oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

886 messages starting Aug 21 14 and ending Sep 30 14
Date index | Thread index | Author index

Aaron Toponce

Re: SaltStack 2014.1.10 released Aaron Toponce (Aug 21)

Adan Alvarez

Re: Duplicated CVE - Cacti XSS Adan Alvarez (Jul 24)
Duplicated CVE - Cacti XSS Adan Alvarez (Jul 24)

advisories

LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow advisories (Sep 25)

Alan Coopersmith

Confusion around gksu & CVE-2014-2943 Alan Coopersmith (Sep 08)

Alan J. Wylie

Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)

Alberto Simoes

Re: CVE Request: XML-DT: Insecure use of temporary files Alberto Simoes (Aug 15)

Alexander E. Patrakov

Re: CVE-2014-6271: remote code execution through bash Alexander E. Patrakov (Sep 24)

Alexandre Dulaunoy

Re: CVE-2014-6271: remote code execution through bash Alexandre Dulaunoy (Sep 25)

Alex Gaynor

Twisted Security Issue Alex Gaynor (Sep 17)

Amos Jeffries

Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries (Sep 16)

Andrea Barisani

[oCERT-2014-007] libvncserver multiple issues Andrea Barisani (Sep 25)
[oCERT-2014-004] Ansible input sanitization errors Andrea Barisani (Jul 21)
[oCERT-2014-006] Ganeti insecure archive permission Andrea Barisani (Aug 12)

André Arko

[CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected André Arko (Sep 24)

Andrew Nacin

Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 06)
Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin (Aug 13)

Andy Lutomirski

Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 08)
CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 04)
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 13)
Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 24)
Re: Linux peer_cred Mischmasch Andy Lutomirski (Jul 22)
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski (Aug 12)
Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski (Jul 08)

Ángel González

Re: Re: Non-upstream patches for bash Ángel González (Sep 26)
Re: Non-upstream patches for bash Ángel González (Sep 26)

Anthony Liguori

Re: CVE-2014-6271: remote code execution through bash Anthony Liguori (Sep 24)

Arun Babu Neelicattu

Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu (Sep 16)
CVE Request: Multiple issues in com.ning:async-http-client Arun Babu Neelicattu (Aug 20)

Ben Hawkes

Re: Multiple Linux USB driver CVE assignment Ben Hawkes (Sep 11)
Multiple Linux USB driver CVE assignment Ben Hawkes (Sep 11)

Benjamin Harris

XRMS SQLi to RCE 0day Benjamin Harris (Aug 27)
PHP-Wiki Command Injection Benjamin Harris (Aug 27)

Ben Reser

Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 01)
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 04)
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser (Aug 05)

Bernhard Hermann

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bernhard Hermann (Sep 26)
Re: Fwd: Non-upstream patches for bash Bernhard Hermann (Sep 29)

Brian Harring

Re: Re: Ansible CVE requests Brian Harring (Jul 02)

Bryan Drewery

Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 26)
Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery (Sep 28)

Chet Ramey

Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 26)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: Array importing in bash 4.3 Chet Ramey (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
Re: Fwd: Non-upstream patches for bash Chet Ramey (Sep 29)
Re: Healing the bash fork Chet Ramey (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)

Chris Steipp

Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Chris Steipp (Jul 31)
Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Chris Steipp (Sep 26)

Christey, Steven M.

RE: heap overflow in procmail Christey, Steven M. (Sep 03)
CVE ID Syntax Change - Deadline Approaching Christey, Steven M. (Sep 17)

Christian Hammond

CVE requests for Review Board Christian Hammond (Jul 21)
Re: CVE requests for Review Board Christian Hammond (Jul 22)

Christos Zoulas

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 27)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 26)
Re: CVE-2014-6271: remote code execution through bash Christos Zoulas (Sep 25)

coderman

Re: Python robotframework - tmp vuln coderman (Sep 07)
Strong Security Processes Require Strong Privacy Protections coderman (Jul 18)

Colin Watson

CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file Colin Watson (Sep 27)

C. R. Oldham

Revised: Salt 2014.1.10 released C. R. Oldham (Aug 21)
SaltStack 2014.1.10 released C. R. Oldham (Aug 21)

