules Henri Salo
CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová
Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} mancha

Sunday, 11 August

CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Jan Lieskovsky
Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Florian Weimer
Re: CVE request for Drupal contributed modules Forest Monsen
Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Adéla Goldová

Monday, 12 August

Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap overflow Raphael Geissert
X.509 name constraints and potential interpretation conflict Florian Weimer
CVE Request -- vdsm: incomplete fix for CVE-2013-0167 issue Petr Matousek
Re: CVE Request -- vdsm: incomplete fix for CVE-2013-0167 issue Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Kurt Seifried
pending Bitcoin/Android CVE assignments cve-assign
Re: pending Bitcoin/Android CVE assignments Florent Daigniere
CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Petr Matousek
Re: CVE Request -- libvirt: memory corruption in xenDaemonListDefinedDomains function Kurt Seifried
Re: Re: CVE Request - HMS Testimonials 2.0.10 WP plugin Kurt Seifried
Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Kurt Seifried
Re: Re: [CVE assignment notification] CVE-2012-2142 poppler, xpdf: Insufficient sanitization of escape sequences in the error message {AKA request for feedback if CVE to be marked as disputed / rejected} Michael Gilbert
CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Murray McAllister
Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Kurt Seifried

Tuesday, 13 August

Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Giuseppe Iuculano
Quick Blind TCP Connection Spoofing with SYN Cookies Jakob Lell
Re: ISC DHCP client and unsolicited DHCP options Tomas Hoger
[CVE request] Django 1.4.6 security release Moritz Muehlenhoff

Wednesday, 14 August

Re: [CVE request] Django 1.4.6 security release Kurt Seifried
Re: [CVE request] Django 1.4.6 security release Thijs Kinkhorst
CVE Request -- php - handling of certs with null bytes Oden Eriksson
Possible CVE request: dovecot crash when disconnecting during pop3 LIST Raphael Geissert
Re: Possible CVE request: dovecot crash when disconnecting during pop3 LIST Timo Sirainen
CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002 Henri Salo
CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root P J P
rubygems insecure download (and other problems) Kurt Seifried
Re: CVE Request: Linux kernel: cifs: off-by-one bug in build_unc_path_to_root Kurt Seifried
Re: rubygems insecure download (and other problems) Donald Stufft
Re: [Full-disclosure] Quick Blind TCP Connection Spoofing with SYN Cookies some one
CVE Request: linux-kernel priviledge escalation on ARM/perf Vince Weaver
Re: [CVE request] Django 1.4.6 security release Kurt Seifried
Re: CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002 Kurt Seifried
Re: CVE Request -- php - handling of certs with null bytes Kurt Seifried
Re: [Ticket#2013081510000021] [oss-security] CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-201 [...] TYPO3 Security Team
Re: HTTPS (was: rubygems insecure download (and other problems)) gremlin
Re: HTTPS (was: rubygems insecure download (and other problems)) Donald Stufft

Thursday, 15 August

Re: HTTPS Kurt Seifried
Re: rubygems insecure download (and other problems) Reed Loden
Re: rubygems insecure download (and other problems) Marcus Meissner
Re: rubygems insecure download (and other problems) Henri Salo
Re: HTTPS gremlin
Re: HTTPS Donald Stufft
Re: HTTPS Florian Weimer
Re: HTTPS Jeremy Stanley
Re: HTTPS Kurt Seifried
Re: rubygems insecure download (and other problems) Kurt Seifried
RE: rubygems insecure download (and other problems) Christey, Steven M.
Re: HTTPS gremlin
Re: CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Brian Cameron
Re: [PSRT] [oss-security] CVE Request -- Python SSL module does not handle certificates that contain hostnames with NULL bytes Christian Heimes
CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani

Friday, 16 August

Re: HTTPS gremlin
Re: HTTPS gremlin
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Petr Matousek
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Kurt Seifried
Re: SSL BREACH Stefan Fritsch
Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev
Re: HTTPS (was: rubygems insecure download (and other problems)) Pavel Labushev

Monday, 19 August

Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Florian Weimer
Re: [CVE request] Django 1.4.6 security release Kurt Seifried
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Kurt Seifried
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani
PostgreSQL insecure install via yum (multiple problems) Kurt Seifried
Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley
Re: PostgreSQL insecure install via yum (multiple problems) Eric H. Christensen
Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried
Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried
Re: PostgreSQL insecure install via yum (multiple problems) Kevin Fenzi
Re: PostgreSQL insecure install via yum (multiple problems) Moritz Naumann

