oss-sec: by date
RSS Feed
About List
All Lists
Previous period
886 messages
starting Jul 01 14 and
ending Sep 30 14
Date index |
Thread index |
Author index
Tuesday, 01 July
default cipher suites in curl Marcus Meissner
Wednesday, 02 July
CVE request: WordPress plugin wysija-newsletters remote file upload Henri Salo
Re: Ansible CVE requests cve-assign
Re: Ansible CVE requests Florian Weimer
CVE-2014-3532, -3533: two local DoS vulnerabilities in dbus-daemon Simon McVittie
[CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França
Re: [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL Rafael Mendonça França
[OSSA 2014-022] Keystone V2 trusts privilege escalation through user supplied project id (CVE-2014-3520) Tristan Cacqueray
Re: LMS-2014-06-16-6: LZ4 Core P J P
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P
Amended Patches for CVE-2014-3483 for Rails 4.x Rafael Mendonça França
Re: Re: Ansible CVE requests Brian Harring
Varnish - no CVE == bug regression Marek Kroemeke
CVE-2014-4715 for LZ4 issue 134 cve-assign
Re: Varnish - no CVE == bug regression Solar Designer
CVE request: XSS in PNP4Nagios Murray McAllister
Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: Varnish - no CVE == bug regression Marek Kroemeke
Thursday, 03 July
CVE-2014-0235 cleanup Kurt Seifried
Re: CVE-2014-0235 cleanup Solar Designer
Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: Varnish - no CVE == bug regression Kurt Seifried
Re: CVE-2014-0235 cleanup Kurt Seifried
Re: LMS-2014-06-16-6: LZ4 Core P J P
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P
Re: Varnish - no CVE == bug regression Sven Kieske
CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Vasyl Kaigorodov
Re: CVE request: pnp4nagios - Two URL Cross-Site Scripting Vulnerabilities Henri Salo
Re: Varnish - no CVE == bug regression Stefan Bühler
Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso
Re: Varnish - no CVE == bug regression Kurt Seifried
SaltStack - how to report security flaw? Kurt Seifried
Re: Varnish - no CVE == bug regression Marek Kroemeke
Re: Varnish - no CVE == bug regression Stefan Bühler
Re: Varnish - no CVE == bug regression Stefan Bühler
Re: SaltStack - how to report security flaw? Murray McAllister
Re: Varnish - no CVE == bug regression Kurt Seifried
Re: Varnish - no CVE == bug regression Seth Arnold
Friday, 04 July
Re: Varnish - no CVE == bug regression Sven Kieske
X.Org intel driver dev snapshots, backlight helper issue Matthieu Herrb
CVE-2014-4699: Linux ptrace bug Andy Lutomirski
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried
Saturday, 05 July
Re: LMS-2014-06-16-2: Linux Kernel LZO Solar Designer
Re: LMS-2014-06-16-2: Linux Kernel LZO Don A. Bailey
Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Yves-Alexis Perez
Re: CVE-2014-4699: Linux ptrace bug Marc Deslauriers
Sunday, 06 July
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron
Re: CVE-2014-4699: Linux ptrace bug John Johansen
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign
Re: CVE-2014-4699: Linux ptrace bug John Johansen
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE David Jorm
Re: default cipher suites in curl Michael Samuel
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE cve-assign
Monday, 07 July
[SECURITY] CVE-2014-3503 Apache Syncope Francesco Chicchiriccò
Re: default cipher suites in curl Marcus Meissner
Re: default cipher suites in curl Michael Samuel
LMS-2014-07-07-1: python-lz4 Don A. Bailey
Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar
Vulnerability Report for Ruby Gem cap-strap-0.1.5 Larry W. Cashdollar
Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 Larry W. Cashdollar
Vulnerability Report for Ruby Gem backup-agoddard-3.0.28 Larry W. Cashdollar
Vulnerability Report for Ruby Gem backup_checksum-3.0.23 Larry W. Cashdollar
Vulnerability Report for Ruby Gem gyazo-1.0.0 Larry W. Cashdollar
Vulnerability Report for Ruby Gem VladTheEnterprising-0.2 Larry W. Cashdollar
Vulnerability Report for Ruby Gem gnms-2.1.1 Larry W. Cashdollar
Vulnerability Report for Ruby Gem point-cli-0.0.1 Larry W. Cashdollar
Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry W. Cashdollar
Vulnerability Report for Ruby Gem lean-ruport-0.3.8 Larry W. Cashdollar
Vulnerability Report for Ruby Gem kajam-1.0.3.rc2 Larry W. Cashdollar
Vulnerability Report for Ruby Gem lawn-login-0.0.7 Larry W. Cashdollar
Vulnerability Report for Ruby Gem kcapifony-2.1.6 Larry W. Cashdollar
Vulnerability Report for Ruby Gem karo-2.3.8 Larry W. Cashdollar
Vulnerability Report for Ruby Gem lynx-0.2.0 Larry W. Cashdollar
Vulnerability Report for Ruby Gem ciborg-3.0.0 Larry W. Cashdollar
Re: LMS-2014-07-07-1: python-lz4 Don A. Bailey
Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE cve-assign
Tuesday, 08 July
possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Murray McAllister
Re: possible CVE-2010 request: Ruby older than 1.9.2 appending current directory to the load path Shota Fukumori (sora_h)
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
[OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) Tristan Cacqueray
Re: CVE request: WordPress plugin wysija-newsletters remote file upload cve-assign
Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service P J P
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: Varnish - no CVE == bug regression cve-assign
Summer bug cleaning - some Hash DoS stuff Kurt Seifried
Summer bug cleaning - rpcbind -h option Kurt Seifried
Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: CVE-2014-4171 - Linux kernel mm/shmem.c denial of service yersinia
Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski
Re: CVE-2014-4699: Linux ptrace bug Andy Lutomirski
FreeBSD Security Advisory FreeBSD-SA-14:17.kmem FreeBSD Security Advisories
Zend Framework CVEs Kurt Seifried