cve-assign

Re: CVE's for intersection vulnerabilities cve-assign (Jul 18)
Re: CVE request for vulnerability in OpenStack keystonemiddleware cve-assign (Sep 21)
Re: [CVE Requests] rsync and librsync collisions cve-assign (Sep 12)
Re: CVE request: WordPress plugin wp-source-control remote path traversal file access cve-assign (Aug 20)
Re: ioflo tmp vuln cve-assign (Sep 11)
Re: CVE request: kernel: vfs: refcount issues during unmount on symlink cve-assign (Jul 23)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 17)
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 18)
Re: CVE request: libgcrypt, ELGAMAL side-channel attack cve-assign (Aug 15)
Re: Twisted Security Issue cve-assign (Sep 21)
Re: Python robotframework - tmp vuln cve-assign (Sep 08)
Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 cve-assign (Jul 22)
Re: CVE Request: ro bind mount bypass using user namespaces cve-assign (Aug 12)
Re: CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs cve-assign (Sep 15)
Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 12)
Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove cve-assign (Sep 29)
Re: vos tmp vuln cve-assign (Sep 11)
Re: Xen Security Advisory 105 - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation cve-assign (Sep 23)
Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 12)
Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 11)
Re: [CVE request] Array allocation fixes in libgfortran cve-assign (Jul 23)
Re: CVE Request: dhcpcd DoS attack cve-assign (Sep 01)
Re: CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure cve-assign (Aug 15)
Re: Xen Security Advisory 107 - Mishandling of uninitialised FIFO-based event channel control blocks cve-assign (Sep 09)
Re: CVE requests for Review Board cve-assign (Jul 22)
Re: CVE request: xcfa: Insecure use of temporary files, subject to race conditions cve-assign (Aug 15)
Re: CVE request: WordPress plugin wysija-newsletters remote file upload cve-assign (Jul 08)
Re: CVE request: /tmp file vulnerability in ace cve-assign (Sep 12)
Re: CVE Request: XML-DT: Insecure use of temporary files cve-assign (Aug 15)
Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event cve-assign (Aug 15)
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign (Jul 15)
Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion cve-assign (Jul 31)
Re: Xen Security Advisory 106 - Missing privilege level checks in x86 emulation of software interrupts cve-assign (Sep 23)
Re: Fwd: Non-upstream patches for bash cve-assign (Sep 29)
Re: CVE Request: haproxy read out of bounds cve-assign (Sep 09)
Re: [oCERT-2014-006] Ganeti insecure archive permission cve-assign (Aug 14)
Re: CVE Request: tboot failing to measure commandline parameters cve-assign (Jul 30)
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 30)
Re: Full disclosure: denial of service in srvx cve-assign (Aug 29)
Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 15)
Re: CVE-Request: squid snmp off-by-one cve-assign (Sep 09)
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE cve-assign (Jul 06)
CVE-2014-4715 for LZ4 issue 134 cve-assign (Jul 02)
Re: CVE-2014-6271: remote code execution through bash cve-assign (Sep 24)
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign (Aug 26)
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign (Jul 06)
Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 cve-assign (Aug 14)
Re: CVE assignment for c-icap Server cve-assign (Sep 15)
Re: WordPress 3.9.2 release - needs CVE's cve-assign (Aug 13)
Re: headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools cve-assign (Sep 09)
Re: CVE request: cacti XSS cve-assign (Jul 22)
Re: CVE request: glibc character set conversion from IBM code pages cve-assign (Sep 01)
Re: TYPO3 extensions cve-assign (Sep 11)
Re: Fwd: Non-upstream patches for bash cve-assign (Sep 25)
Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Sep 15)
Re: Pylint checks not as static as one would think cve-assign (Sep 29)
Re: CVE id request: cacti remote code execution and SQL injection cve-assign (Aug 16)
Re: CVE request: QNAP QTS cve-assign (Sep 29)
Re: CVE request: php-pear, pear's insecure /tmp/ use for cache data cve-assign (Aug 26)
Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Aug 14)
Re: CVE request for Drupal core, and contributed modules cve-assign (Aug 16)
Re: CVE request for Drupal contributed modules cve-assign (Jul 30)
Re: CVE Request: Go crypto/tls vulnerability cve-assign (Sep 26)
Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) cve-assign (Aug 12)
Re: CVE request for select() buffer overrun in CHICKEN Scheme on the Android platform cve-assign (Sep 11)
Re: X.Org intel driver dev snapshots, backlight helper issue cve-assign (Jul 11)
Re: Moodle security notifications public cve-assign (Jul 20)
Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash cve-assign (Sep 15)
Re: CVE request Qemu: out of bounds memory access cve-assign (Aug 22)
Re: GLPI: unprivileged users can access cost information cve-assign (Jul 22)
Re: CVE request: /tmp file vulnerability in ace cve-assign (Sep 11)
Re: FreeNAS default blank password cve-assign (Aug 19)
Re: CVE request: TYPO3-EXT-SA-2014-012 cve-assign (Sep 26)
Re: CVE request: Multiple incorrect default permissions in Zarafa cve-assign (Aug 25)
Re: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file cve-assign (Sep 29)
Re: CVE request: zeromq cve-assign (Sep 26)
Re: CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files cve-assign (Aug 29)
Re: CVE request for accountsservice local encrypted password disclosure flaw cve-assign (Aug 16)
Re: CVE Request: Multiple issues in com.ning:async-http-client cve-assign (Aug 25)
Re: Varnish - no CVE == bug regression cve-assign (Jul 08)
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign (Aug 25)
Re: Duplicated CVE - Cacti XSS cve-assign (Jul 24)
Re: CVE Request: Linux Kernel unbound recursion in ISOFS cve-assign (Aug 26)
Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 11)
Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign (Sep 12)
Re: CVE Request: bozohttpd: basic http authentication bypass cve-assign (Jul 18)
Re: PHP-Wiki Command Injection cve-assign (Aug 29)
Re: XRMS SQLi to RCE 0day cve-assign (Aug 29)
Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign (Jul 25)
Re: CVE request for vulnerability in OpenStack Glance cve-assign (Aug 19)
Re: CVE request: WordPress plugin vitamin traversal arbitrary file access cve-assign (Jul 28)
Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.) cve-assign (Jul 17)
Re: CVE request: V8 Memory Corruption and Stack Overflow - Node.js cve-assign (Sep 04)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 15)
Re: Moodle security notifications public cve-assign (Jul 21)
Re: CVE Request: libceph auth token overflow / Linux kernel cve-assign (Sep 15)
Re: Ansible CVE requests cve-assign (Jul 02)
Re: Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram cve-assign (Sep 23)
Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) cve-assign (Sep 02)
Re: CVE request: FFmpeg issues cve-assign (Aug 16)
Re: CVE-Request: squid pinger remote DoS cve-assign (Sep 21)
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)
Re: CVE Request for Drupal Core cve-assign (Jul 23)
Re: CVE request: TYPO3-EXT-SA-2014-10 cve-assign (Sep 04)
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon / Linux kernel cve-assign (Sep 21)
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE cve-assign (Jul 07)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign (Jul 14)
Re: CVE request / advisory: Monkey web server <= v1.5.2 cve-assign (Aug 19)
Re: Enigmail warning cve-assign (Aug 21)
Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 11)
Re: Zend Framework CVEs cve-assign (Jul 11)
Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
Re: CVE request: various NodeJS module vulnerabilities cve-assign (Sep 29)
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign (Jul 18)
Re: CVE request: XSS in PNP4Nagios cve-assign (Jul 16)
CVE-2014-5117 - Tor before 0.2.4.23 RELAY_EARLY issue cve-assign (Jul 30)
Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign (Jul 15)
Re: Python robotframework - tmp vuln cve-assign (Sep 08)
Re: Confusion around gksu & CVE-2014-2943 cve-assign (Sep 17)
Re: CVE Request: Python 2.7 cve-assign (Sep 25)
Re: CVE request: rawstudio: Insecure use of temporary file cve-assign (Jul 16)
Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs cve-assign (Sep 26)
Re: CVE-Request: KAuth authentication bypass cve-assign (Jul 22)
Re: heap overflow in procmail cve-assign (Sep 03)
Re: Good news and bad news on Python sockets and pickle cve-assign (Jul 19)
Re: CVE request: transmission peer communication vulnerability cve-assign (Jul 11)

Damien Regad

CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 12)
Re: CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad (Sep 13)

Dan Carpenter

BadUSB discussion Dan Carpenter (Aug 08)

Daniel Borkmann

Re: Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference Daniel Borkmann (Jul 26)

Daniel Calvo Castro

Re: test script for various bash vulns Daniel Calvo Castro (Sep 29)

Daniele Bianco

[oCERT-2014-005] LPAR2RRD input sanitization errors Daniele Bianco (Jul 23)

