oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

714 messages starting Feb 18 14 and ending Feb 07 14
Date index | Thread index | Author index

Aaron Patterson

Data Injection Vulnerability in Active Record (CVE-2014-0080) Aaron Patterson (Feb 18)
Denial of Service Vulnerability in Action View when using render :text (CVE-2014-0082) Aaron Patterson (Feb 18)
XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human (CVE-2014-0081) Aaron Patterson (Feb 18)

Adam Zabrocki

Adventure with Stack Smashing Protector (SSP) Adam Zabrocki (Mar 26)

Agostino Sarubbo

Re: Re: CVE request for icinga 1 byte \0 overflows Agostino Sarubbo (Mar 13)
CVE request: Linux Kernel, two security issues Agostino Sarubbo (Mar 30)

Alan Coopersmith

Re: Fwd: Old CVE ids, public, but still "RESERVED" Alan Coopersmith (Feb 08)
Fwd: X.Org Security Advisory: CVE-2013-6462: Stack buffer overflow in parsing of BDF font files in libXfont Alan Coopersmith (Jan 07)

Alexander Cherepanov

Re: linux-distros membership Alexander Cherepanov (Feb 01)

Alexander E. Patrakov

Re: CVE request: WebKit-GTK + Puseaudio: unexpectedly high sound volume Alexander E. Patrakov (Feb 10)

Alexandre Dulaunoy

contao vulnerability - CVE assigned? Alexandre Dulaunoy (Feb 07)

Alex Gaynor

Re: When is broken crypto a vulnerability? Alex Gaynor (Mar 10)

Andrea Barisani

[oCERT-2014-002] Xalan-Java insufficient secure processing Andrea Barisani (Mar 24)
[oCERT-2014-003] LibYAML input sanitization errors Andrea Barisani (Mar 26)
[oCERT-2014-001] MantisBT input sanitization errors Andrea Barisani (Feb 08)

Arun Babu Neelicattu

Neo4J CSRF: Potential CVE candidate Arun Babu Neelicattu (Jan 02)

Arun Neelicattu

CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools) Arun Neelicattu (Feb 05)
Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu (Feb 17)
CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS Arun Neelicattu (Feb 06)

Bob Ezrin

IMAP STARTTLS sniff tool Bob Ezrin (Mar 07)
Fw: Re: IMAP STARTTLS sniff tool Bob Ezrin (Mar 12)

CERT(R) Coordination Center

Re: Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center (Feb 16)
Vendor adoption of PIE INFO#934476 oss-security CERT(R) Coordination Center (Feb 11)

Chris Palmer

Re: When is broken crypto a vulnerability? Chris Palmer (Mar 10)
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Chris Palmer (Mar 11)
Re: Re: When is broken crypto a vulnerability? Chris Palmer (Mar 10)

Chris Sandulow

Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Chris Sandulow (Jan 08)

Chris Steipp

Re: Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Chris Steipp (Feb 28)
Re: [OT] FD mailing list died. Time for new one Chris Steipp (Mar 19)
CVE request: MediaWiki 1.22.5 login csrf Chris Steipp (Mar 27)
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp (Mar 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp (Mar 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp (Mar 28)
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Chris Steipp (Feb 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Chris Steipp (Mar 28)

Christey, Steven M.

RE: CVE split and a missed file Christey, Steven M. (Jan 09)

Christos Zoulas

Re: Vendor adoption of PIE INFO#934476 oss-security Christos Zoulas (Feb 16)

Clemens Fries

cinnamon-screensaver lock bypass (tested on Fedora 20) Clemens Fries (Feb 12)

coderman

Re: [OT] FD mailing list died. Time for new one coderman (Mar 25)
Re: FD mailing list died. Time for new one (or something better!) coderman (Mar 20)
Re: FD mailing list died. Time for new one (or something better!) coderman (Mar 20)
Re: FD mailing list died. Time for new one (or something better!) coderman (Mar 20)