Tuesday, 20 August

Xen Security Advisory 59 (CVE-2013-3495) - Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts Xen . org security team
Fix for CVE-2013-0343 queued up (linux-kernel/ipv6 temp. addresses) Hannes Frederic Sowa
Re: X.509 name constraints and potential interpretation conflict Ludwig Nussel
Re: [pgsql-security] Re: [oss-security] PostgreSQL insecure install via yum (multiple problems) Magnus Hagander
Re: CVE Request: linux-kernel priviledge escalation on ARM/perf Vince Weaver
Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) vladz
Re: PostgreSQL insecure install via yum (multiple problems) Daniel Kahn Gillmor
CVE Request: FFmpeg 2.0.1 multiple problems Michael Niedermayer
Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) Hannes Frederic Sowa

Wednesday, 21 August

Re: Linux kernel: vfs_read()/vfs_write(): potential missing checks (or not?) John Haxby
PoC: Function Pointer Protection in C Programs Stephen Röttger
Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio
Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger
Re: PoC: Function Pointer Protection in C Programs Alessandro Cresto Miseroglio
Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger
Re: CVE Request: FFmpeg 2.0.1 multiple problems Kurt Seifried
Kurt go byebye for vacation next week Kurt Seifried
Re: HTTPS Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: CVE request: lcms 1.x buffer overflows Kurt Seifried
Re: CVE requests for Ajaxplorer Kurt Seifried
Re: CVE Request: Insecure Software Download in pip Donald Stufft
Re: CVE Request: Insecure Software Download in pip Kurt Seifried
Re: CVE request: lcms 1.x buffer overflows Thijs Kinkhorst
Re: PoC: Function Pointer Protection in C Programs Hannes Frederic Sowa
CVE request for Drupal contributed modules Forest Monsen
FreeBSD Security Advisory FreeBSD-SA-13:10.sctp FreeBSD Security Advisories
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: CVE request: lcms 1.x buffer overflows Kurt Seifried

Thursday, 22 August

Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer
Re: PoC: Function Pointer Protection in C Programs Ondřej Bílka
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger
Re: PoC: Function Pointer Protection in C Programs Stephen Röttger
Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav
Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Huzaifa Sidhpurwala
Re: FreeBSD Security Advisory FreeBSD-SA-13:10.sctp Dag-Erling Smørgrav
Re: HTTPS Pavel Labushev
[PATCH] implement privmode support in dash Tavis Ormandy
Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov
Re: [PATCH] implement privmode support in dash Simon McVittie
Re: [PATCH] implement privmode support in dash Harald van Dijk
Re: [PATCH] implement privmode support in dash Tavis Ormandy
Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried
Re: Possibly insecure permissions on sshd_config in Debian-based distros Andrey Korolyov
Re: [PATCH] implement privmode support in dash Tavis Ormandy
Re: [PATCH] implement privmode support in dash Jilles Tjoelker
Re: Possibly insecure permissions on sshd_config in Debian-based distros Daniel Kahn Gillmor
Re: Possibly insecure permissions on sshd_config in Debian-based distros Kurt Seifried
Re: [PATCH] implement privmode support in dash Kurt Seifried
Re: [PATCH] implement privmode support in dash Seth Arnold
Re: [PATCH] implement privmode support in dash Michael Samuel

Friday, 23 August

Re: [PATCH] implement privmode support in dash Tavis Ormandy
Re: [PATCH] implement privmode support in dash Tavis Ormandy
Re: [PATCH] implement privmode support in dash Florian Weimer
Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas
Re: [PATCH] implement privmode support in dash Jérémie Courrèges-Anglas
Re: [PATCH] implement privmode support in dash Tim Brown
Re: [PATCH] implement privmode support in dash Ludwig Nussel
Re: [PATCH] implement privmode support in dash Roy
CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen
Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign

Saturday, 24 August

CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 Hanno Böck
CVE-2013-5575 LibTIFF through 3.9.5 integer overflow cve-assign
Re: CVE request: Joomla unauthorised uploads before 2.5.14 / 3.1.5 cve-assign

Sunday, 25 August

CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso
Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b cve-assign
Re: CVE-2013-5575 LibTIFF through 3.9.5 integer overflow Huzaifa Sidhpurwala