Daniel Kahn Gillmor

Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor (Sep 29)
Re: BadUSB discussion Daniel Kahn Gillmor (Aug 08)
Re: gpg blindly imports keys from keyserver responses Daniel Kahn Gillmor (Sep 01)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor (Jul 10)

David Adam

Security release of fish shell 2.1.1 David Adam (Sep 28)

David A. Wheeler

Re: Healing the bash fork David A. Wheeler (Sep 29)
Re: CVE-2014-6271: remote code execution through bash David A. Wheeler (Sep 26)
Re: Healing the bash fork David A. Wheeler (Sep 30)

David Jorm

Re: pinocchio tmp vuln David Jorm (Sep 08)
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE David Jorm (Jul 06)
CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack David Jorm (Aug 19)

Dean Pierce

Re: BadUSB discussion Dean Pierce (Aug 08)

devzero2000

Re: FreeNAS default blank password devzero2000 (Aug 17)

Dirk-Willem van Gulik

CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik (Aug 18)

Dolev Farhi

Re: CVE's for intersection vulnerabilities Dolev Farhi (Jul 20)
Re[2]: FreeNAS default blank password Dolev Farhi (Aug 17)
Re: CVE's for intersection vulnerabilities Dolev Farhi (Jul 19)

Don A. Bailey

LMS-2014-07-09-1: lz4-ruby Memory Corruption Don A. Bailey (Jul 09)
Re: LMS-2014-06-16-2: Linux Kernel LZO Don A. Bailey (Jul 05)
LMS-2014-07-10-1 - CloudFlare GoLang LZ4 Memory Corruption Don A. Bailey (Jul 12)
Re: LMS-2014-07-07-1: python-lz4 Don A. Bailey (Jul 07)
Re: LMS-2014-06-16-3: Libav LZO Don A. Bailey (Jul 22)
LMS-2014-07-07-1: python-lz4 Don A. Bailey (Jul 07)

Donald Stufft

Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 03)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 02)
Re: pinocchio tmp vuln Donald Stufft (Sep 11)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft (Aug 03)

Dustin Kirkland

Re: ecryptfs-setup-private nitpick Dustin Kirkland (Jul 23)

Dwayne Litzenberger

Re: CVE-2014-6271: remote code execution through bash Dwayne Litzenberger (Sep 26)

Eddie Chapman

Re: BadUSB discussion Eddie Chapman (Aug 08)
Re: BadUSB discussion Eddie Chapman (Aug 08)
Re: BadUSB discussion Eddie Chapman (Aug 08)
Re: BadUSB discussion Eddie Chapman (Aug 08)

Ed Prevost

Re: Healing the bash fork Ed Prevost (Sep 30)
Re: Fwd: Non-upstream patches for bash Ed Prevost (Sep 29)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost (Sep 29)
Re: Healing the bash fork Ed Prevost (Sep 30)

Eric Blake

Re: Healing the bash fork Eric Blake (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 28)

Florian Weimer

Re: Array importing in bash 4.3 Florian Weimer (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
Re: Ansible CVE requests Florian Weimer (Jul 02)
Re: CVE Request: static IV used in Percona XtraBackup Florian Weimer (Sep 11)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Florian Weimer (Sep 26)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
Re: Healing the bash fork Florian Weimer (Sep 30)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
Re: BadUSB discussion Florian Weimer (Aug 08)
Re: GnuPG computation error checks Florian Weimer (Jul 10)
CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)
Re: CVE Request: dhcpcd DoS attack Florian Weimer (Sep 01)
CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
CVE-2014-0485: unsafe Python pickle in s3ql Florian Weimer (Aug 27)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 25)
Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Florian Weimer (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
Re: Re: glibc locale issues Florian Weimer (Jul 21)
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Florian Weimer (Aug 26)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
Re: Re: [CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 31)
[CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Florian Weimer (Jul 29)
CVE request: glibc character set conversion from IBM code pages Florian Weimer (Aug 29)
[CVE request] Array allocation fixes in libgfortran Florian Weimer (Jul 23)
Re: Linux peer_cred Mischmasch Florian Weimer (Jul 22)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
Re: CVE request: possible overflow in vararg functions Florian Weimer (Aug 21)
Healing the bash fork (was: Re: [oss-security] CVE-2014-6271: remote code execution through bash) Florian Weimer (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)

Forest Monsen

CVE request for Drupal contributed modules Forest Monsen (Jul 30)
CVE request for Drupal core, and contributed modules Forest Monsen (Aug 06)
Re: CVE Request for Drupal Core Forest Monsen (Jul 23)

Francesco Chicchiriccò

[SECURITY] CVE-2014-3503 Apache Syncope Francesco Chicchiriccò (Jul 07)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-14:17.kmem FreeBSD Security Advisories (Jul 08)

(GalaxyMaster)

Re: BadUSB discussion (GalaxyMaster) (Aug 08)
Re: BadUSB discussion (GalaxyMaster) (Aug 08)

Garth Mollett

CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett (Jul 09)
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett (Jul 16)

Gennady Kupava

Fwd: CVE-2014-6271: remote code execution through bash Gennady Kupava (Sep 26)
Re: Healing the bash fork Gennady Kupava (Sep 30)

Giles Coochey

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)

Grant Murphy

CVE request for vulnerability in OpenStack keystonemiddleware Grant Murphy (Sep 17)
[OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517) Grant Murphy (Jul 17)
[OSSA 2014-031] Admin-only network attributes may be reset to defaults by non-privileged users (CVE-2014-6414) Grant Murphy (Sep 29)
[OSSA 2014-030] TLS cert verification option not honoured in paste configs (CVE-2014-7144) Grant Murphy (Sep 25)
CVE request for vulnerability in OpenStack Neutron Grant Murphy (Sep 15)

Greg KH

Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)
Re: BadUSB discussion Greg KH (Aug 08)

gremlin

Re: BadUSB discussion gremlin (Aug 08)
Re: BadUSB discussion gremlin (Aug 08)
Re: BadUSB discussion gremlin (Aug 08)
Re: BadUSB discussion gremlin (Aug 08)
Re: BadUSB discussion gremlin (Aug 08)
Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 05)
Re: Healing the bash fork gremlin (Sep 30)
Re: Healing the bash fork gremlin (Sep 29)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 03)
Re: Good news and bad news on Python sockets and pickle gremlin (Jul 18)
Re: BadUSB discussion gremlin (Aug 08)
Re: SaltStack 2014.1.10 released gremlin (Aug 21)
Re: SaltStack 2014.1.10 released gremlin (Aug 21)
Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 02)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin (Aug 02)