cve-assign

Re: CVE request? buffer overflow in socket.recvfrom_into cve-assign (Feb 12)
Re: CVE Request: thermald cve-assign (Mar 08)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 12)
Re: CVE request: hexchat buffer overflow cve-assign (Feb 25)
Re: CVE request for catfish program cve-assign (Feb 25)
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release cve-assign (Feb 28)
Re: Fwd: temporary file creation vulnerability in Redis cve-assign (Feb 23)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 13)
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities cve-assign (Feb 27)
Re: Fwd: temporary file creation vulnerability in Redis cve-assign (Feb 24)
Re: CVE request: temporary file issue in Passenger rubygem cve-assign (Jan 30)
Re: CVE request: XSS in MODX Revolution before 2.2.11 cve-assign (Feb 24)
Re: CVE request: assorted kernel infoleak security fixes cve-assign (Jan 15)
Re: CVE request, libgd and php's gd cve-assign (Mar 14)
Re: (possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution cve-assign (Feb 09)
Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem cve-assign (Mar 12)
Re: CVE request: multiple issues in Apache Cordova/PhoneGap cve-assign (Feb 07)
Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign (Feb 18)
Re: CVE Request: otrs: CSRF issue in customer web interface cve-assign (Jan 29)
Re: CVE request: remote code execution in egroupware <= 1.8.005 cve-assign (Feb 19)
Re: Xen Security Advisory 87 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests cve-assign (Jan 24)
Re: CVE request for two net-snmp remote DoS flaws cve-assign (Mar 05)
Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666 cve-assign (Jan 07)
Re: CVE request: a2ps insecure temporary file use cve-assign (Feb 05)
Re: CVE request for python/zipfile cve-assign (Mar 19)
Re: T201403525 - Hypercube security Advisory cve-assign (Mar 26)
CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean cve-assign (Feb 10)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign (Feb 20)
Re: Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure cve-assign (Feb 12)
Re: CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches cve-assign (Feb 10)
Re: Xen Security Advisory 83 - Out-of-memory condition yielding memory corruption during IRQ setup cve-assign (Jan 23)
Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied cve-assign (Mar 20)
Re: Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities cve-assign (Feb 07)
Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 07)
Re: Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp cve-assign (Jan 17)
Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) cve-assign (Jan 29)
Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 cve-assign (Feb 19)
Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c cve-assign (Mar 17)
Re: CVE split and a missed file cve-assign (Jan 09)
Re: When is broken crypto a vulnerability? cve-assign (Mar 11)
Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) cve-assign (Feb 07)
Re: Persistent XSS in Media File Renamer V1.7.0 cve-assign (Feb 20)
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign (Jan 07)
Re: CVE request: tmux local denial of service (2009) cve-assign (Jan 09)
Re: cinnamon-screensaver lock bypass (tested on Fedora 20) cve-assign (Feb 12)
Re: CVE request for Drupal contributed modules cve-assign (Jan 20)
Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python cve-assign (Mar 30)
Re: kwallet crypto misuse cve-assign (Jan 03)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 04)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Mar 20)
Re: Getting tempfile/mktemp wrong cve-assign (Jan 22)
Re: kwallet crypto misuse cve-assign (Jan 02)
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign (Feb 07)
Re: PlRPC Perl module: pre-auth remote code execution, weak crypto cve-assign (Jan 09)
Re: CVE Request - Poppler library: DoS fixed in 0.24.5 cve-assign (Jan 17)
Re: CVE request New-djbdns: dnscache: possible DoS cve-assign (Feb 19)
Re: CVE request: Perl module MARC::File::XML cve-assign (Jan 21)
Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration cve-assign (Mar 18)
Re: CVE request: temp file issues in python's logilab-common module cve-assign (Feb 02)
Re: When is broken crypto a vulnerability? cve-assign (Mar 10)
Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp cve-assign (Jan 21)
Re: CVE Request: Capture::Tiny: insecure use of /tmp cve-assign (Feb 06)
Re: pam_timestamp internals cve-assign (Mar 26)
Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign (Feb 26)
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)
Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext cve-assign (Mar 21)
Re: [notification] CVE-2013-6888: uscan: remote code execution cve-assign (Feb 12)
Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) cve-assign (Jan 07)
CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues cve-assign (Mar 31)
Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) cve-assign (Feb 20)
Re: CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color() cve-assign (Feb 18)
Re: CVE request: Linux Kernel, two security issues cve-assign (Mar 30)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign (Feb 19)
Re: CVE request: askbot xss cve-assign (Feb 28)
CVE-2013-7339 Linux kernel - rds: prevent dereference of a NULL device cve-assign (Mar 20)
Re: CVE request: openssh client does not check SSHFP if server offers certificate cve-assign (Mar 26)
Re: CVE request: remote code execution via deserialization in XStream cve-assign (Jan 09)
Re: CVE request: a2ps insecure temporary file use cve-assign (Feb 04)
Re: CVE needed for libotr's support for OTR v1? cve-assign (Feb 03)
Re: xfe: directory masks ignored when creating new files on Samba and NFS cve-assign (Feb 24)
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet cve-assign (Mar 24)
Re: CVE request: freeradius denial of service in rlm_pap hash processing cve-assign (Feb 18)
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ cve-assign (Feb 14)
Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) cve-assign (Feb 13)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 03)
Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible cve-assign (Mar 25)
Re: oath-toolkit PAM module OTP token invalidation issue cve-assign (Feb 09)
Re: CVE Request: Multiple security issues in Android Debug Bridge (Android SDK Tools) cve-assign (Feb 08)
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 cve-assign (Jan 18)
Re: echor 0.1.6 Ruby Gem exposes login credentials cve-assign (Jan 31)
Re: Neo4J CSRF: Potential CVE candidate cve-assign (Jan 03)
Re: CVE for freerdp int overflow? cve-assign (Jan 03)
Re: CVE request: konqueror not providing any protection against clickjacking cve-assign (Mar 06)
Re: kwallet crypto misuse cve-assign (Jan 02)
Re: CVE Request/Clarification - PHP cve-assign (Mar 07)
Re: Insecure usage of temporary files in GNU Readline cve-assign (Mar 17)
Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign (Feb 12)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 13)
Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction cve-assign (Feb 20)
Re: CVE request: python-gnupg before 0.3.5 shell injection cve-assign (Feb 09)
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability cve-assign (Feb 28)
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release cve-assign (Mar 01)
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open cve-assign (Mar 07)
Re: CVE Request: Linux kernel: SELinux local DoS cve-assign (Feb 06)
Re: CVE Request -- libvirt: denial of service with keepalive cve-assign (Jan 14)
Re: CVE request: uupdate (devscripts) directory traversal cve-assign (Jan 31)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning cve-assign (Feb 20)
Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls cve-assign (Feb 06)
Re: CVE request: multiple issues in Koha cve-assign (Feb 09)
Re: CVE Request: drupal7-entity: multiple access bypass vulnerabilities cve-assign (Jan 09)
Re: lighttpd 1.4.34 SQL injection and path traversal CVE request cve-assign (Mar 12)
Re: CVE request: cloud-init DNS resolution fix cve-assign (Mar 06)
Re: CVE Request: drupal: multiple vulnerabilities corrected in 6.30 and 7.26 (SA-CORE-2014-001) cve-assign (Jan 16)
Re: CVE: Request cve-assign (Jan 29)
Re: CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites cve-assign (Mar 22)
Re: CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies cve-assign (Mar 12)
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS cve-assign (Mar 07)
Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp cve-assign (Feb 10)
Re: possible CVE requests: perltidy insecure temporary file usage cve-assign (Mar 08)
Re: paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials cve-assign (Jan 08)
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper cve-assign (Jan 28)
Re: CVE request: WebKit-GTK + Puseaudio: unexpectedly high sound volume cve-assign (Feb 10)
Re: CVE split and a missed file cve-assign (Jan 08)
Re: CVE request: enlightenment sysactions cve-assign (Feb 03)
Re: CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext." cve-assign (Feb 18)
Re: CVE Request: Erlang OTP - ftp module - FTP Command Injection cve-assign (Jan 29)
Re: CVEs for Android addJavascriptInterface issues (was: multiple issues in Apache Cordova/PhoneGap) cve-assign (Feb 08)
Re: CVE split and a missed file cve-assign (Jan 08)
Re: Remote code execution in horde < 5.1.1 cve-assign (Jan 28)
Re: CVE Request: rack-ssl rubygem: XSS in error page cve-assign (Mar 19)
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables cve-assign (Mar 05)
Re: CVE request: Cantata vulnerability cve-assign (Jan 20)
Re: CVE request: flaw in curl's Windows SSL backend cve-assign (Mar 17)
Re: CVE request for CGI::Application information disclosure flaw cve-assign (Feb 19)
Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS cve-assign (Mar 28)
Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS cve-assign (Jan 31)
Re: CVE request for icinga 1 byte \0 overflows cve-assign (Mar 13)
Re: CVE request: f2py insecure temporary file use cve-assign (Feb 07)
Re: Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key cve-assign (Jan 08)
Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution cve-assign (Mar 18)
Re: CVE request for catfish program cve-assign (Feb 25)
Re: CVE Request: Percona Toolkit automatic version check - remote code execution / information leak cve-assign (Feb 19)
Re: CVE request: postfixadmin SQL injection vulnerability cve-assign (Mar 26)
Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Feb 28)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() cve-assign (Mar 06)
Re: Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation cve-assign (Jan 13)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Feb 12)
Re: possible CVE request: smb4k credentials cache leak cve-assign (Mar 25)
Re: CVE Request: python-jinja2: arbitrary code execution vulnerability cve-assign (Jan 10)
Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() cve-assign (Jan 08)
Re: CVE request: spip: cross-site scripting vulnerability cve-assign (Jan 20)
Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding cve-assign (Mar 07)
Re: CVE request New-djbdns: dnscache: possible DoS cve-assign (Feb 20)
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference cve-assign (Jan 07)
Re: Moodle security notifications public cve-assign (Mar 21)
Re: CVE request: SQL injection in MODX Revolution before 2.2.13 cve-assign (Mar 08)
Re: CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 cve-assign (Jan 07)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones cve-assign (Mar 13)
Re: CVE-Request - pen issues cve-assign (Mar 13)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" cve-assign (Feb 19)
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol cve-assign (Jan 17)
Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) cve-assign (Feb 04)
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol cve-assign (Jan 17)
Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping cve-assign (Mar 20)
Re: When is broken crypto a vulnerability? cve-assign (Mar 10)
Re: CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings cve-assign (Feb 19)
Re: CVE request: Linux kernel: nfs: information leakage cve-assign (Feb 20)
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities cve-assign (Feb 27)
Re: CVE request: PHP object insertion in Contao CMS <= 3.2.5 cve-assign (Feb 03)
Re: CVE-2013-6800 is a dup of CVE-2013-1418 cve-assign (Mar 04)
Re: CVE Request -- libvirt: denial of service with keepalive cve-assign (Jan 14)
Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10 cve-assign (Mar 01)
Re: Two stack-based issues in freetype [NOT a request] cve-assign (Mar 12)