Monday, 26 August

Re: HTTPS Alexander Cherepanov
CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences P J P
Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences cve-assign
Fw: python CVE typoed in Mageia advisory David Walser

Tuesday, 27 August

Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen
Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar

Wednesday, 28 August

[OSSA 2013-024] Resource limit circumvention in Nova private flavors (CVE-2013-4278) Thierry Carrez
CVE oops in GLSA 201308-05 (wireshark) Vincent Danen
Re: CVE request: roundcube 0.9.3 fixes two XSS flaws cve-assign
CVE-2013-5641 CVE-2013-5642 recent Asterisk issues cve-assign
Re: CVE oops in GLSA 201308-05 (wireshark) cve-assign
Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso
Re: Command Injection in Ruby Gem Sounder 1.0.1 Henri Salo
Re: Command Injection in Ruby Gem Sounder 1.0.1 Larry W. Cashdollar
Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen
CVE request, libdigidoc arbitrary file overwrite flaw Vincent Danen
Re: Re: CVE request: roundcube 0.9.3 fixes two XSS flaws Vincent Danen
Linux HID security flaws Kees Cook
Re: Command Injection in Ruby Gem Sounder 1.0.1 cve-assign
Re: CVE request, libdigidoc arbitrary file overwrite flaw cve-assign

Thursday, 29 August

[notification] libraw: multiple denial of service vulnerabilities Raphael Geissert
Re: CVE oops in GLSA 201308-05 (wireshark) Sergey Popov
Re: Re: CVE oops in GLSA 201308-05 (wireshark) Alex Legler
CVE request -- libvirt: virBitmapParse out-of-bounds read access Petr Matousek
Re: Re: CVE oops in GLSA 201308-05 (wireshark) Vincent Danen
YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar
Re: CVE request -- libvirt: virBitmapParse out-of-bounds read access cve-assign
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload cve-assign

Friday, 30 August

CVE request for imagemagick bug Bastien ROUCARIES
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar
Re: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar
YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload Larry W. Cashdollar
OSS at all? (was: [oss-security] YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload) Raphael Geissert
Re: OSS at all? (was: [oss-security] YingZhi Lua Programming Language for iOS ftp .. bug & httpd arbitrary upload) Larry W. Cashdollar
Re: CVE request: unauthorized host/service views displayed in servicegroup view Jonas Meurer

Saturday, 31 August

CVE request: serendipity before 1.7.3 XSS Hanno Böck
Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Larry W. Cashdollar

Sunday, 01 September

Re: CVE request: serendipity before 1.7.3 XSS cve-assign
Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem cve-assign
Re: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Larry Cashdollar
[CVE Request] IndiaNIC Testimonial 2.2 WP plugin Adéla Goldová
Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin cve-assign

Tuesday, 03 September

Re: CVE request for imagemagick bug Kurt Seifried
Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
CVE request for Drupal contrib modules Forest Monsen
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen
Watchman - GCC buffer overflow framework Eric Wimberley

Wednesday, 04 September

Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson
Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jochen Bern
CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8 Thijs Kinkhorst
Re: [Nagios-devel] [oss-security] Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Andreas Ericsson
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer
CVE-2013-2185 / Tomcat Moritz Muehlenhoff
CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo
Re: CVE request: unauthorized host/service views displayed in servicegroup view Daniel Kahn Gillmor
Re: Security bug or feature? Servicegroups leak hostnames to unauthorized users (Was: [oss-security] CVE request: unauthorized host/service views displayed in servicegroup view) Jonas Meurer
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen
Re: CVE request: unauthorized host/service views displayed in servicegroup view cve-assign
Re: CVE request: unauthorized host/service views displayed in servicegroup view Vincent Danen
Re: Re: CVE request: unauthorized host/service views displayed in servicegroup view Kurt Seifried
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried
Re: CVE-2013-2185 / Tomcat David Jorm
Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8 Kurt Seifried

Thursday, 05 September

Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Petr Matousek
[notification] exactimage DoS, jumping into the unknown Raphael Geissert
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo
GDM TOCTTOU race condition on /tmp/.X11-unix (CVE-2013-4169) Vincent Danen

Friday, 06 September

CVE request: pyOpenSSL hostname check bypassing vulnerability Vincent Danen
Re: CVE request: pyOpenSSL hostname check bypassing vulnerability Kurt Seifried