Re: Re: Varnish - no CVE == bug regression Michael Samuel
Re: Zend Framework CVEs Moritz Muehlenhoff
Re: Zend Framework CVEs Murray McAllister
Re: Zend Framework CVEs Murray McAllister
Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: CVE-2014-4699: Linux ptrace bug Solar Designer
Re: Re: Varnish - no CVE == bug regression Michael Samuel
Wednesday, 09 July
Re: Re: Varnish - no CVE == bug regression Poul-Henning Kamp
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Tomas Hoger
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Sven Kieske
CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Stuart Henderson
Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
LMS-2014-07-09-1: lz4-ruby Memory Corruption Don A. Bailey
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Murray McAllister
Thursday, 10 July
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger
GnuPG computation error checks Solar Designer
CVE request: transmission peer communication vulnerability Vasyl Kaigorodov
Re: GnuPG computation error checks Florian Weimer
Vulnerabilities in Ruby Gem brbackup-0.1.1 Larry W. Cashdollar
CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer
Re: Fwd: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy
Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker
Friday, 11 July
Re: CVE request: XSS in PNP4Nagios cve-assign
Re: Zend Framework CVEs cve-assign
Re: CVE request: transmission peer communication vulnerability cve-assign
Re: X.Org intel driver dev snapshots, backlight helper issue cve-assign
Re: Re: CVE request: XSS in PNP4Nagios Salvatore Bonaccorso
Re: CVE request: XSS in PNP4Nagios cve-assign
Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign
Re: Re: CVE request: XSS in PNP4Nagios Vasyl Kaigorodov
Saturday, 12 July
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker
LMS-2014-07-10-1 - CloudFlare GoLang LZ4 Memory Corruption Don A. Bailey
Sunday, 13 July
glibc locale issues Tavis Ormandy
Re: glibc locale issues Tavis Ormandy
Monday, 14 July
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Kurt Seifried
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign
Tuesday, 15 July
IPython Notebook Cross 2014-3429 Kyle Kelley
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Kurt Seifried
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign
Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 cve-assign
Wednesday, 16 July
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Garth Mollett
CVE request: libressl before 2.0.2 under linux PRNG failure Hanno Böck
CVE request: rawstudio: Insecure use of temporary file Vasyl Kaigorodov
qemu-bridge-helper minimizing patch Sebastian Krahmer
Re: Re: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 Larry Cashdollar
Re: Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 Tomas Hoger
Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger
Re: Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Tomas Hoger
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) Ramon de C Valle
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign
Re: CVE request: rawstudio: Insecure use of temporary file cve-assign
Re: CVE request: XSS in PNP4Nagios cve-assign
CVE-2014-4943: Linux privilege escalation in ppp over l2tp sockets Kees Cook
Thursday, 17 July
[OSSA 2014-024] Use of non-constant time comparison operation (CVE-2014-3517) Grant Murphy
Re: CVE request: libressl before 2.0.2 under linux PRNG failure Rich Felker
Re: [ruby-core:63604] [ruby-trunk - Bug #10019] [Open] segmentation fault/buffer overrun in pack.c (encodes) cve-assign
Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.) cve-assign
Friday, 18 July
Strong Security Processes Require Strong Privacy Protections coderman
Re: CVE request - Snoopy incomplete fix for CVE-2008-4796 cve-assign
CVE Request: bozohttpd: basic http authentication bypass Salvatore Bonaccorso
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign
Re: CVE Request: bozohttpd: basic http authentication bypass cve-assign
CVE's for intersection vulnerabilities Kurt Seifried
Re: CVE's for intersection vulnerabilities cve-assign
Good news and bad news on Python sockets and pickle Kurt Seifried
Re: Good news and bad news on Python sockets and pickle gremlin
Saturday, 19 July
Re: CVE's for intersection vulnerabilities intrigeri
Re: Good news and bad news on Python sockets and pickle Kurt Seifried
Re: Good news and bad news on Python sockets and pickle cve-assign
Re: CVE's for intersection vulnerabilities Dolev Farhi
Sunday, 20 July
Status of CVE-2012-4542/Linux? Moritz Muehlenhoff
CVE request: cacti XSS Moritz Muehlenhoff
Re: CVE's for intersection vulnerabilities Kurt Seifried
Additional information on CVE-2014-2469? Moritz Muehlenhoff
Re: CVE's for intersection vulnerabilities Dolev Farhi
Moodle security notifications public Michael de Raadt
Moodle security notifications public Michael de Raadt
Re: Moodle security notifications public cve-assign
Monday, 21 July
CVE-Request: KAuth authentication bypass Sebastian Krahmer
CVE Request for Drupal Core Jorge Manuel B. S. Vicetto
Re: CVE Request for Drupal Core Loganaden Velvindron
[OSSA 2014-025] Denial of Service in Neutron allowed address pair (CVE-2014-3555) Tristan Cacqueray
Re: Re: glibc locale issues Florian Weimer
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas
Re: Moodle security notifications public cve-assign
Re: Re: glibc locale issues Tavis Ormandy
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas
Re: Additional information on CVE-2014-2469? Ritwik Ghoshal
CVE requests for Review Board Christian Hammond
[oCERT-2014-004] Ansible input sanitization errors Andrea Barisani
CVE Request: cups: Incomplete fix for CVE-2014-3537 Salvatore Bonaccorso
Tuesday, 22 July
Linux peer_cred Mischmasch Sebastian Krahmer