Damien Cauquil

CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil (Feb 26)
[CVE assignment notification] Multiple vulnerabilities in POSH Damien Cauquil (Feb 26)
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil (Feb 27)
Re: CVE request: PLOGGER 1.0RC1 multiple vulnerabilities Damien Cauquil (Feb 27)
CVE request: POSH multiple vulnerabilities Damien Cauquil (Feb 26)

Damien Regad

Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 03)
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Mar 04)
CVE request: MantisBT 1.2.13 SQL injection vulnerability Damien Regad (Feb 28)

Daniel Cegiełka

Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Daniel Cegiełka (Mar 05)

Daniel Kahn Gillmor

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 03)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 03)
Re: Re: kwallet crypto misuse Daniel Kahn Gillmor (Jan 02)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Daniel Kahn Gillmor (Jan 07)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 13)
Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp Daniel Kahn Gillmor (Jan 21)
Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Daniel Kahn Gillmor (Mar 04)
Fwd: [Python-modules-team] Bug#735263: python-rply: insecure use of /tmp Daniel Kahn Gillmor (Jan 17)

Daniel P. Berrange

Re: [Libvirt-Security] CVE Request -- libvirt: denial of service with keepalive Daniel P. Berrange (Jan 14)

Daniel Stenberg

CVE request: flaw in curl's Windows SSL backend Daniel Stenberg (Mar 17)

David Jorm

CVE request: multiple issues in Apache Cordova/PhoneGap David Jorm (Feb 02)
CVE request: remote code execution via deserialization in XStream David Jorm (Jan 09)
Re: CVE request: remote code execution via deserialization in XStream David Jorm (Jan 09)
Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) David Jorm (Feb 19)
Re: JBoss EJBInvokerServlet/JMXInvokerServlet confusion David Jorm (Mar 30)

dawg

Re: CVE Request: Juju phpmyadmin charm dawg (Jan 29)

dawgystyle

CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites dawgystyle (Mar 22)

Dean Pierce

Re: [OT] FD mailing list died. Time for new one Dean Pierce (Mar 19)
Re: [OT] FD mailing list died. Time for new one Dean Pierce (Mar 19)

Dmitry V. Levin

Re: pam_timestamp internals Dmitry V. Levin (Mar 31)
Re: pam_timestamp internals Dmitry V. Levin (Mar 31)

Donald Stufft

Re: CVEs, Crypto and "vulnerabilities" Donald Stufft (Mar 31)

Don Armstrong

Re: Bug#740670: possible CVE requests: perltidy insecure temporary file usage Don Armstrong (Mar 07)

Emden R. Gansner

Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Emden R. Gansner (Jan 08)

Eric Blake

Re: CVE Request -- libvirt: denial of service with keepalive Eric Blake (Jan 14)

Felix Eckhofer

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Felix Eckhofer (Mar 04)

Florent Daigniere

Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere (Mar 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere (Mar 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere (Mar 28)
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere (Mar 29)
Re: CVE request: MediaWiki 1.22.5 login csrf Florent Daigniere (Mar 28)

Florian Weimer

PlRPC Perl module: pre-auth remote code execution, weak crypto Florian Weimer (Jan 09)
Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer (Feb 27)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Florian Weimer (Feb 10)
Re: CVE Request: Linux kernel: SELinux local DoS Florian Weimer (Feb 06)
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Florian Weimer (Feb 15)
Re: KAuth security issues Florian Weimer (Mar 26)
kwallet crypto misuse Florian Weimer (Jan 02)
Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 05)
XML entity processing hardening Florian Weimer (Mar 04)
CVE request: cloud-init DNS resolution fix Florian Weimer (Mar 06)
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol Florian Weimer (Jan 19)
Over-embargoing Florian Weimer (Mar 24)
CVE request: freeradius denial of service in rlm_pap hash processing Florian Weimer (Feb 16)
Re: CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
CVE request: tmux local denial of service (2009) Florian Weimer (Jan 09)
oath-toolkit PAM module OTP token invalidation issue Florian Weimer (Feb 07)
Re: CVE request: python-gnupg before 0.3.5 shell injection Florian Weimer (Feb 04)