Guido Berhoerster

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Guido Berhoerster (Sep 26)

Guilherme Andrade

Re: Enigmail warning Guilherme Andrade (Aug 20)

Hanno Böck

test script for various bash vulns Hanno Böck (Sep 27)
Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
Re: nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 25)
Re: Fwd: Non-upstream patches for bash Hanno Böck (Sep 26)
nss RSA forgery (CVE-2014-1568) Hanno Böck (Sep 24)
Re: Open Source only? Hanno Böck (Aug 27)
Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Hanno Böck (Sep 26)
CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Hanno Böck (Jul 24)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Hanno Böck (Sep 26)
Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 27)
Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
CVE request: libressl before 2.0.2 under linux PRNG failure Hanno Böck (Jul 16)

Helmut Grohne

Re: CVE request: /tmp file vulnerability in ace Helmut Grohne (Sep 12)
CVE request: /tmp file vulnerability in ace Helmut Grohne (Sep 07)

Henri Salo

CVE-2014-3120 ElasticSearch Henri Salo (Jul 30)
CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Henri Salo (Jul 30)
Re: CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Henri Salo (Jul 24)
CVE request: TYPO3-EXT-SA-2014-10 Henri Salo (Sep 03)
Re: Enigmail warning Henri Salo (Aug 17)
Re: pinocchio tmp vuln Henri Salo (Sep 09)
CVE request: WordPress plugin wysija-newsletters remote file upload Henri Salo (Jul 02)
Re: CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Henri Salo (Jul 03)
CVE request: TYPO3-EXT-SA-2014-012 Henri Salo (Sep 26)
CVE request: WordPress plugin vitamin traversal arbitrary file access Henri Salo (Jul 24)
CVE request: TYPO3-EXT-SA-2014-001 Henri Salo (Sep 05)
Re: CVE-2014-6271: remote code execution through bash Henri Salo (Sep 24)
CVE request: TYPO3-EXT-SA-2014-005 Henri Salo (Sep 05)
CVE request: TYPO3-EXT-SA-2014-006 Henri Salo (Sep 04)
Enigmail warning Henri Salo (Aug 17)
CVE request: TYPO3-EXT-SA-2013-014 Henri Salo (Sep 05)
CVE request: TYPO3-EXT-SA-2014-002 Henri Salo (Sep 05)
CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability Henri Salo (Aug 24)
CVE request: WordPress plugin wp-source-control remote path traversal file access Henri Salo (Aug 19)
Re: CVE Request: MySQL: MyISAM temporary file issue Henri Salo (Sep 16)
CVE request: TYPO3-EXT-SA-2014-003 Henri Salo (Sep 05)

Huzaifa Sidhpurwala

Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 24)
Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala (Sep 25)
Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala (Sep 25)

intrigeri

Re: CVE's for intersection vulnerabilities intrigeri (Jul 19)

Jack Frosch

Re: heap overflow in procmail Jack Frosch (Sep 05)

Jacopo Cappellato

[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato (Aug 19)

Jakub Wilk

Re: Fwd: Non-upstream patches for bash Jakub Wilk (Sep 29)
python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect Jakub Wilk (Sep 19)
Pylint checks not as static as one would think Jakub Wilk (Sep 29)

Jason Cooper

Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Jason Cooper (Sep 25)

Jeremy Stanley

Re: Fwd: ezmlm warning Jeremy Stanley (Aug 31)

Jerome Athias

Re: Enigmail warning Jerome Athias (Aug 18)

Joe MacDonald

Re: Open Source only? Joe MacDonald (Sep 03)

John Haxby

Re: CVE-2014-6271: remote code execution through bash John Haxby (Sep 25)
Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) John Haxby (Aug 14)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) John Haxby (Sep 26)
Re: Healing the bash fork John Haxby (Sep 30)
Re: pinocchio tmp vuln John Haxby (Sep 11)
Re: CVE-2014-6271: remote code execution through bash John Haxby (Sep 25)
Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby (Sep 11)
Re: Healing the bash fork John Haxby (Sep 29)
Re: pinocchio tmp vuln John Haxby (Sep 09)
Re: Re: Non-upstream patches for bash John Haxby (Sep 26)
Re: BadUSB discussion John Haxby (Aug 08)

John Johansen

Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)
Re: CVE-2014-4699: Linux ptrace bug John Johansen (Jul 06)

Jorge Manuel B. S. Vicetto

Fwd: ezmlm warning Jorge Manuel B. S. Vicetto (Aug 30)
CVE Request for Drupal Core Jorge Manuel B. S. Vicetto (Jul 21)

Kees Cook

CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets Kees Cook (Jul 16)

ken

Re: FYI, change to Secunia vuln db EULA ken (Aug 23)
FYI, change to Secunia vuln db EULA ken (Aug 22)

Ken Lee

CVE request: QNAP QTS Ken Lee (Sep 28)

Kenton Varda

Re: CVE Request: ro bind mount bypass using user namespaces Kenton Varda (Aug 13)
CVE Request: ro bind mount bypass using user namespaces Kenton Varda (Aug 12)

Kobrin, Eric

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric (Sep 29)
Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric (Sep 29)
Re: Array importing in bash 4.3 Kobrin, Eric (Sep 29)
Re: Healing the bash fork Kobrin, Eric (Sep 29)
Re: Healing the bash fork Kobrin, Eric (Sep 29)
Re: Healing the bash fork Kobrin, Eric (Sep 29)
Re: Healing the bash fork Kobrin, Eric (Sep 30)
Re: Healing the bash fork Kobrin, Eric (Sep 30)

Kristian Fiskerstrand

Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand (Sep 01)
CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 01)
Re: CVE assignment for c-icap Server Kristian Fiskerstrand (Sep 14)
Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand (Sep 01)
Re: SaltStack 2014.1.10 released Kristian Fiskerstrand (Aug 21)
Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand (Sep 01)