Re: Linux peer_cred Mischmasch Simon McVittie
Re: Linux peer_cred Mischmasch Florian Weimer
GLPI: unprivileged users can access cost information Raphael Geissert
Exim: 4.83 Released, CVE-2014-2972 fix Phil Pennock
Re: Linux peer_cred Mischmasch Andy Lutomirski
Re: CVE request: cacti XSS cve-assign
ecryptfs-setup-private nitpick Raphael Geissert
Re: CVE-Request: KAuth authentication bypass cve-assign
Re: CVE requests for Review Board cve-assign
Re: CVE Request: cups: Incomplete fix for CVE-2014-3537 cve-assign
Re: LMS-2014-06-16-3: Libav LZO Don A. Bailey
Re: GLPI: unprivileged users can access cost information cve-assign
Re: ecryptfs-setup-private nitpick Tyler Hicks
Re: CVE requests for Review Board Christian Hammond
Re: CVE-Request: KAuth authentication bypass Sebastian Krahmer
Re: Re: Linux peer_cred Mischmasch Sebastian Krahmer
Re: CVE-Request: KAuth authentication bypass cve-assign
Wednesday, 23 July
Re: ecryptfs-setup-private nitpick Dustin Kirkland
[oCERT-2014-005] LPAR2RRD input sanitization errors Daniele Bianco
[CVE request] Array allocation fixes in libgfortran Florian Weimer
Re: ecryptfs-setup-private nitpick Michael Samuel
Re: ecryptfs-setup-private nitpick Michael Samuel
CVE request: kernel: vfs: refcount issues during unmount on symlink Vasily Averin
Re: CVE Request for Drupal Core Forest Monsen
Re: CVE Request for Drupal Core cve-assign
Re: [CVE request] Array allocation fixes in libgfortran cve-assign
Re: CVE request: kernel: vfs: refcount issues during unmount on symlink cve-assign
Thursday, 24 July
CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Hanno Böck
Re: CVE request: Mailpoet (wordpress-plugin) remote file upload exploited in the wild Henri Salo
CVE request Linux Kernel: net: SCTP: NULL pointer dereference P J P
CVE request: WordPress plugin vitamin traversal arbitrary file access Henri Salo
Re: Linux peer_cred Mischmasch Andy Lutomirski
Duplicated CVE - Cacti XSS Adan Alvarez
Re: Duplicated CVE - Cacti XSS cve-assign
Re: Duplicated CVE - Cacti XSS Adan Alvarez
Friday, 25 July
Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference cve-assign
Saturday, 26 July
Re: Re: CVE request Linux Kernel: net: SCTP: NULL pointer dereference Daniel Borkmann
Sunday, 27 July
rsync vulnerable to collisions Michael Samuel
Monday, 28 July
Re: rsync vulnerable to collisions Loganaden Velvindron
Re: CVE request: WordPress plugin vitamin traversal arbitrary file access cve-assign
Tuesday, 29 July
CVE Request: tboot failing to measure commandline parameters Marcus Meissner
CVE-2014-3554: libndp buffer overflow Murray McAllister
[CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Florian Weimer
Re: Additional information on CVE-2014-2469? Tomas Hoger
Subscribtion request to linux-distros Martin Schwidefsky
Re: Subscribtion request to linux-distros Solar Designer
Wednesday, 30 July
CVE-2014-3120 ElasticSearch Henri Salo
CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion Henri Salo
CVE-2014-5117 - Tor before 0.2.4.23 RELAY_EARLY issue cve-assign
Re: CVE Request: tboot failing to measure commandline parameters cve-assign
CVE Request: dhcpcd DoS attack Roy Marples
Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign
CVE request for Drupal contributed modules Forest Monsen
CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso
Re: CVE request for Drupal contributed modules cve-assign
Thursday, 31 July
CVE-2014-3564 gpgme: heap-based buffer overflow in gpgsm status handler Stefan Cornelius
Re: Re: [CVE request] Array allocation fixes in libgfortran Florian Weimer
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson
Re: CVE request: WordPress plugin wppageflip index.php pageflipbook_language parameter traversal local file inclusion cve-assign
Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso
Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Chris Steipp
CVE Request: Enforce use of HTTPS for MathJax in IPython Kyle Kelley
Friday, 01 August
Possible CVE request: subversion MD5 collision authentication leak Marcus Meissner
CVE request: xcfa: Insecure use of temporary files, subject to race conditions Salvatore Bonaccorso
Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser
Re: CVE Request: XML-DT: Insecure use of temporary files Salvatore Bonaccorso
Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 Salvatore Bonaccorso
Saturday, 02 August
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Kurt Seifried
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin
Sunday, 03 August
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython Donald Stufft
Monday, 04 August
CVE Request -- qemu: missing field list terminator in vmstate_xhci_event Petr Matousek
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Tomas Hoger
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser
Apache Cordova 3.5.1 Marcel Kinard
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Michael Samuel
CVE request: issues in ISO C++ 2011 regex library Murray McAllister
[CVE Requests] rsync and librsync collisions Michael Samuel
Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron
Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Tuesday, 05 August
Re: Re: Possible CVE request: subversion MD5 collision authentication leak Ben Reser
Re: CVE Request: Enforce use of HTTPS for MathJax in IPython gremlin
CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray
Re: CVE request: issues in ISO C++ 2011 regex library Rich Felker
Wednesday, 06 August
Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson
CVE request for Drupal core, and contributed modules Forest Monsen
WordPress 3.9.2 release - needs CVE's Kurt Seifried
Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin
Thursday, 07 August
Re: CVE request: issues in ISO C++ 2011 regex library Murray McAllister
CVE-2014-3562: Vulnerability in 389-ds Vincent Danen