Forest Monsen

CVE request for Drupal contributed modules Forest Monsen (Jan 20)
Re: CVE request for Drupal contributed modules Forest Monsen (Jan 20)

Fyodor

Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? Fyodor (Mar 28)
Re: [OT] FD mailing list died. Time for new one Fyodor (Mar 25)

Galen Charlton

CVE request: Perl module MARC::File::XML Galen Charlton (Jan 21)
CVE request: multiple issues in Koha Galen Charlton (Feb 07)

Garth Mollett

Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) Garth Mollett (Feb 20)
CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client Garth Mollett (Mar 05)
CVE-2013-6393 / libyaml buffer overflow Garth Mollett (Jan 30)

George Staikos

Re: kwallet crypto misuse George Staikos (Jan 13)

Georgi Guninski

Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
OT What are the delays in delivery of Fyodor's Full Disclosure list? Georgi Guninski (Mar 28)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: Adventure with Stack Smashing Protector (SSP) Georgi Guninski (Mar 29)
Re: Re: FD mailing list died. Time for new one (or something better!) Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 30)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 22)
Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? Georgi Guninski (Mar 29)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: Re: FD mailing list died. Time for new one (or something better!) Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 20)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 21)
Re: Adventure with Stack Smashing Protector (SSP) Georgi Guninski (Mar 29)
Re: Over-embargoing Georgi Guninski (Mar 24)
[OT] FD mailing list died. Time for new one Georgi Guninski (Mar 19)
Re: [OT] FD mailing list died. Time for new one Georgi Guninski (Mar 24)

Gerhard Rieger

Socat security advisory 5 - PROXY-CONNECT address overflow Gerhard Rieger (Jan 28)

Grant Murphy

[OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056) Grant Murphy (Mar 27)
[OSSA 2014-003] Live migration can leak root disk into ephemeral storage (CVE-2013-7130) Grant Murphy (Jan 23)
CVE request for vulnerability in OpenStack Nova Grant Murphy (Mar 20)

Greg KH

Re: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH (Mar 06)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Greg KH (Mar 05)

gremlin

Re: kwallet crypto misuse gremlin (Jan 04)
GOST 28147-89 gets 512 bit and 1 kbit keys gremlin (Mar 31)
Re: [OT] FD mailing list died. Time for new one gremlin (Mar 19)
Re: kwallet crypto misuse gremlin (Jan 02)

Guido Berhoerster

Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
Re: Re: CVE request: tmux local denial of service (2009) Guido Berhoerster (Jan 09)
CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Guido Berhoerster (Jan 07)

Gunther

Dokeos 2.1.1 Multiple Stored XSS Vulnerabilities Gunther (Feb 05)

Hafez Kamal

[HITB-Announce] HITB Magazine Issue 10 Out Now Hafez Kamal (Jan 06)

halfdog

Linux kernel: missing CPU-state sanitation during task-switch causes DOS / privilege escalation halfdog (Jan 12)

Hanno Böck

When is broken crypto a vulnerability? Hanno Böck (Mar 10)
Re: When is broken crypto a vulnerability? Hanno Böck (Mar 10)
CVE request: SQL injection in MODX Revolution before 2.2.13 Hanno Böck (Mar 08)
CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck (Feb 04)
CVE request: XSS in MODX Revolution before 2.2.11 Hanno Böck (Feb 24)
Re: contao vulnerability - CVE assigned? Hanno Böck (Feb 07)
CVE request: konqueror not providing any protection against clickjacking Hanno Böck (Mar 04)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Hanno Böck (Mar 04)
Re: CVE request: python-gnupg before 0.3.5 shell injection Hanno Böck (Feb 06)

Helmut Grohne

Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 14)
Getting tempfile/mktemp wrong Helmut Grohne (Jan 22)
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 14)
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 16)
Re: Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Helmut Grohne (Feb 16)

Henri Salo

Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
CVE request: CMS Made Simple SQL injection fixed in 1.11.10 Henri Salo (Mar 01)
CVE request: hexchat buffer overflow Henri Salo (Feb 24)
Re: CVE request: python-gnupg before 0.3.5 shell injection Henri Salo (Feb 04)
Re: IMAP STARTTLS sniff tool Henri Salo (Mar 12)
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Henri Salo (Jan 18)
Re: CVE request for Drupal contributed modules Henri Salo (Jan 20)
Re: more info on "radiotap: bitmap-end-finding buffer overrun" Henri Salo (Jan 19)

Huzaifa Sidhpurwala

libssh and stunnel PRNG flaws Huzaifa Sidhpurwala (Mar 04)
CVE request for two net-snmp remote DoS flaws Huzaifa Sidhpurwala (Mar 05)
Re: CVE for freerdp int overflow? Huzaifa Sidhpurwala (Jan 02)
udisks and udisks2: stack-based buffer overflow when handling long path names Huzaifa Sidhpurwala (Mar 10)
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Huzaifa Sidhpurwala (Mar 06)

Ian Campbell

Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Ian Campbell (Mar 25)

intrigeri

CVE request: parcimonie (0.6 to 0.8, included) possible correlation between key fetches intrigeri (Feb 10)

Jakub Wilk

Re: [notification] CVE-2013-6888: uscan: remote code execution Jakub Wilk (Feb 06)
CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp Jakub Wilk (Feb 10)

Jan Beulich

Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Jan Beulich (Feb 07)

Jan Kundrát

Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping Jan Kundrát (Mar 20)
Requesting a CVE id for Trojitá, an e-mail client: SSL stripping Jan Kundrát (Mar 19)

Jann Horn

Re: [OT] FD mailing list died. Time for new one Jann Horn (Mar 19)
Re: CVE request: MediaWiki 1.22.5 login csrf Jann Horn (Mar 29)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Jann Horn (Mar 04)
Re: CVE request: MediaWiki 1.22.5 login csrf Jann Horn (Mar 28)

Jan Schneider

Re: Remote code execution in horde < 5.1.1 Jan Schneider (Jan 29)

Jason A. Donenfeld

Possible CVE Request for Weechat -- Mutex potentially not held for random number generation Jason A. Donenfeld (Feb 13)

Jens Bothe via OTRS Security Team

Re: [Ticket#2014012942020471] CVE Request: otrs: CSRF issue in customer web interface Jens Bothe via OTRS Security Team (Jan 29)