Kurt Seifried

Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 11)
Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Kurt Seifried (Aug 18)
Re: FreeNAS default blank password Kurt Seifried (Aug 16)
pinocchio tmp vuln Kurt Seifried (Sep 08)
Good news and bad news on Python sockets and pickle Kurt Seifried (Jul 18)
Re: pinocchio tmp vuln Kurt Seifried (Sep 09)
Re: Python robotframework - tmp vuln Kurt Seifried (Sep 08)
FreeNAS default blank password Kurt Seifried (Aug 16)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Kurt Seifried (Jul 14)
vos tmp vuln Kurt Seifried (Sep 08)
Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
Re: Subscribtion request to linux-distros Kurt Seifried (Sep 02)
Re: heap overflow in procmail Kurt Seifried (Sep 04)
Python robotframework - tmp vuln Kurt Seifried (Sep 07)
Re: CVE's for intersection vulnerabilities Kurt Seifried (Jul 20)
Summer bug cleaning - some Hash DoS stuff Kurt Seifried (Jul 08)
Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried (Sep 26)
WordPress 3.9.2 release - needs CVE's Kurt Seifried (Aug 06)
Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
pscripts tmp vuln leading to possible code exec Kurt Seifried (Sep 11)
CVE's for intersection vulnerabilities Kurt Seifried (Jul 18)
CVE-2014-0235 cleanup Kurt Seifried (Jul 03)
Re: heap overflow in procmail Kurt Seifried (Sep 04)
luigi tmp vuln Kurt Seifried (Sep 08)
Re: Python robotframework - tmp vuln Kurt Seifried (Sep 07)
ioflo tmp vuln Kurt Seifried (Sep 08)
headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools Kurt Seifried (Sep 08)
Summer bug cleaning - rpcbind -h option Kurt Seifried (Jul 08)
SaltStack - how to report security flaw? Kurt Seifried (Jul 03)
Re: FreeNAS default blank password Kurt Seifried (Aug 17)
Re: Open Source only? Kurt Seifried (Aug 27)
Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
Re: SaltStack 2014.1.10 released Kurt Seifried (Aug 21)
Re: CVE-2014-0235 cleanup Kurt Seifried (Jul 03)
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Kurt Seifried (Aug 02)
Re: CVE request for vulnerability in OpenStack Keystone Kurt Seifried (Aug 14)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried (Sep 26)
photini tmp vuln Kurt Seifried (Sep 11)
Re: Good news and bad news on Python sockets and pickle Kurt Seifried (Jul 19)
Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
Zend Framework CVEs Kurt Seifried (Jul 08)
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried (Jul 04)
Re: BadUSB discussion Kurt Seifried (Aug 09)
Re: heap overflow in procmail Kurt Seifried (Sep 03)
Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Kurt Seifried (Jul 15)
Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried (Sep 10)

Kyle Kelley

CVE Request: Enforce use of HTTPS for MathJax in IPython Kyle Kelley (Jul 31)
IPython Notebook Cross 2014-3429 Kyle Kelley (Jul 15)

Larry Cashdollar

Re: Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry Cashdollar (Jul 16)

Larry W. Cashdollar

Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem lynx-0.2.0 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem VladTheEnterprising-0.2 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem kajam-1.0.3.rc2 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem ciborg-3.0.0 Larry W. Cashdollar (Jul 07)
Re: CVE-2014-6271: remote code execution through bash Larry W. Cashdollar (Sep 25)
Vulnerability Report for Ruby Gem gnms-2.1.1 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem backup_checksum-3.0.23 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem karo-2.3.8 Larry W. Cashdollar (Jul 07)
Vulnerabilities in Ruby Gem brbackup-0.1.1 Larry W. Cashdollar (Jul 10)
Vulnerability Report for Ruby Gem point-cli-0.0.1 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem kcapifony-2.1.6 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem gyazo-1.0.0 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem cap-strap-0.1.5 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem lawn-login-0.0.7 Larry W. Cashdollar (Jul 07)
Vulnerability Report for Ruby Gem lean-ruport-0.3.8 Larry W. Cashdollar (Jul 07)

lazytyped

Re: BadUSB discussion lazytyped (Aug 09)

Loganaden Velvindron

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Aug 04)
Re: rsync vulnerable to collisions Loganaden Velvindron (Jul 28)
CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs Loganaden Velvindron (Sep 15)
Re: Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Sep 15)
Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron (Sep 08)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
Re: CVE Request: MySQL: MyISAM temporary file issue Loganaden Velvindron (Sep 11)
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron (Jul 06)
Re: CVE Request for Drupal Core Loganaden Velvindron (Jul 21)
Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 29)

Maksymilian A

Re: CVE request: issues in ISO C++ 2011 regex library Maksymilian A (Aug 10)

mancha

Re: gpg blindly imports keys from keyserver responses mancha (Sep 01)
CVE Request: Python 2.7 mancha (Sep 23)
Re: gpg blindly imports keys from keyserver responses mancha (Sep 01)
Re: CVE-2014-6271: remote code execution through bash mancha (Sep 24)

Marc Deslauriers

Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)
Re: CVE Request: MySQL: MyISAM temporary file issue Marc Deslauriers (Sep 16)
CVE Request: Go crypto/tls vulnerability Marc Deslauriers (Sep 26)
Re: CVE-2014-4699: Linux ptrace bug Marc Deslauriers (Jul 05)
Re: Fwd: Non-upstream patches for bash Marc Deslauriers (Sep 25)

Marcel Kinard

Apache Cordova 3.5.1: CVE-2014-3502 update Marcel Kinard (Aug 11)
Apache Cordova 3.5.1 Marcel Kinard (Aug 04)

Marcus Meissner

Re: default cipher suites in curl Marcus Meissner (Jul 07)
Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner (Aug 01)
Re: CVE-Request: squid pinger remote DoS Marcus Meissner (Sep 15)
CVE Request: tboot failing to measure commandline parameters Marcus Meissner (Jul 29)
CVE Request: Linux Kernel unbound recursion in ISOFS Marcus Meissner (Aug 26)
CVE Request: libceph auth token overflow Marcus Meissner (Sep 15)
Re: nss RSA forgery (CVE-2014-1568) Marcus Meissner (Sep 24)
default cipher suites in curl Marcus Meissner (Jul 01)
incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress Marcus Meissner (Aug 19)

Marek Kroemeke

Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 03)
Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)

Mark Hatle

Re: [security-vendor] Re: [oss-security] Fwd: Non-upstream patches for bash Mark Hatle (Sep 26)

Mark Knight

A Digital Random Bit Generator Mark Knight (Sep 27)

Mark R Bannister

Re: Healing the bash fork Mark R Bannister (Sep 30)
Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister (Sep 26)
Re: Healing the bash fork Mark R Bannister (Sep 30)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister (Sep 26)
Re: Healing the bash fork Mark R Bannister (Sep 30)

Martin Carpenter

Re: Healing the bash fork Martin Carpenter (Sep 30)