Friday, 08 August
BadUSB discussion Dan Carpenter
Re: BadUSB discussion Florian Weimer
Re: BadUSB discussion John Haxby
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Daniel Kahn Gillmor
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Daniel Kahn Gillmor
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Eddie Chapman
Re: BadUSB discussion gremlin
Re: BadUSB discussion gremlin
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Greg KH
Re: BadUSB discussion gremlin
Re: BadUSB discussion Eddie Chapman
Re: BadUSB discussion gremlin
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Dean Pierce
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Eddie Chapman
Re: BadUSB discussion gremlin
Re: BadUSB discussion (GalaxyMaster)
Re: BadUSB discussion (GalaxyMaster)
Re: BadUSB discussion gremlin
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Yves-Alexis Perez
Re: BadUSB discussion Yves-Alexis Perez
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Yves-Alexis Perez
Re: BadUSB discussion Eddie Chapman
Re: BadUSB discussion Greg KH
Re: BadUSB discussion Rich Felker
Saturday, 09 August
Re: BadUSB discussion Yves-Alexis Perez
Re: BadUSB discussion Willy Tarreau
Re: BadUSB discussion lazytyped
Re: BadUSB discussion Yves-Alexis Perez
Re: BadUSB discussion Kurt Seifried
Sunday, 10 August
Re: CVE request: issues in ISO C++ 2011 regex library Maksymilian A
CVE request: libgcrypt, ELGAMAL side-channel attack Murray McAllister
Monday, 11 August
CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure Salvatore Bonaccorso
Apache Cordova 3.5.1: CVE-2014-3502 update Marcel Kinard
Tuesday, 12 August
[oCERT-2014-006] Ganeti insecure archive permission Andrea Barisani
Xen Security Advisory 102 (CVE-2014-5147) - Flaws in handling traps from 32-bit userspace on 64-bit ARM Xen . org security team
Xen Security Advisory 103 (CVE-2014-5148) - Flaw in handling unknown system register access from 64-bit userspace on ARM Xen . org security team
Xen Security Advisory 97 (CVE-2014-5146,CVE-2014-5149) - Long latency virtual-mmu operations are not preemptible Xen . org security team
CVE id request: cacti remote code execution and SQL injection Nico Golde
CVE Request: ro bind mount bypass using user namespaces Kenton Varda
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski
Re: WordPress 3.9.2 release - needs CVE's cve-assign
Re: CVE Request: ro bind mount bypass using user namespaces cve-assign
Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) cve-assign
Wednesday, 13 August
Re: CVE Request: ro bind mount bypass using user namespaces Kenton Varda
Re: CVE Request: ro bind mount bypass using user namespaces Yves-Alexis Perez
Re: CVE Request: ro bind mount bypass using user namespaces Sven Kieske
Re: CVE Request: ro bind mount bypass using user namespaces Andy Lutomirski
Re: WordPress 3.9.2 release - needs CVE's Andrew Nacin
Re: WordPress 3.9.2 release - needs CVE's cve-assign
Thursday, 14 August
GetID3 CVE-2014-2053 XXE issue [was Re: [oss-security] WordPress 3.9.2 release - needs CVE's] Murray McAllister
Re: CVE id request: cacti remote code execution and SQL injection Murray McAllister
Re: Possible CVE Request: MediaWiki Security and Maintenance Releases: 1.19.18, 1.22.9 and 1.23.2 cve-assign
Re: CVE Request: ro bind mount bypass using user namespaces Vitaly Nikolenko
Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) John Haxby
Re: [oCERT-2014-006] Ganeti insecure archive permission cve-assign
CVE request: FFmpeg issues Piotr Bandurski
Re: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: [oss-security] Re: glibc locale issues) Tavis Ormandy
Re: BadUSB discussion Vincent Lefevre
Re: CVE request for vulnerability in OpenStack Keystone Kurt Seifried
Re: CVE request for vulnerability in OpenStack Keystone cve-assign
Friday, 15 August
Re: CVE request: xcfa: Insecure use of temporary files, subject to race conditions cve-assign
CVE request for accountsservice local encrypted password disclosure flaw Vincent Danen
[OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253) Tristan Cacqueray
Re: CVE id request: cacti remote code execution and SQL injection Nico Golde
Re: CVE Request: XML-DT: Insecure use of temporary files cve-assign
Re: CVE Request: XML-DT: Insecure use of temporary files Alberto Simoes
Re: CVE Request -- qemu: missing field list terminator in vmstate_xhci_event cve-assign
Re: CVE request: libgcrypt, ELGAMAL side-channel attack cve-assign
Re: CVE Request: Plack::App::File does not prune trailing slashes: possible code exposure / information disclosure cve-assign
Saturday, 16 August
Re: CVE request for Drupal core, and contributed modules cve-assign
Re: CVE id request: cacti remote code execution and SQL injection cve-assign
Re: CVE request: FFmpeg issues cve-assign
Re: CVE request for accountsservice local encrypted password disclosure flaw cve-assign
FreeNAS default blank password Kurt Seifried
Re: FreeNAS default blank password Kurt Seifried
Sunday, 17 August
Re: FreeNAS default blank password devzero2000
Re[2]: FreeNAS default blank password Dolev Farhi
Re: FreeNAS default blank password Kurt Seifried
Enigmail warning Henri Salo
Re: Enigmail warning Noel Kuntze
Re: Enigmail warning Henri Salo
Monday, 18 August
CVE request / advisory: Monkey web server <= v1.5.2 Matthew Daley
Re: Enigmail warning Pedro Cunha
Re: Enigmail warning Jerome Athias
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack Dirk-Willem van Gulik
Re: Enigmail warning Nick Boyce
[Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França
Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Kurt Seifried
Re: [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with Rafael Mendonça França
Tuesday, 19 August
[CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability Jacopo Cappellato