Jeremy Stanley

[OSSA 2014-004] Glance Swift store backend password leak (CVE-2014-1948) Jeremy Stanley (Feb 12)
CVE request for vulnerability in OpenStack Glance Jeremy Stanley (Feb 11)

jmm

CVE request for python/zipfile jmm (Mar 18)

John Haxby

Re: linux-distros membership John Haxby (Jan 24)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones John Haxby (Mar 04)

Joshua J. Drake

Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Joshua J. Drake (Feb 11)
Re: CVEs for Android addJavascriptInterface issues (was: multiple issues in Apache Cordova/PhoneGap) Joshua J. Drake (Feb 07)

Julien Cristau

Re: Adventure with Stack Smashing Protector (SSP) Julien Cristau (Mar 29)

Just1n T1mberlake

T201403525 - Hypercube security Advisory Just1n T1mberlake (Mar 25)

Kees Cook

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kees Cook (Jan 30)

Kurt Seifried

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 03)
REJECT CVE-2014-0070 Kurt Seifried (Feb 26)
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried (Jan 20)
imapsync default version check with,http://imapsync.lamiral.info information leakage (CVE-2013-4279) Kurt Seifried (Jan 16)
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried (Jan 20)
Re: Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) Kurt Seifried (Feb 03)
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper Kurt Seifried (Jan 28)
https://updateframework.com/ down for a few days now Kurt Seifried (Jan 07)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
Re: collectd security contact Kurt Seifried (Jan 29)
CVEs, Crypto and "vulnerabilities" Kurt Seifried (Mar 30)
Re: Re: kwallet crypto misuse Kurt Seifried (Jan 02)
Re: CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper Kurt Seifried (Jan 28)
OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) Kurt Seifried (Jan 28)
CVE assignment for jinja2 Kurt Seifried (Jan 10)
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Kurt Seifried (Jan 17)
Re: radare2 endless loop Kurt Seifried (Jan 02)
AMD Security contact Kurt Seifried (Jan 02)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Kurt Seifried (Mar 04)

larry Cashdollar

Re: Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) larry Cashdollar (Feb 03)

Larry W. Cashdollar

Paratrooper-newrelic 1.0.1 Ruby Gem exposes API key Larry W. Cashdollar (Jan 07)
echor 0.1.6 Ruby Gem exposes login credentials Larry W. Cashdollar (Jan 30)
paratrooper-pingdom-1.0.0 ruby gem exposes API login credentials Larry W. Cashdollar (Jan 07)
Persistent XSS in Media File Renamer V1.7.0 Larry W. Cashdollar (Feb 20)
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem Larry W. Cashdollar (Mar 10)
Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) Larry W. Cashdollar (Feb 02)
Re: Persistent XSS in Wordpress 3.3.1+dfsg-1 (Packaged with Ubuntu 12.04.4) Larry W. Cashdollar (Feb 02)

Maksymilian A

CVE Request: Apache Archiva Remote Command Execution 0day Maksymilian A (Jan 14)
Re: CVE Request: Apache Archiva Remote Command Execution 0day Maksymilian A (Jan 14)

mancha

Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables mancha (Mar 05)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
CVE Request/Clarification - PHP mancha (Mar 05)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 02)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 03)
Re: CVE Request/Clarification - PHP mancha (Mar 07)
CVE Request - Poppler library: DoS fixed in 0.24.5 mancha (Jan 16)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) mancha (Feb 03)
Re: OpenSSH J-PAKE vulnerability (no cause for panic! remain calm!) mancha (Feb 03)
CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) mancha (Feb 13)

Marcus Meissner

Re: CVEs, Crypto and "vulnerabilities" Marcus Meissner (Mar 31)
CVE Request?: konqueror - https uses all ciphers, even weak ones Marcus Meissner (Feb 27)
Re: CVE request for a bug in gnu coreutils 8.22 Marcus Meissner (Mar 14)
CVE Request: Percona Toolkit automatic version check - remote code execution / information leak Marcus Meissner (Feb 18)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Marcus Meissner (Mar 12)
CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies Marcus Meissner (Mar 10)
CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c Marcus Meissner (Mar 17)
CVE request for icinga 1 byte \0 overflows Marcus Meissner (Mar 13)
CVE-2013-6800 is a dup of CVE-2013-1418 Marcus Meissner (Mar 04)
CVE Request: rack-ssl rubygem: XSS in error page Marcus Meissner (Mar 19)

Martin Carpenter

CVE request: enlightenment sysactions Martin Carpenter (Jan 30)

Martin Prpic

CVE request: MaraDNS DoS due to incorrect bounds checking on certain strings Martin Prpic (Feb 18)

Matthew Daley

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Matthew Daley (Jan 31)
Re: CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley (Jan 18)
CVE requests / advisory: cxxtools <= 2.2, Tntnet <= 2.2 Matthew Daley (Jan 17)
Re: CVE request: python-gnupg before 0.3.5 shell injection Matthew Daley (Feb 04)

Matthew Hall

Fwd: temporary file creation vulnerability in Redis Matthew Hall (Feb 22)
Re: Fwd: temporary file creation vulnerability in Redis Matthew Hall (Feb 23)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Jan 19)
Moodle security notifications public Michael de Raadt (Mar 16)

Michael Kromer

Security Flaw CVE-2014-0037 Michael Kromer (Jan 31)

Michael Samuel

Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
collectd security contact Michael Samuel (Jan 29)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Michael Samuel (Mar 22)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Michael Samuel (Mar 12)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)
Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 20)
Re: Fwd: temporary file creation vulnerability in Redis Michael Samuel (Feb 22)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 17)
Re: Re: collectd security contact Michael Samuel (Jan 30)
Re: CVEs, Crypto and "vulnerabilities" Michael Samuel (Mar 31)
Re: Re: kwallet crypto misuse Michael Samuel (Jan 02)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning Michael Samuel (Feb 11)

Mikkel Krautz

Mumble-SA-2014-001 and Mumble-SA-2014-002 Mikkel Krautz (Feb 05)

Moritz Muehlenhoff

Re: linux-distros membership Moritz Muehlenhoff (Jan 23)
Re: Re: CVE to the ntp monlist DDoS issue? Moritz Muehlenhoff (Jan 02)
Duplicated CVE assignment for bip Moritz Muehlenhoff (Jan 02)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Moritz Muehlenhoff (Mar 05)

Moritz Naumann

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Moritz Naumann (Mar 04)