Martin Schwidefsky

Subscribtion request to linux-distros Martin Schwidefsky (Jul 29)
Re: Subscribtion request to linux-distros Martin Schwidefsky (Sep 03)

Matthew Daley

CVE request / advisory: Monkey web server <= v1.5.2 Matthew Daley (Aug 18)

Matthieu Herrb

X.Org intel driver dev snapshots, backlight helper issue Matthieu Herrb (Jul 04)

Michael de Raadt

Moodle security notifications public Michael de Raadt (Jul 20)
Moodle security notifications public Michael de Raadt (Sep 14)
Moodle security notifications public Michael de Raadt (Jul 20)

Michael Samuel

Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 08)
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel (Aug 04)
rsync vulnerable to collisions Michael Samuel (Jul 27)
Re: default cipher suites in curl Michael Samuel (Jul 07)
[CVE Requests] rsync and librsync collisions Michael Samuel (Aug 04)
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 15)
Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Aug 04)
Re: ecryptfs-setup-private nitpick Michael Samuel (Jul 23)
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel (Sep 17)
Re: default cipher suites in curl Michael Samuel (Jul 06)
Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)
Re: Fwd: Non-upstream patches for bash Michael Samuel (Sep 28)
Re: ecryptfs-setup-private nitpick Michael Samuel (Jul 23)
Re: Re: Varnish - no CVE == bug regression Michael Samuel (Jul 08)

Michal Zalewski

Re: Healing the bash fork Michal Zalewski (Sep 30)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
Re: Healing the bash fork Michal Zalewski (Sep 29)
Re: Healing the bash fork Michal Zalewski (Sep 30)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 26)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
Re: Fwd: Non-upstream patches for bash Michal Zalewski (Sep 25)
Re: heap overflow in procmail Michal Zalewski (Sep 03)
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
Re: CVE-2014-6271 first patch and remote exploit via CGI Michal Zalewski (Sep 25)

Mikko Korpela

Re: pinocchio tmp vuln Mikko Korpela (Sep 11)
Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
Re: Re: Python robotframework - tmp vuln Mikko Korpela (Sep 08)
Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
RE: Python robotframework - tmp vuln Mikko Korpela (Sep 08)

Moritz Heidkamp

CVE request for select() buffer overrun in CHICKEN Scheme on the Android platform Moritz Heidkamp (Sep 10)

Moritz Muehlenhoff

Re: Zend Framework CVEs Moritz Muehlenhoff (Jul 08)
Additional information on CVE-2014-2469? Moritz Muehlenhoff (Jul 20)
CVE request: cacti XSS Moritz Muehlenhoff (Jul 20)
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Moritz Muehlenhoff (Sep 22)
Status of CVE-2012-4542/Linux? Moritz Muehlenhoff (Jul 20)

Murray McAllister

GetID3 CVE-2014-2053 XXE issue [was Re: [oss-security] WordPress 3.9.2 release - needs CVE's] Murray McAllister (Aug 14)
CVE-2014-3653 Foreman: XSS flaw on template preview screen Murray McAllister (Sep 22)
Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 07)
CVE request: issues in ISO C++ 2011 regex library Murray McAllister (Aug 04)
Re: CVE request: possible overflow in vararg functions Murray McAllister (Aug 20)
CVE request: php-pear, pear's insecure /tmp/ use for cache data Murray McAllister (Aug 25)
Re: [CVE Requests] rsync and librsync collisions Murray McAllister (Sep 08)
Re: Zend Framework CVEs Murray McAllister (Jul 08)
CVE request: possible overflow in vararg functions Murray McAllister (Aug 20)
CVE-2014-3565, net-snmp: snmptrapd crash Murray McAllister (Aug 31)
CVE request: libgcrypt, ELGAMAL side-channel attack Murray McAllister (Aug 10)
Re: SaltStack - how to report security flaw? Murray McAllister (Jul 03)
CVE request: XSS in PNP4Nagios Murray McAllister (Jul 02)
Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Murray McAllister (Aug 20)
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Murray McAllister (Jul 09)
Re: Zend Framework CVEs Murray McAllister (Jul 08)
possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Murray McAllister (Jul 08)
Re: CVE id request: cacti remote code execution and SQL injection Murray McAllister (Aug 14)
CVE-2014-3554: libndp buffer overflow Murray McAllister (Jul 29)

Nick Boyce

Re: SaltStack 2014.1.10 released Nick Boyce (Aug 21)
Re: Enigmail warning Nick Boyce (Aug 18)

Nick Semenkovich

Re: nss RSA forgery (CVE-2014-1568) Nick Semenkovich (Sep 24)

Nico Golde

CVE id request: cacti remote code execution and SQL injection Nico Golde (Aug 12)
Re: CVE id request: cacti remote code execution and SQL injection Nico Golde (Aug 15)

Nicolas Guigo

RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) Nicolas Guigo (Aug 29)

Nicolas RUFF

Multiple issues in libVNCserver Nicolas RUFF (Sep 23)

Noel Kuntze

Re: Enigmail warning Noel Kuntze (Aug 17)

Osmond Sun

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)

Paul Burchard

Re: [langsec-discuss] [oss-security] Fwd: Non-upstream patches for bash Paul Burchard (Sep 29)

Paul Wise

CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 28)
CVE request: various NodeJS module vulnerabilities Paul Wise (Sep 23)

Pedro Cunha

Re: Enigmail warning Pedro Cunha (Aug 18)

Peter Bex

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Peter Bex (Sep 26)

Petr Matousek

CVE Request -- qemu: missing field list terminator in vmstate_xhci_event Petr Matousek (Aug 04)

Phil Pennock

Re: SaltStack 2014.1.10 released Phil Pennock (Aug 21)
Exim: 4.83 Released, CVE-2014-2972 fix Phil Pennock (Jul 22)

Pierre Schweitzer

Full disclosure: denial of service in srvx Pierre Schweitzer (Aug 28)
Re: CVE-2014-6271: remote code execution through bash Pierre Schweitzer (Sep 24)
RFC: Denial of Service in XCache? Pierre Schweitzer (Sep 04)
Re: Re: FreeNAS default blank password Pierre Schweitzer (Aug 19)
Re: Full disclosure: denial of service in srvx Pierre Schweitzer (Sep 22)

Piotr Bandurski

CVE request: FFmpeg issues Piotr Bandurski (Aug 14)