Re: FreeNAS default blank password cve-assign
CVE request: WordPress plugin wp-source-control remote path traversal file access Henri Salo
Re: Re: FreeNAS default blank password Pierre Schweitzer
incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress Marcus Meissner
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
Re: CVE request / advisory: Monkey web server <= v1.5.2 cve-assign
[OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594) Tristan Cacqueray
Re: CVE request for vulnerability in OpenStack Glance cve-assign
CVE-2014-3596 - Apache Axis 1 vulnerable to MITM attack David Jorm
RE: Enigmail warning securitylists
Wednesday, 20 August
Re: CVE request: WordPress plugin wp-source-control remote path traversal file access cve-assign
Re: Enigmail warning Guilherme Andrade
CVE Request: Multiple issues in com.ning:async-http-client Arun Babu Neelicattu
CVE request: possible overflow in vararg functions Murray McAllister
Re: CVE request: possible overflow in vararg functions Murray McAllister
Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Murray McAllister
Thursday, 21 August
Re: CVE request: possible overflow in vararg functions Florian Weimer
SaltStack 2014.1.10 released C. R. Oldham
[OSSA 2014-028] Glance store DoS through disk space exhaustion (CVE-2014-5356) Tristan Cacqueray
Re: SaltStack 2014.1.10 released Kurt Seifried
Re: SaltStack 2014.1.10 released gremlin
Revised: Salt 2014.1.10 released C. R. Oldham
Re: SaltStack 2014.1.10 released Kurt Seifried
Re: SaltStack 2014.1.10 released Kristian Fiskerstrand
Re: SaltStack 2014.1.10 released Aaron Toponce
Re: SaltStack 2014.1.10 released gremlin
Re: SaltStack 2014.1.10 released Nick Boyce
Re: incomplete fix for CVE-2014-4611: kernel: integer overflow in lz4_uncompress P J P
Re: SaltStack 2014.1.10 released Rylee Fowler
Re: Enigmail warning cve-assign
Re: SaltStack 2014.1.10 released Phil Pennock
Friday, 22 August
CVE request Qemu: out of bounds memory access P J P
FYI, change to Secunia vuln db EULA ken
Re: CVE request Qemu: out of bounds memory access cve-assign
Saturday, 23 August
Re: FYI, change to Secunia vuln db EULA ken
Re: Re: FYI, change to Secunia vuln db EULA Rich Felker
Sunday, 24 August
CVE-2014-5443: Seafile local horizontal privilege escalation vulnerability Henri Salo
CVE request: Multiple incorrect default permissions in Zarafa Robert Scheck
Monday, 25 August
Re: CVE request: Multiple incorrect default permissions in Zarafa cve-assign
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign
Re: CVE Request: Multiple issues in com.ning:async-http-client cve-assign
CVE-2014-5119 glibc __gconv_translit_find() exploit Tavis Ormandy
CVE request: php-pear, pear's insecure /tmp/ use for cache data Murray McAllister
Tuesday, 26 August
CVE Request: Linux Kernel unbound recursion in ISOFS Marcus Meissner
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] Florian Weimer
Re: CVE Request: Linux Kernel unbound recursion in ISOFS cve-assign
Re: Lua CVE request [was Re: CVE request: possible overflow in vararg functions] cve-assign
Re: CVE request: php-pear, pear's insecure /tmp/ use for cache data cve-assign
Wednesday, 27 August
XRMS SQLi to RCE 0day Benjamin Harris
PHP-Wiki Command Injection Benjamin Harris
Open Source only? Solar Designer
Re: Open Source only? Kurt Seifried
Re: Open Source only? Tim
Re: Open Source only? Hanno Böck
CVE-2014-0485: unsafe Python pickle in s3ql Florian Weimer
Thursday, 28 August
Zarafa WebApp < 1.6 affected by CVE-2010-4207 or CVE-2012-5881 Robert Scheck
Full disclosure: denial of service in srvx Pierre Schweitzer
Friday, 29 August
Re: XRMS SQLi to RCE 0day cve-assign
Re: PHP-Wiki Command Injection cve-assign
CVE request: glibc character set conversion from IBM code pages Florian Weimer
CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files Salvatore Bonaccorso
RE: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) Nicolas Guigo
Re: Full disclosure: denial of service in srvx cve-assign
Re: CVE Request: Clipboard Perl module: clipedit: insecure use of temporary files cve-assign
Saturday, 30 August
Fwd: ezmlm warning Jorge Manuel B. S. Vicetto
Sunday, 31 August
Re: Fwd: ezmlm warning Jeremy Stanley
CVE-2014-3565, net-snmp: snmptrapd crash Murray McAllister
Monday, 01 September
gpg blindly imports keys from keyserver responses Thijs Kinkhorst
Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand
Re: gpg blindly imports keys from keyserver responses mancha
Re: CVE Request: dhcpcd DoS attack Kristian Fiskerstrand
Re: gpg blindly imports keys from keyserver responses Kristian Fiskerstrand
Re: gpg blindly imports keys from keyserver responses mancha
Re: gpg blindly imports keys from keyserver responses Werner Koch
Re: CVE Request: dhcpcd DoS attack Florian Weimer
CVE assignment for c-icap Server Kristian Fiskerstrand
Re: CVE Request: dhcpcd DoS attack cve-assign
Re: gpg blindly imports keys from keyserver responses Daniel Kahn Gillmor
Re: CVE request: glibc character set conversion from IBM code pages cve-assign
Tuesday, 02 September
Re: Subscribtion request to linux-distros Kurt Seifried
Re: CVE requests for 2 separate vulns in torrentflux 2.4.5-1 (debian stable) cve-assign
Wednesday, 03 September
Re: Subscribtion request to linux-distros Martin Schwidefsky
Re: Open Source only? Tomas Hoger
CVE request: V8 Memory Corruption and Stack Overflow Tomas Hoger
Re: Open Source only? Joe MacDonald
CVE request: TYPO3-EXT-SA-2014-10 Henri Salo
CVE request for nodejs/v8 Vincent Danen
Re: CVE request for nodejs/v8 Vincent Danen
heap overflow in procmail Tavis Ormandy
Re: heap overflow in procmail Kurt Seifried
Re: heap overflow in procmail Rich Felker
Re: heap overflow in procmail cve-assign
Re: heap overflow in procmail Tavis Ormandy
RE: heap overflow in procmail Christey, Steven M.