Murray McAllister

xfe: directory masks ignored when creating new files on Samba and NFS Murray McAllister (Feb 23)
CVE needed for libotr's support for OTR v1? Murray McAllister (Jan 30)
information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 11)
Re: CVE request: a2ps insecure temporary file use Murray McAllister (Feb 03)
CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 Murray McAllister (Mar 26)
CVE request: a2ps insecure temporary file use Murray McAllister (Feb 02)
CVE request: f2py insecure temporary file use Murray McAllister (Feb 05)
CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Murray McAllister (Feb 27)
possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 03)
possible CVE request: smb4k credentials cache leak Murray McAllister (Mar 23)
Re: CVE already assigned for 1026891? Murray McAllister (Jan 16)
CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution Murray McAllister (Mar 16)
CVE request: uupdate (devscripts) directory traversal Murray McAllister (Jan 30)
Re: CVE-2013-6401 Jansson hash collision issue Murray McAllister (Feb 11)
CVE request: MuPDF Stack-based Buffer Overflow in xps_parse_color() Murray McAllister (Feb 13)
Re: Re: possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 10)
CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Murray McAllister (Jan 16)
Re: CVE request: f2py insecure temporary file use Murray McAllister (Feb 06)
temporary file issue in flite Murray McAllister (Jan 09)
Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Murray McAllister (Jan 19)
Re: Remote code execution in horde < 5.1.1 Murray McAllister (Jan 28)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 13)
CVE-2013-6401 Jansson hash collision issue Murray McAllister (Feb 11)
Re: information on "ImageMagick PSD Images Processing RLE Decoding Buffer Overflow Vulnerability" Murray McAllister (Feb 12)
Re: Remote code execution in horde < 5.1.1 Murray McAllister (Jan 28)
CVE request: "imapsync ignores the --tls switch and sends my authentication plaintext." Murray McAllister (Feb 16)
Re: cinnamon-screensaver lock bypass (tested on Fedora 20) Murray McAllister (Feb 12)
Re: Re: CVE request: a2ps insecure temporary file use Murray McAllister (Feb 05)
CVE-2014-0039: fwsnort loaded configuration file from cwd when run as a non-root user Murray McAllister (Feb 02)

Nick Kralevich

Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Feb 16)
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich (Feb 16)
Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean Nick Kralevich (Feb 18)

Paul

Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext Paul (Mar 12)

Paul Wouters

CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 Paul Wouters (Feb 18)

PaX Team

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)

Pedro Ribeiro

Remote code execution in horde < 5.1.1 Pedro Ribeiro (Jan 28)
CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro (Jan 31)
CVE request: remote code execution in egroupware <= 1.8.005 Pedro Ribeiro (Feb 19)
Re: CVE request: remote code execution in egroupware <= 1.8.005 Pedro Ribeiro (Feb 19)
Re: CVE request: impressCMS 1.3.5 arbitrary file deletion and XSS Pedro Ribeiro (Feb 02)
CVE request: PHP object insertion in Contao CMS <= 3.2.5 Pedro Ribeiro (Feb 03)

Petr Matousek

CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS Petr Matousek (Mar 04)
CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration Petr Matousek (Mar 18)
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Petr Matousek (Mar 11)
CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy Petr Matousek (Mar 10)
CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free Petr Matousek (Mar 04)
CVE Request -- libvirt: denial of service with keepalive Petr Matousek (Jan 14)
CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk Petr Matousek (Mar 04)
CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied Petr Matousek (Mar 20)
CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access Petr Matousek (Mar 03)
CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes Petr Matousek (Feb 17)

Petter Reinholdtsen

Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Petter Reinholdtsen (Feb 15)

Pierre Joye

CVE request, libgd and php's gd Pierre Joye (Mar 14)

P J P

Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
Re: CVE request New-djbdns: dnscache: possible DoS P J P (Feb 19)
CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 17)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 10)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 18)
Re: Re: CVE request New-djbdns: dnscache: possible DoS P J P (Feb 20)
CVE Request: Linux kernel: SELinux local DoS P J P (Feb 06)
Re: CVE split and a missed file P J P (Jan 09)
CVE split and a missed file P J P (Jan 06)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 10)
Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 19)
Re: CVE request New-djbdns: dnscache: possible DoS P J P (Feb 18)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 20)
CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 09)
Re: Re: CVE request: Linux kernel: nfs: information leakage P J P (Feb 20)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)
CVE request Linux kernel: netfilter: nf_nat: leakage of uninitialized buffer in IRC NAT helper P J P (Jan 28)
CVE request New-djbdns: dnscache: possible DoS P J P (Feb 17)
Re: CVE split and a missed file P J P (Jan 07)
CVE REJECT request: CVE-2013-4588 P J P (Jan 29)
Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction P J P (Feb 20)
CVE Request: Linux kernel: s390: crash due to linkage stack instruction P J P (Feb 20)
Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Feb 11)

Puneeth Gowda

CVE: Request Puneeth Gowda (Jan 29)

Qixue Xiao

CVE request for a bug in gnu coreutils 8.22 Qixue Xiao (Mar 19)
CVE request for a bug in gnu coreutils 8.22 Qixue Xiao (Mar 14)

Ralf Becker

Re: CVE request: remote code execution in egroupware <= 1.8.005 Ralf Becker (Feb 19)

Raphael Geissert

more info on "radiotap: bitmap-end-finding buffer overrun" Raphael Geissert (Jan 17)
CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert (Mar 06)
Re: Old CVE ids, public, but still "RESERVED" Raphael Geissert (Feb 12)
Fwd: Old CVE ids, public, but still "RESERVED" Raphael Geissert (Feb 08)
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS Raphael Geissert (Mar 07)
Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 10)
Re: CVE request: temporary file issue in Passenger rubygem Raphael Geissert (Jan 29)
[notification] CVE-2013-6888: uscan: remote code execution Raphael Geissert (Jan 06)
CVE request? buffer overflow in socket.recvfrom_into Raphael Geissert (Feb 07)
Re: Request regarding posts to the lists Raphael Geissert (Feb 21)
Re: Two stack-based issues in freetype [NOT a request] Raphael Geissert (Mar 12)
CVE for freerdp int overflow? Raphael Geissert (Jan 02)
Re: CVE request: temporary file issue in Passenger rubygem Raphael Geissert (Jan 29)