P J P

Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 03)
Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service P J P (Jul 08)
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P (Sep 22)
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jul 02)
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jul 03)
Re: LMS-2014-06-16-6: LZ4 Core P J P (Jul 02)
CVE request Linux kernel: net: guard tcp_set_keepalive against crash P J P (Sep 15)
CVE request Qemu: out of bounds memory access P J P (Aug 22)
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P (Sep 22)
Re: incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress P J P (Aug 21)
CVE request Linux Kernel: net: SCTP: NULL pointer dereference P J P (Jul 24)
CVE-2014-3615 Qemu: information leakage when guest sets high resolution P J P (Sep 08)

Poul-Henning Kamp

Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 05)
Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)
Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 09)
Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 03)
Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 08)

Rafael Mendonça França

[CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França (Jul 02)
Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França (Aug 18)
Re: [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França (Jul 02)
[Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França (Aug 18)
Amended Patches for CVE-2014-3483 for Rails 4.x Rafael Mendonça França (Jul 02)

Rainer Gerhards

Re: vulnerability in rsyslog Rainer Gerhards (Sep 30)
vulnerability in rsyslog Rainer Gerhards (Sep 30)

Ramon de C Valle

Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 14)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 16)
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)
Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 09)
Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle (Sep 29)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 15)
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle (Jul 10)

Raphael Geissert

GLPI: unprivileged users can access cost information Raphael Geissert (Jul 22)
CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Raphael Geissert (Sep 17)
ecryptfs-setup-private nitpick Raphael Geissert (Jul 22)

Reed Black

CVE-2014-6271 first patch and remote exploit via CGI Reed Black (Sep 25)

rf

CVE request: zeromq rf (Sep 26)

Rich Felker

Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 12)
Re: BadUSB discussion Rich Felker (Aug 08)
Re: Re: heap overflow in procmail Rich Felker (Sep 04)
Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker (Aug 05)
Re: Re: FYI, change to Secunia vuln db EULA Rich Felker (Aug 23)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
Re: Healing the bash fork Rich Felker (Sep 30)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)
Re: heap overflow in procmail Rich Felker (Sep 03)
Re: CVE request: libressl before 2.0.2 under linux PRNG failure Rich Felker (Jul 17)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 27)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 14)
Re: CVE-2014-6271: remote code execution through bash Rich Felker (Sep 25)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)

Riot

Re: CVE-2014-6271: remote code execution through bash Riot (Sep 26)

Ritwik Ghoshal

Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
Re: Additional information on CVE-2014-2469? Ritwik Ghoshal (Jul 21)
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 10)
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal (Sep 11)

Robert Scheck

Zarafa WebApp < 1.6 affected by CVE-2010-4207 or CVE-2012-5881 Robert Scheck (Aug 28)
CVE request: Multiple incorrect default permissions in Zarafa Robert Scheck (Aug 24)

Roman Drahtmueller

Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)
Re: Fwd: Non-upstream patches for bash Roman Drahtmueller (Sep 27)

Roy Marples

CVE Request: dhcpcd DoS attack Roy Marples (Jul 30)

Rylee Fowler

Re: SaltStack 2014.1.10 released Rylee Fowler (Aug 21)

Salvatore Bonaccorso

Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso (Aug 01)
Re: CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Aug 01)
CVE request: xcfa: Insecure use of temporary files, subject to race conditions Salvatore Bonaccorso (Aug 01)
CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure Salvatore Bonaccorso (Aug 11)
CVE Request: bozohttpd: basic http authentication bypass Salvatore Bonaccorso (Jul 18)
Re: Re: CVE request: XSS in PNP4Nagios Salvatore Bonaccorso (Jul 11)
CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files Salvatore Bonaccorso (Aug 29)
CVE Request: MySQL: MyISAM temporary file issue Salvatore Bonaccorso (Sep 10)
Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso (Jul 31)
CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso (Jul 30)
Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso (Jul 03)
CVE Request: cups: Incomplete fix for CVE-2014-3537 Salvatore Bonaccorso (Jul 21)

Sebastian Krahmer

Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
Re: Re: Linux peer_cred Mischmasch Sebastian Krahmer (Jul 22)
Re: Healing the bash fork Sebastian Krahmer (Sep 30)
qemu-bridge-helper minimizing patch Sebastian Krahmer (Jul 16)
CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 21)
Re: Healing the bash fork Sebastian Krahmer (Sep 30)
Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer (Jul 22)
CVE-Request: squid snmp off-by-one Sebastian Krahmer (Sep 09)
CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 09)
Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer (Sep 16)

securitylists

RE: Enigmail warning securitylists (Aug 19)

Seth Arnold

Re: Varnish - no CVE == bug regression Seth Arnold (Jul 03)
atd (was: Re: [oss-security] Re: Healing the bash fork) Seth Arnold (Sep 29)

Shota Fukumori (sora_h)

Re: possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Shota Fukumori (sora_h) (Jul 08)

Simon McVittie

CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon Simon McVittie (Jul 02)
Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 26)
Re: Linux peer_cred Mischmasch Simon McVittie (Jul 22)
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Simon McVittie (Sep 26)
Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 25)
Re: Re: heap overflow in procmail Simon McVittie (Sep 05)
Re: Healing the bash fork Simon McVittie (Sep 30)
Re: CVE-2014-6271: remote code execution through bash Simon McVittie (Sep 25)
CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 Simon McVittie (Sep 16)

Solar Designer

GnuPG computation error checks Solar Designer (Jul 10)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
Re: CVE-2014-0235 cleanup Solar Designer (Jul 03)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
Re: Subscribtion request to linux-distros Solar Designer (Jul 29)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
Re: binary-patching bash Solar Designer (Sep 29)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
binary-patching bash Solar Designer (Sep 28)
Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 25)
Re: vulnerability in rsyslog Solar Designer (Sep 30)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
Open Source only? Solar Designer (Aug 27)
Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 27)
Re: binary-patching bash Solar Designer (Sep 28)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 06)
Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
Re: Fwd: Non-upstream patches for bash Solar Designer (Sep 26)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 04)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
Re: LMS-2014-06-16-2: Linux Kernel LZO Solar Designer (Jul 05)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 08)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer (Jul 05)
Re: PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer (Sep 12)
PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer (Sep 12)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)

Sona Sarmadi

RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi (Sep 29)

Stefan Bühler

Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)

Stefan Cornelius

CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler Stefan Cornelius (Jul 31)

Stephane Chazelas

Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)

Steve Jones

Re: Fwd: Non-upstream patches for bash Steve Jones (Sep 27)

Steve Kemp

Re: pinocchio tmp vuln Steve Kemp (Sep 09)