Re: heap overflow in procmail Michal Zalewski
Thursday, 04 September
Re: heap overflow in procmail Kurt Seifried
Re: heap overflow in procmail Kurt Seifried
RFC: Denial of Service in XCache? Pierre Schweitzer
Re: CVE request: V8 Memory Corruption and Stack Overflow - Node.js cve-assign
Re: CVE request: TYPO3-EXT-SA-2014-10 cve-assign
Re: Re: heap overflow in procmail Rich Felker
Re: Re: heap overflow in procmail Tavis Ormandy
CVE request: TYPO3-EXT-SA-2014-006 Henri Salo
Friday, 05 September
CVE request: TYPO3-EXT-SA-2014-005 Henri Salo
CVE request: TYPO3-EXT-SA-2014-003 Henri Salo
CVE request: TYPO3-EXT-SA-2014-001 Henri Salo
CVE request: TYPO3-EXT-SA-2014-002 Henri Salo
CVE request: TYPO3-EXT-SA-2013-014 Henri Salo
Re: heap overflow in procmail Jack Frosch
Re: Re: heap overflow in procmail Simon McVittie
Sunday, 07 September
CVE request: /tmp file vulnerability in ace Helmut Grohne
Python robotframework - tmp vuln Kurt Seifried
Re: Python robotframework - tmp vuln Kurt Seifried
Re: Python robotframework - tmp vuln coderman
Monday, 08 September
CVE-2014-3615 Qemu: information leakage when guest sets high resolution P J P
RE: Python robotframework - tmp vuln Mikko Korpela
Re: Python robotframework - tmp vuln cve-assign
Re: Python robotframework - tmp vuln Kurt Seifried
Re: Re: Python robotframework - tmp vuln Mikko Korpela
Re: Python robotframework - tmp vuln cve-assign
Confusion around gksu & CVE-2014-2943 Alan Coopersmith
Re: [CVE Requests] rsync and librsync collisions Murray McAllister
Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron
Re: [CVE Requests] rsync and librsync collisions Michael Samuel
ioflo tmp vuln Kurt Seifried
pinocchio tmp vuln Kurt Seifried
Re: pinocchio tmp vuln David Jorm
headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools Kurt Seifried
vos tmp vuln Kurt Seifried
luigi tmp vuln Kurt Seifried
Tuesday, 09 September
Re: pinocchio tmp vuln Mikko Korpela
Re: pinocchio tmp vuln Steve Kemp
CVE-Request: squid pinger remote DoS Sebastian Krahmer
Re: pinocchio tmp vuln Mikko Korpela
Re: pinocchio tmp vuln Henri Salo
CVE-Request: squid snmp off-by-one Sebastian Krahmer
Xen Security Advisory 107 - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team
CVE Request: haproxy read out of bounds Willy Tarreau
Re: headintheclouds tmp vulns - also request for referees decision on tmp vulns in deployment tools cve-assign
Re: pinocchio tmp vuln Kurt Seifried
Re: pinocchio tmp vuln John Haxby
Re: Xen Security Advisory 107 - Mishandling of uninitialised FIFO-based event channel control blocks cve-assign
Re: CVE Request: haproxy read out of bounds cve-assign
Re: CVE-Request: squid snmp off-by-one cve-assign
Re: pinocchio tmp vuln Mikko Korpela
Wednesday, 10 September
CVE request for select() buffer overrun in CHICKEN Scheme on the Android platform Moritz Heidkamp
CVE Request: MySQL: MyISAM temporary file issue Salvatore Bonaccorso
Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal
Thursday, 11 September
photini tmp vuln Kurt Seifried
pscripts tmp vuln leading to possible code exec Kurt Seifried
Re: pinocchio tmp vuln Donald Stufft
Re: TYPO3 extensions cve-assign
Re: CVE request: /tmp file vulnerability in ace cve-assign
Re: CVE request for select() buffer overrun in CHICKEN Scheme on the Android platform cve-assign
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske
Re: pinocchio tmp vuln John Haxby
Re: CVE Request: MySQL: MyISAM temporary file issue John Haxby
Re: CVE Request: static IV used in Percona XtraBackup Florian Weimer
Xen Security Advisory 107 (CVE-2014-6268) - Mishandling of uninitialised FIFO-based event channel control blocks Xen . org security team
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger
Re: pinocchio tmp vuln Kurt Seifried
Re: pinocchio tmp vuln Kurt Seifried
Re: pinocchio tmp vuln Mikko Korpela
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal
Re: CVE Request: MySQL: MyISAM temporary file issue Kurt Seifried
Multiple Linux USB driver CVE assignment Ben Hawkes
Re: Multiple Linux USB driver CVE assignment Ben Hawkes
Re: CVE Request: MySQL: MyISAM temporary file issue Ritwik Ghoshal
Re: vos tmp vuln cve-assign
Re: ioflo tmp vuln cve-assign
Re: CVE Request: MySQL: MyISAM temporary file issue Loganaden Velvindron
Friday, 12 September
Re: CVE Request: MySQL: MyISAM temporary file issue Sven Kieske
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger
Re: CVE request: /tmp file vulnerability in ace Helmut Grohne
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger
Re: CVE Request: MySQL: MyISAM temporary file issue Tomas Hoger
CVE request: automake: insecure use of /tmp in install-sh Vasyl Kaigorodov
PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer
CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad
Re: CVE request: /tmp file vulnerability in ace cve-assign
Re: PowerDNS Recursor 3.6.0 can be crashed remotely (CVE-2014-3614) Solar Designer
Re: CVE request: MantisBT Null byte poisoning in LDAP authentication cve-assign
Re: [CVE Requests] rsync and librsync collisions cve-assign
Re: Confusion around gksu & CVE-2014-2943 cve-assign
Saturday, 13 September
Re: CVE request: MantisBT Null byte poisoning in LDAP authentication Damien Regad
Sunday, 14 September
Re: CVE assignment for c-icap Server Kristian Fiskerstrand
Moodle security notifications public Michael de Raadt
Monday, 15 September
CVE request Linux kernel: net: guard tcp_set_keepalive against crash P J P
CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs Loganaden Velvindron
CVE Request: libceph auth token overflow Marcus Meissner
CVE request for vulnerability in OpenStack Neutron Grant Murphy
Re: CVE assignment for c-icap Server cve-assign
Re: CVE Request: libceph auth token overflow / Linux kernel cve-assign
Re: CVE request Linux kernel: net: guard tcp_set_keepalive against crash cve-assign
Re: CVE request for Linux kernel: udf: Avoid infinite loop when processing indirect ICBs cve-assign
Re: CVE request for vulnerability in OpenStack Neutron cve-assign
Re: CVE-Request: squid pinger remote DoS Marcus Meissner
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Re: Re: [CVE Requests] rsync and librsync collisions Loganaden Velvindron
Re: CVE-Request: squid pinger remote DoS cve-assign
Tuesday, 16 September
Re: CVE-Request: squid pinger remote DoS Sebastian Krahmer
Re: Re: CVE-Request: squid pinger remote DoS Amos Jeffries
Re: CVE Request: MySQL: MyISAM temporary file issue Marc Deslauriers
Re: CVE Request: MySQL: MyISAM temporary file issue Henri Salo
CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8 Simon McVittie
[OSSA 2014-029] Configuration option leak through Keystone catalog (CVE-2014-3621) Tristan Cacqueray
Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu
Wednesday, 17 September
CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Raphael Geissert
CVE request for vulnerability in OpenStack keystonemiddleware Grant Murphy
Twisted Security Issue Alex Gaynor
CVE ID Syntax Change - Deadline Approaching Christey, Steven M.