Ratul Gupta

CVE Request: graphviz: stack-based buffer overflow in yyerror() Ratul Gupta (Jan 06)
CVE Request: python-jinja2: arbitrary code execution vulnerability Ratul Gupta (Jan 10)
CVE Request: drupal: multiple vulnerabilities corrected in 6.30 and 7.26 (SA-CORE-2014-001) Ratul Gupta (Jan 16)
CVE Request: drupal7-entity: multiple access bypass vulnerabilities Ratul Gupta (Jan 08)

Reed Loden

Re: CVE-2013-6488: Jenkins fails to sanitize input before adding it to the page Reed Loden (Jan 16)

Remi Collet

Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Remi Collet (Mar 06)

rf

Re: linux-distros membership rf (Jan 22)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
Re: linux-distros membership rf (Jan 24)
Re: linux-distros membership rf (Jan 16)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
Re: linux-distros membership rf (Jan 31)
Re: linux-distros membership rf (Jan 23)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
linux-distros membership rf (Jan 14)
Re: linux-distros membership rf (Jan 20)
Re: linux-distros membership rf (Feb 01)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
Re: linux-distros membership rf (Jan 24)

Robert Scheck

CVE-2014-0079: Unauthenticated remote denial of service flaw in Zarafa Robert Scheck (Feb 12)

Russ Allbery

Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Russ Allbery (Jan 08)
Re: Cookie Reuse Russ Allbery (Mar 12)

Sabrina Dubroca

CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding Sabrina Dubroca (Mar 07)

Salva Peiró

CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() Salva Peiró (Mar 05)
CVE request: assorted kernel infoleak security fixes Salva Peiró (Jan 14)

Salvatore Bonaccorso

CVE Request: Capture::Tiny: insecure use of /tmp Salvatore Bonaccorso (Feb 06)
CVE request: spip: cross-site scripting vulnerability Salvatore Bonaccorso (Jan 20)
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 05)
Re: CVE assignment for jinja2 Salvatore Bonaccorso (Jan 11)
CVE Request: otrs: CSRF issue in customer web interface Salvatore Bonaccorso (Jan 29)
(possible) CVE request: suPHP 0.7.2 release fixed a possible arbitrary code execution Salvatore Bonaccorso (Jan 28)
CVE Request: cross-site scripting vulnerabilities in movable type 6.0.1, 5.2.9, and 5.161 Salvatore Bonaccorso (Jan 05)
CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 03)
Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14) Salvatore Bonaccorso (Feb 16)

Seba

CVE Request: Erlang OTP - ftp module - FTP Command Injection Seba (Jan 28)

Sebastian Harl

Re: collectd security contact Sebastian Harl (Jan 30)

Sebastian Krahmer

Re: Re: CVE Request: graphviz: stack-based buffer overflow in yyerror() Sebastian Krahmer (Jan 08)
Re: KAuth security issues Sebastian Krahmer (Mar 26)
Re: pam_timestamp internals Sebastian Krahmer (Mar 31)
Re: KAuth security issues Sebastian Krahmer (Mar 26)
KAuth security issues Sebastian Krahmer (Mar 24)
pam_timestamp internals Sebastian Krahmer (Mar 24)
Re: pam_timestamp internals Sebastian Krahmer (Mar 31)

security curmudgeon

Request regarding posts to the lists security curmudgeon (Feb 20)
Re: CVE Request: Apache Archiva Remote Command Execution 0day security curmudgeon (Jan 14)

Sergey Popov

CVE request: Cantata vulnerability Sergey Popov (Jan 20)

Seth Arnold

Re: CVE Request: Juju phpmyadmin charm Seth Arnold (Jan 29)
CVE Request: thermald Seth Arnold (Mar 07)
CVE Request: Juju phpmyadmin charm Seth Arnold (Jan 29)

Shay Chen

[Benchmark 2014] WAVSEP Vulnerability Scanner Benchmark 2013/2014 Shay Chen (Feb 12)

Simon .

radare2 endless loop Simon . (Jan 02)

Simon McVittie

Re: Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Simon McVittie (Feb 28)
Re: Re: CVE request: python-gnupg before 0.3.5 shell injection Simon McVittie (Feb 10)
Re: kwallet crypto misuse Simon McVittie (Jan 03)

Simon Ward

Re: Re: FD mailing list died. Time for new one (or something better!) Simon Ward (Mar 20)

Solar Designer

Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 30)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
Re: linux-distros membership Solar Designer (Jan 31)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 01)
Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Solar Designer (Jan 07)
Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer (Mar 04)
Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 19)
Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 29)
Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 19)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
Re: Bug#738855: initscripts: Skip killing root-owned process starting with @ Solar Designer (Feb 15)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
Re: IMAP STARTTLS sniff tool Solar Designer (Mar 07)
Linux kernel: fs: fix get_dumpable() incorrect tests (CVE-2013-2929) Solar Designer (Jan 30)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 30)
Re: Adventure with Stack Smashing Protector (SSP) Solar Designer (Mar 28)
Re: linux-distros membership Solar Designer (Jan 21)
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer (Mar 07)
Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer (Feb 15)
Re: Re: FD mailing list died. Time for new one (or something better!) Solar Designer (Mar 20)
Re: linux-distros membership Solar Designer (Jan 31)
MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now) Solar Designer (Jan 06)
Re: Request regarding posts to the lists Solar Designer (Feb 20)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Feb 02)
Re: Fw: Re: IMAP STARTTLS sniff tool Solar Designer (Mar 12)
responsible use of distros and linux-distros lists (was: Linux kernel: fs: fix get_dumpable() incorrect tests (CVE-2013-2929)) Solar Designer (Jan 30)
Re: CVE request for a bug in gnu coreutils 8.22 Solar Designer (Mar 19)
Re: [OT] FD mailing list died. Time for new one Solar Designer (Mar 19)

Stefan Bühler

lighttpd 1.4.34 SQL injection and path traversal CVE request Stefan Bühler (Mar 12)

Stefan Hajnoczi

QEMU image format input validation fixes (multiple CVEs) Stefan Hajnoczi (Mar 26)

Steve Kemp

Re: Re: CVE-Request - pen issues Steve Kemp (Mar 13)
Insecure usage of temporary files in GNU Readline Steve Kemp (Mar 14)
CVE-Request - pen issues Steve Kemp (Mar 12)

Steve Kenworthy

Re: CVE request: Fat Free CRM multiple vulnerabilities Steve Kenworthy (Jan 01)