Stuart D. Gathman

Re: Healing the bash fork Stuart D. Gathman (Sep 30)

Stuart Henderson

Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Aug 06)
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 31)
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Stuart Henderson (Jul 09)

Sven Kieske

Re: Varnish - no CVE == bug regression Sven Kieske (Jul 03)
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
Re: vulnerability in rsyslog Sven Kieske (Sep 30)
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 11)
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske (Sep 12)
Re: Healing the bash fork Sven Kieske (Sep 30)
Re: CVE Request: ro bind mount bypass using user namespaces Sven Kieske (Aug 13)
Re: Fwd: Non-upstream patches for bash Sven Kieske (Sep 28)
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Sven Kieske (Jul 09)
Re: Varnish - no CVE == bug regression Sven Kieske (Jul 04)

Tavis Ormandy

Re: heap overflow in procmail Tavis Ormandy (Sep 03)
Re: Re: heap overflow in procmail Tavis Ormandy (Sep 04)
Re: Healing the bash fork Tavis Ormandy (Sep 30)
heap overflow in procmail Tavis Ormandy (Sep 03)
glibc locale issues Tavis Ormandy (Jul 13)
Re: glibc locale issues Tavis Ormandy (Jul 13)
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy (Jul 10)
CVE-2014-5119 glibc __gconv_translit_find() exploit Tavis Ormandy (Aug 25)
Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Tavis Ormandy (Aug 14)
Re: CVE-2014-6271: remote code execution through bash Tavis Ormandy (Sep 25)
Re: Healing the bash fork Tavis Ormandy (Sep 29)
Re: Re: glibc locale issues Tavis Ormandy (Jul 21)

Thijs Kinkhorst

gpg blindly imports keys from keyserver responses Thijs Kinkhorst (Sep 01)

Tim

Re: CVE-2014-6271: remote code execution through bash Tim (Sep 24)
Re: Open Source only? Tim (Aug 27)

Todd C. Miller

Re: Re: Healing the bash fork Todd C. Miller (Sep 29)

Tomas Hoger

Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 16)
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger (Aug 04)
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 12)
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Tomas Hoger (Jul 09)
Re: Open Source only? Tomas Hoger (Sep 03)
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Tomas Hoger (Jul 16)
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger (Sep 11)
CVE request: V8 Memory Corruption and Stack Overflow Tomas Hoger (Sep 03)
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger (Jul 10)
Re: Additional information on CVE-2014-2469? Tomas Hoger (Jul 29)

Tristan Cacqueray

[OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356) Tristan Cacqueray (Aug 21)
Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray (Aug 19)
[OSSA 2014-022] Keystone V2 trusts privilege escalation through user supplied project id (CVE-2014-3520) Tristan Cacqueray (Jul 02)
[OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) Tristan Cacqueray (Jul 08)
[OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) Tristan Cacqueray (Jul 21)
[OSSA 2014-029] Configuration option leak through Keystone catalog (CVE-2014-3621) Tristan Cacqueray (Sep 16)
CVE request for vulnerability in OpenStack Cinder, Nova and Trove Tristan Cacqueray (Sep 29)
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Aug 05)
[OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253) Tristan Cacqueray (Aug 15)
[OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594) Tristan Cacqueray (Aug 19)

Tyler Hicks

Re: ecryptfs-setup-private nitpick Tyler Hicks (Jul 22)

Vasily Averin

CVE request: kernel: vfs: refcount issues during unmount on symlink Vasily Averin (Jul 23)

Vasyl Kaigorodov

Re: Re: CVE request: XSS in PNP4Nagios Vasyl Kaigorodov (Jul 11)
CVE request: multiple issues in libupnp Vasyl Kaigorodov (Sep 24)
CVE request: rawstudio: Insecure use of temporary file Vasyl Kaigorodov (Jul 16)
CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Vasyl Kaigorodov (Jul 03)
CVE request: transmission peer communication vulnerability Vasyl Kaigorodov (Jul 10)
CVE request: automake: insecure use of /tmp in install-sh Vasyl Kaigorodov (Sep 12)

Vincent Danen

CVE request for accountsservice local encrypted password disclosure flaw Vincent Danen (Aug 15)
CVE request for nodejs/v8 Vincent Danen (Sep 03)
Re: CVE request for nodejs/v8 Vincent Danen (Sep 03)
CVE-2014-3562: Vulnerability in 389-ds Vincent Danen (Aug 07)

Vincent Lefevre

Re: BadUSB discussion Vincent Lefevre (Aug 14)

Vitaly Nikolenko

Re: CVE Request: ro bind mount bypass using user namespaces Vitaly Nikolenko (Aug 14)

Werner Koch

Re: gpg blindly imports keys from keyserver responses Werner Koch (Sep 01)

Willy Tarreau

CVE Request: haproxy read out of bounds Willy Tarreau (Sep 09)
Re: BadUSB discussion Willy Tarreau (Aug 09)

Xen . org security team

Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram Xen . org security team (Sep 23)
Xen Security Advisory 102 (CVE-2014-5147) - Flaws in handling traps from 32-bit userspace on 64-bit ARM Xen . org security team (Aug 12)
Xen Security Advisory 104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram Xen . org security team (Sep 24)
Xen Security Advisory 105 - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team (Sep 23)
Xen Security Advisory 97 (CVE-2014-5146,CVE-2014-5149) - Long latency virtual-mmu operations are not preemptible Xen . org security team (Aug 12)
Xen Security Advisory 106 - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team (Sep 23)
Xen Security Advisory 103 (CVE-2014-5148) - Flaw in handling unknown system register access from 64-bit userspace on ARM Xen . org security team (Aug 12)
Xen Security Advisory 107 (CVE-2014-6268) - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team (Sep 11)
Xen Security Advisory 106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team (Sep 24)
Xen Security Advisory 107 - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team (Sep 09)
Xen Security Advisory 105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team (Sep 24)

yersinia

Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service yersinia (Jul 08)

Yves-Alexis Perez

Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
Re: CVE Request: ro bind mount bypass using user namespaces Yves-Alexis Perez (Aug 13)
Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
Re: BadUSB discussion Yves-Alexis Perez (Aug 08)
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
Re: BadUSB discussion Yves-Alexis Perez (Aug 09)
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez (Jul 05)
Re: nss RSA forgery (CVE-2014-1568) Yves-Alexis Perez (Sep 25)

Zach Wikholm

Re: Healing the bash fork Zach Wikholm (Sep 30)

Previous period

Next period