Saturday, 07 September

CVE request: TYPO3-CORE-SA-2013-003 Henri Salo

Monday, 09 September

[CVE Request] Event Easy Calendar Adéla Goldová
[CVE Request] Event Easy Calendar Adéla Goldová
[CVE Request] Event Easy Calendar Adéla Goldová
CVE request: Torque privilege escalation Agostino Sarubbo
Re: [CVE Request] Event Easy Calendar Kurt Seifried
Re: CVE request: Torque privilege escalation Kurt Seifried
[CVE Request] Event Easy Calendar Adéla Goldová
Re: CVE request: Torque privilege escalation Agostino Sarubbo
Features 0.3.0 Ruby gem /tmp file injection vulnerability Larry W. Cashdollar
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Kurt Seifried
Re: CVE request: Torque privilege escalation Kurt Seifried
Re: CVE request: TYPO3-CORE-SA-2013-003 Kurt Seifried
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Florian Weimer
Re: CVE Request : NAS v1.9.3 multiple Vulnerabilites Hamid Zamani
CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel
CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kousuke Ebihara

Tuesday, 10 September

Xen Security Advisory 61 - libxl partially sets up HVM passthrough even with disabled iommu Xen . org security team
Re: Xen Security Advisory 61 - libxl partially sets up HVM passthrough even with disabled iommu Kurt Seifried
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Henri Salo
Re: Features 0.3.0 Ruby gem /tmp file injection vulnerability Larry W. Cashdollar

Wednesday, 11 September

CVEs for Wireshark 1.8.10 and 1.10.2 releases cve-assign
CVE Request: Three integer overflows in glibc memory allocator Will Newton
Xen Security Advisory 61 (CVE-2013-4329) - libxl partially sets up HVM passthrough even with disabled iommu Xen . org security team
CVE Request: lightdm incorrect .Xauthority permissions Marc Deslauriers
[OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294) Thierry Carrez
Re: CVE Request: OpenPNE 3, opWebAPIPlugin, opOpenSocialPlugin -- XXE vulnerability fix Kurt Seifried
Re: CVE Request: Three integer overflows in glibc memory allocator Kurt Seifried
Re: CVE Request: lightdm incorrect .Xauthority permissions Kurt Seifried
Re: CVE request for Drupal contrib modules Kurt Seifried
CVE Requests for WordPress 3.6.1 Andrew Nacin
Re: CVE Requests for WordPress 3.6.1 Kurt Seifried
[seth.arnold () canonical com: CVE Requests openjpeg] Seth Arnold

Thursday, 12 September

Fwd: Use-after-free in TUNSETIFF Petr Matousek
[OSSA 2013-026] Potential denial of service on Nova when using Qpid (CVE-2013-4261) Thierry Carrez
cve requests for python-oauth2 Seth Arnold
Re: CVE Request: Three integer overflows in glibc memory allocator mancha
Re: cve requests for python-oauth2 Kurt Seifried
GnuPG treats no-usage-permitted keys as all-usages-permitted Daniel Kahn Gillmor

Friday, 13 September

CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Petr Matousek
Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit Kurt Seifried
Re: GnuPG treats no-usage-permitted keys as all-usages-permitted Kurt Seifried

Saturday, 14 September

CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Agostino Sarubbo
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Florian Weimer
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov
Re: GIMP Scriptfu Python Remote Command Execution Sebastian Pipping

Sunday, 15 September

CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo
[notification] django: CVE-2013-1443: denial-of-service via large passwords Salvatore Bonaccorso
Moodle security notifications public Michael de Raadt

Monday, 16 September

IcedTea-Web release 1.4.1 fixing CVE-2012-4540 Tomas Hoger
CVE-Request FFmpeg vulnerability Reno Robert
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Kurt Seifried
Re: CVE-Request FFmpeg vulnerability Kurt Seifried
Re: CVE request: proftpd: mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication Kurt Seifried

Tuesday, 17 September

CVE request: davfs2 - Unsecure use of system() Luciano Bello
Re: Re: CVE Request: glibc getaddrinfo() stack overflow Raphael Geissert
Re: CVE request: davfs2 - Unsecure use of system() Salvatore Bonaccorso
Research on better-than-brute-force attacks on PDF cryptography Florian Weimer
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel

Wednesday, 18 September

Re: CVE request: davfs2 - Unsecure use of system() Tavis Ormandy
CVE Request : poppler < 0.13.0 etienne
Fwd: [vs-plain] polkit races Sebastian Krahmer
Re: Fwd: [vs-plain] polkit races Marc Deslauriers
Re: Fwd: [vs-plain] polkit races Vincent Danen
Re: CVE request: davfs2 - Unsecure use of system() Kurt Seifried
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Kurt Seifried
Re: Re: CVE request: davfs2 - Unsecure use of system() Tim
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Alexander Cherepanov
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel

Thursday, 19 September

OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) Kurt Seifried
Re: OpenStack: Glance image creation in other tenant accounts (CVE-2013-4354) Jeremy Stanley

Friday, 20 September

Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Eric Hodel
CVE-2013-5696: split needed Raphael Geissert
Re: CVE-2013-4287 Algorithmic complexity vulnerability in RubyGems 2.0.7 and older Tomas Hoger
Re: browser document.cookie DoS vulnerability Joel Weinberger
Re: CVE-2013-5696: split needed Kurt Seifried

Sunday, 22 September

Re: Research on better-than-brute-force attacks on PDF cryptography Dhiru Kholia

Monday, 23 September

Re: CVE-2013-5696: split needed cve-assign
Re: SSL BREACH cve-assign

Tuesday, 24 September

Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo
Reproducible Builds for Fedora Dhiru Kholia
CVE request: X2Go server Chris Reffett
graphite CVE-2013-5903 confusion Seth Arnold

Wednesday, 25 September

Re: Reproducible Builds for Fedora Sebastian Krahmer
Xen Security Advisory 62 (CVE-2013-1442) - Information leak on AVX and/or LWP capable CPUs Xen . org security team
Re: Reproducible Builds for Fedora Ludwig Nussel
Re: Reproducible Builds for Fedora Steve Grubb
Re: Reproducible Builds for Fedora Nicolas Vigier
Re: Reproducible Builds for Fedora Sebastian Krahmer
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Moritz Naumann
Re: Reproducible Builds for Fedora Solar Designer
Re: Re: browser document.cookie DoS vulnerability Kurt Seifried
Re: Reproducible Builds for Fedora Moritz Muehlenhoff
Re: CVE request: X2Go server Kurt Seifried
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Kurt Seifried
Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple vulnerabilities Henri Salo
[notification] txt2man unsafe use of tempoarary files Salvatore Bonaccorso
CVE request: pyxtrlock Leon Weber
RESEND: CVE Request: pwgen Michael Samuel

Thursday, 26 September

Re: Reproducible Builds for Fedora Dhiru Kholia
CVE request: Javamelody blind XSS through X-Forwarded-For header Rafael Luque
CVE request: qemu host crash from within guest Vincent Danen
Re: CVE request: qemu host crash from within guest Kurt Seifried
CVE request for Drupal contributed modules Forest Monsen
Buffer overrun vulnerability in CHICKEN Scheme Peter Bex
Re: Reproducible Builds for Fedora Alexander Cherepanov
Re: Reproducible Builds for Fedora Steve Grubb
Re: Reproducible Builds for Fedora Alexander Cherepanov
Re: Reproducible Builds for Fedora Paul Pluzhnikov
Trend micro contact details donesh.l
Re: Reproducible Builds for Fedora Kurt Seifried
Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Kurt Seifried
Re: CVE request for Drupal contributed modules Kurt Seifried
Re: Buffer overrun vulnerability in CHICKEN Scheme Kurt Seifried
Re: Reproducible Builds for Fedora Dhiru Kholia

Friday, 27 September

Re: CVE request: Javamelody blind XSS through X-Forwarded-For header Rafael Luque
Re: graphite CVE-2013-5903 confusion cve-assign
Re: Reproducible Builds for Fedora Paul Pluzhnikov
linux kernel memory corruption with ipv6 udp offloading Hannes Frederic Sowa

Saturday, 28 September

Re: linux kernel memory corruption with ipv6 udp offloading Kurt Seifried

Sunday, 29 September

Re: Trend micro contact details Florian Weimer

Monday, 30 September

Xen Security Advisory 63 (CVE-2013-4355) - Information leaks through I/O instruction emulation Xen . org security team
Xen Security Advisory 64 (CVE-2013-4356) - Memory accessible by 64-bit PV guests under live migration Xen . org security team
Xen Security Advisory 66 (CVE-2013-4361) - Information leak through fbld instruction emulation Xen . org security team

Previous period

Next period