Steven M. Christey

JBoss EJBInvokerServlet/JMXInvokerServlet confusion Steven M. Christey (Mar 28)
Re: Duplicated CVE assignment for bip Steven M. Christey (Jan 02)

Stuart Henderson

Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Stuart Henderson (Mar 13)
Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson (Feb 16)
Re: Vendor adoption of PIE INFO#934476 oss-security Stuart Henderson (Feb 16)

Thierry Carrez

[OSSA 2014-002] Swift TempURL timing attack (CVE-2014-0006) Thierry Carrez (Jan 17)
[OSSA 2014-001] Nova live snapshots use an insecure local directory (CVE-2013-7048) Thierry Carrez (Jan 13)

Thijs Kinkhorst

CVE request: postfixadmin SQL injection vulnerability Thijs Kinkhorst (Mar 26)
CVE request: openssh client does not check SSHFP if server offers certificate Thijs Kinkhorst (Mar 26)

Thomas Williams

Cookie Reuse Thomas Williams (Mar 12)

Tim

Re: CVEs, Crypto and "vulnerabilities" Tim (Mar 31)

Tim Brown

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones Tim Brown (Mar 03)

Todd C. Miller

sudo: security policy bypass when env_reset is disabled Todd C. Miller (Mar 05)

Tomas Hoger

Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger (Feb 27)
GnuTLS GNUTLS-SA-2014-2 Tomas Hoger (Mar 03)
Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x) Tomas Hoger (Feb 25)
TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue Tomas Hoger (Mar 19)
Re: CVE requests: Pacemaker, Python Imaging Library, eyeD3, 9base, rc, Gamera, RPLY - insecure use of /tmp Tomas Hoger (Feb 27)
IcedTea-Web insecure temporary directory use - CVE-2013-6493 Tomas Hoger (Feb 07)
Re: Re: CVE request: temporary file issue in Passenger rubygem Tomas Hoger (Feb 03)
CVE request: askbot xss Tomas Hoger (Feb 27)

Tom Dale

[CVE-2014-0046] XSS Vulnerability With {{link-to}} Helper in Non-block Form Tom Dale (Feb 14)

Tristan Cacqueray

[OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) Tristan Cacqueray (Mar 27)
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Feb 28)
[OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396) Tristan Cacqueray (Feb 17)
[OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105) Tristan Cacqueray (Mar 27)
[OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237) Tristan Cacqueray (Mar 04)

Victor Stinner

Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python Victor Stinner (Mar 29)

Vinay Sajip

Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)
Re: CVE request: python-gnupg before 0.3.5 shell injection Vinay Sajip (Feb 05)

Vincent Danen

CVE request: claws-mail vcalendar plugin stores user/password in cleartext Vincent Danen (Mar 10)
CVE-2014-0022 insecure install of rpm packages via yum cron Vincent Danen (Jan 23)
Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
CVE-2014-0021: chrony traffic amplification in cmdmon protocol Vincent Danen (Jan 17)
CVE request for CGI::Application information disclosure flaw Vincent Danen (Feb 19)
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release Vincent Danen (Feb 28)
Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
Re: CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) Vincent Danen (Feb 04)
Re: CVE assignment for jinja2 Vincent Danen (Jan 11)
CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python Vincent Danen (Mar 28)
Re: CVE-2014-0021: chrony traffic amplification in cmdmon protocol Vincent Danen (Jan 17)
CVE request: temporary file issue in Passenger rubygem Vincent Danen (Jan 28)
CVE request for catfish program Vincent Danen (Feb 24)
Re: CVE request for catfish program Vincent Danen (Feb 25)
CVE request and heads-up on insecure temp file handling in unpack200 (OpenJDK, Oracle Java) Vincent Danen (Feb 03)
Re: CVE request for catfish program Vincent Danen (Feb 25)
CVE request: temp file issues in python's logilab-common module Vincent Danen (Jan 31)

Xen . org security team

Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible Xen . org security team (Mar 25)
Xen Security Advisory 60 (CVE-2013-2212) - Excessive time to disable caching with HVM guests with PCI passthrough Xen . org security team (Feb 19)
Xen Security Advisory 85 - Off-by-one error in FLASK_AVC_CACHESTAT hypercall Xen . org security team (Feb 06)
Xen Security Advisory 87 - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests Xen . org security team (Jan 24)
Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host hang Xen . org security team (Feb 19)
Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet Xen . org security team (Mar 24)
Xen Security Advisory 88 - use-after-free in xc_cpupool_getinfo() under memory pressure Xen . org security team (Feb 12)
Xen Security Advisory 85 (CVE-2014-1895) - Off-by-one error in FLASK_AVC_CACHESTAT hypercall Xen . org security team (Feb 10)
Xen Security Advisory 83 - Out-of-memory condition yielding memory corruption during IRQ setup Xen . org security team (Jan 23)
Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Xen . org security team (Feb 06)
Xen Security Advisory 84 (CVE-2014-1891,CVE-2014-1892,CVE-2014-1893,CVE-2014-1894) - integer overflow in several XSM/Flask hypercalls Xen . org security team (Feb 10)
Xen Security Advisory 86 (CVE-2014-1896) - libvchan failure handling malicious ring indexes Xen . org security team (Feb 10)
Xen Security Advisory 87 (CVE-2014-1666) - PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests Xen . org security team (Jan 24)
Xen Security Advisory 83 (CVE-2014-1642) - Out-of-memory condition yielding memory corruption during IRQ setup Xen . org security team (Jan 23)
Xen Security Advisory 86 - libvchan failure handling malicious ring indexes Xen . org security team (Feb 06)
Xen Security Advisory 88 (CVE-2014-1950) - use-after-free in xc_cpupool_getinfo() under memory pressure Xen . org security team (Feb 12)

Yves-Alexis Perez

Re: linux-distros membership Yves-Alexis Perez (Jan 16)
Re: IMAP STARTTLS sniff tool Yves-Alexis Perez (Mar 13)
Re: Re: linux-distros membership Yves-Alexis Perez (Jan 16)
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez (Jan 07)
Re: CVE request: lightdm-gtk-greeter - local DOS due to NULL pointer dereference Yves-Alexis Perez (Jan 07)
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)

Źmicier Januszkiewicz

Re: Re: Xen Security Advisory 84 - integer overflow in several XSM/Flask hypercalls Źmicier Januszkiewicz (Feb 07)

Previous period

Next period