Re: Re: [CVE Requests] rsync and librsync collisions Michael Samuel
Re: Confusion around gksu & CVE-2014-2943 cve-assign
Friday, 19 September
python-requests: CVE-2014-1829, CVE-2014-1830: password disclosure on redirect Jakub Wilk
Sunday, 21 September
Re: CVE-Request: squid pinger remote DoS cve-assign
Re: Twisted Security Issue cve-assign
Re: CVE request for vulnerability in OpenStack keystonemiddleware cve-assign
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon / Linux kernel cve-assign
Monday, 22 September
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon Moritz Muehlenhoff
Re: CVE request: [CIFS] Possible null ptr deref in SMB2_tcon P J P
Re: Full disclosure: denial of service in srvx Pierre Schweitzer
CVE-2014-3653 Foreman: XSS flaw on template preview screen Murray McAllister
Tuesday, 23 September
Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram Xen . org security team
Xen Security Advisory 106 - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team
Xen Security Advisory 105 - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team
CVE Request: Python 2.7 mancha
Multiple issues in libVNCserver Nicolas RUFF
CVE request: various NodeJS module vulnerabilities Paul Wise
Re: Xen Security Advisory 104 - Race condition in HVMOP_track_dirty_vram cve-assign
Re: Xen Security Advisory 106 - Missing privilege level checks in x86 emulation of software interrupts cve-assign
Re: Xen Security Advisory 105 - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation cve-assign
Wednesday, 24 September
Xen Security Advisory 106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation of software interrupts Xen . org security team
Xen Security Advisory 105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation Xen . org security team
CVE request: multiple issues in libupnp Vasyl Kaigorodov
Xen Security Advisory 104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram Xen . org security team
[CVE-2013-0334] Ruby dependency manager Bundler may install gems from a different source than expected André Arko
CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Henri Salo
Re: CVE-2014-6271: remote code execution through bash Alexander E. Patrakov
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash gremlin
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash Tim
Re: CVE-2014-6271: remote code execution through bash Hanno Böck
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash mancha
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
Re: CVE-2014-6271: remote code execution through bash Pierre Schweitzer
Re: CVE-2014-6271: remote code execution through bash gremlin
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Hanno Böck
Re: CVE-2014-6271: remote code execution through bash Solar Designer
nss RSA forgery (CVE-2014-1568) Hanno Böck
Re: nss RSA forgery (CVE-2014-1568) Marcus Meissner
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Jason Cooper
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: nss RSA forgery (CVE-2014-1568) Nick Semenkovich
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Anthony Liguori
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash cve-assign
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala
Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Thursday, 25 September
[oCERT-2014-007] libvncserver multiple issues Andrea Barisani
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow advisories
Re: CVE-2014-6271: remote code execution through bash Florian Weimer
CVE-2014-6271 first patch and remote exploit via CGI Reed Black
Re: CVE-2014-6271: remote code execution through bash John Haxby
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: CVE-2014-6271: remote code execution through bash Simon McVittie
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271 first patch and remote exploit via CGI Michal Zalewski
Re: CVE-2014-6271: remote code execution through bash Larry W. Cashdollar
Re: CVE-2014-6271: remote code execution through bash John Haxby
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Simon McVittie
Re: CVE-2014-6271: remote code execution through bash Huzaifa Sidhpurwala
Re: CVE-2014-6271: remote code execution through bash Jason Cooper
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Christos Zoulas
Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala
Re: Fwd: Non-upstream patches for bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: Fwd: Non-upstream patches for bash Huzaifa Sidhpurwala
Re: Fwd: Non-upstream patches for bash Marc Deslauriers
Re: Fwd: Non-upstream patches for bash Michal Zalewski
Re: Fwd: Non-upstream patches for bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Alexandre Dulaunoy
Re: CVE-2014-6271: remote code execution through bash Jason Cooper
Re: CVE-2014-6271: remote code execution through bash Rich Felker
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Tavis Ormandy
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: CVE Request: Python 2.7 cve-assign
Re: nss RSA forgery (CVE-2014-1568) Hanno Böck
Re: nss RSA forgery (CVE-2014-1568) Hanno Böck
Re: Fwd: Non-upstream patches for bash Marc Deslauriers
[OSSA 2014-030] TLS cert verification option not honoured in paste configs (CVE-2014-7144) Grant Murphy
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: Fwd: Non-upstream patches for bash cve-assign
Re: nss RSA forgery (CVE-2014-1568) Yves-Alexis Perez
Friday, 26 September
Re: CVE-2014-6271: remote code execution through bash Dwayne Litzenberger
Re: Fwd: Non-upstream patches for bash Hanno Böck
Re: [security-vendor] Re: [oss-security] Fwd: Non-upstream patches for bash Mark Hatle
Re: Non-upstream patches for bash Ángel González
Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister
Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Hanno Böck
Re: Re: Non-upstream patches for bash John Haxby
CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Hanno Böck
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Florian Weimer
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) John Haxby
CVE Request: Go crypto/tls vulnerability Marc Deslauriers
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Simon McVittie
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Guido Berhoerster
Re: CVE-2014-6271: remote code execution through bash Simon McVittie
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bernhard Hermann
CVE request: zeromq rf
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas
CVE request: TYPO3-EXT-SA-2014-012 Henri Salo
Re: CVE-2014-6271: remote code execution through bash Riot
Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs Chris Steipp
Fwd: CVE-2014-6271: remote code execution through bash Gennady Kupava
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker
Re: CVE Request: Go crypto/tls vulnerability cve-assign
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Peter Bex
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kurt Seifried
Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: Fwd: Non-upstream patches for bash Solar Designer
Re: CVE-2014-6271: remote code execution through bash David A. Wheeler
Re: Re: Non-upstream patches for bash Ángel González
Re: Fwd: Non-upstream patches for bash Solar Designer
Re: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4 insufficient CSS filtering of SVGs cve-assign
Re: CVE request: TYPO3-EXT-SA-2014-012 cve-assign
Re: CVE request: zeromq cve-assign
Re: Fwd: Non-upstream patches for bash Michal Zalewski
Saturday, 27 September
Re: Fwd: Non-upstream patches for bash Roman Drahtmueller
Re: Fwd: Non-upstream patches for bash Solar Designer
CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file Colin Watson
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
A Digital Random Bit Generator Mark Knight
Re: Fwd: Non-upstream patches for bash Roman Drahtmueller
Re: Fwd: Non-upstream patches for bash Steve Jones
Re: CVE-2014-6271: remote code execution through bash Michal Zalewski
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker
test script for various bash vulns Hanno Böck
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: CVE-2014-6271: remote code execution through bash Eric Blake
Re: CVE-2014-6271: remote code execution through bash Eric Blake
Re: CVE-2014-6271: remote code execution through bash Eric Blake
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron
Re: CVE-2014-6271: remote code execution through bash Hanno Böck
Sunday, 28 September
Security release of fish shell 2.1.1 David Adam
Re: Fwd: Non-upstream patches for bash Michael Samuel
Re: CVE-2014-6271: remote code execution through bash Eric Blake
Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Bryan Drewery
binary-patching bash Solar Designer
CVE request: various NodeJS module vulnerabilities Paul Wise
Re: binary-patching bash Solar Designer
CVE request: QNAP QTS Ken Lee
Re: Fwd: Non-upstream patches for bash Sven Kieske
Monday, 29 September
Re: binary-patching bash Solar Designer
Re: Fwd: Non-upstream patches for bash Jakub Wilk
Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron
Pylint checks not as static as one would think Jakub Wilk
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey
[OSSA 2014-031] Admin-only network attributes may be reset to defaults by non-privileged users (CVE-2014-6414) Grant Murphy
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey
Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Florian Weimer
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski
gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski
Healing the bash fork (was: Re: [oss-security] CVE-2014-6271: remote code execution through bash) Florian Weimer
Re: Fwd: Non-upstream patches for bash cve-assign
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric
Re: Array importing in bash 4.3 (was: Re: [oss-security] Fwd: Non-upstream patches for bash) Kobrin, Eric
Re: Healing the bash fork Eric Blake
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey
Re: test script for various bash vulns Daniel Calvo Castro
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost
Re: [langsec-discuss] [oss-security] Fwd: Non-upstream patches for bash Paul Burchard
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun
RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi
Re: Healing the bash fork Kobrin, Eric
Re: Healing the bash fork Tavis Ormandy
Re: Array importing in bash 4.3 Florian Weimer
Re: CVE request: QNAP QTS cve-assign
Re: Re: Healing the bash fork Todd C. Miller
Re: Healing the bash fork David A. Wheeler
Re: Fwd: Non-upstream patches for bash Bernhard Hermann
Re: Fwd: Non-upstream patches for bash Ed Prevost
Re: Healing the bash fork John Haxby
Re: CVE request: exuberant-ctags: CPU/disk DoS on minified JavaScript file cve-assign
Re: Pylint checks not as static as one would think cve-assign
atd (was: Re: [oss-security] Re: Healing the bash fork) Seth Arnold
Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle
CVE request for vulnerability in OpenStack Cinder, Nova and Trove Tristan Cacqueray
Re: Healing the bash fork Kobrin, Eric
Re: CVE-2014-6271: remote code execution through bash Chet Ramey
Re: Array importing in bash 4.3 Chet Ramey
Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey
Re: Fwd: Non-upstream patches for bash Chet Ramey
Re: Healing the bash fork Chet Ramey
Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove cve-assign
Re: Healing the bash fork gremlin
Re: Healing the bash fork Kobrin, Eric
Re: Array importing in bash 4.3 Kobrin, Eric
Re: Healing the bash fork Michal Zalewski
Re: CVE request: various NodeJS module vulnerabilities cve-assign
Tuesday, 30 September
Re: Healing the bash fork Mark R Bannister
Re: Healing the bash fork Florian Weimer
Re: Healing the bash fork Sven Kieske
Re: Healing the bash fork Gennady Kupava
vulnerability in rsyslog Rainer Gerhards
Re: vulnerability in rsyslog Sven Kieske
Re: Healing the bash fork Mark R Bannister
Re: Healing the bash fork Kobrin, Eric
Re: Healing the bash fork Sebastian Krahmer
Re: Healing the bash fork Kobrin, Eric
Re: Healing the bash fork Sebastian Krahmer
Re: Healing the bash fork Michal Zalewski
Re: Healing the bash fork John Haxby
Re: Healing the bash fork Mark R Bannister
Re: Healing the bash fork Tavis Ormandy
Re: Healing the bash fork Simon McVittie
Re: Healing the bash fork Ed Prevost
Re: Healing the bash fork Ed Prevost
Re: vulnerability in rsyslog Solar Designer
Re: vulnerability in rsyslog Rainer Gerhards
Re: Healing the bash fork gremlin
Re: Healing the bash fork Zach Wikholm
Re: Healing the bash fork Martin Carpenter
Re: Healing the bash fork Rich Felker
Re: Healing the bash fork David A. Wheeler
Re: Healing the bash fork Michal Zalewski
Re: Healing the bash fork Stuart D. Gathman