oss-sec: by author
RSS Feed
About List
All Lists
Previous period
1185 messages
starting Oct 30 14 and
ending Nov 18 14
Date index |
Thread index |
Author index
Aaron Patterson
Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) Aaron Patterson (Oct 30)
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets Aaron Patterson (Oct 30)
[AMENDED] [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson (Nov 20)
[CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson (Nov 17)
Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) Aaron Patterson (Oct 30)
Adam Langley
Re: attacking hsts through ntp Adam Langley (Oct 16)
Agostino Sarubbo
Re: Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo (Dec 05)
Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
postgresql: pg_dump creates world-readable dump Agostino Sarubbo (Dec 07)
Alan Coopersmith
Re: OpenBSD patch issue also affects GNU patch Alan Coopersmith (Nov 25)
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith (Dec 09)
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith (Dec 09)
Re: Re: gnome-shell lockscreen bypass with printscreen key Alan Coopersmith (Oct 02)
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith (Dec 09)
Alexander Cherepanov
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Dec 11)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 18)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
Re: Fuzzing project brainstorming Alexander Cherepanov (Nov 20)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 16)
Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 26)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 11)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
Re: libbfd / bfd Alexander Cherepanov (Dec 27)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Oct 28)
Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 06)
CVE Request: binutils -- directory traversal Alexander Cherepanov (Nov 04)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 20)
CVE request: file(1) DoS Alexander Cherepanov (Dec 16)
Re: cve request: libbfd? Alexander Cherepanov (Nov 21)
Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
Re: CVE request: out-of-bounds memory access flaw in unrtf Alexander Cherepanov (Dec 11)
CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 18)
CVE request: dir traversal in elfutils Alexander Cherepanov (Dec 28)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov (Nov 17)
Re: Location of OS security audit reports Alexander Cherepanov (Nov 20)
Re: Imagemagick fuzzing bug Alexander Cherepanov (Dec 24)
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Dec 11)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 15)
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov (Nov 23)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov (Oct 28)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
CVE Request: LibreOffice -- several issues Alexander Cherepanov (Nov 26)
Re: more unzip issues Alexander Cherepanov (Nov 03)
Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
Alex Gaynor
CVE request: Python, standard library HTTP clients Alex Gaynor (Dec 10)
Re: request for CVEs for git clients Alex Gaynor (Dec 18)
Re: is MD5 finally dead? Alex Gaynor (Nov 04)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Alex Gaynor (Oct 14)
Alistair Crooks
ftp(1) can be made execute arbitrary commands by malicious webserver Alistair Crooks (Oct 28)
Amos Jeffries
Re: Fuzzing project brainstorming Amos Jeffries (Nov 20)
Re: How GNU/Linux distros deal with offset2lib attack? Amos Jeffries (Dec 18)
Andrea Barisani
[oCERT-2014-010] SoX input sanitization errors Andrea Barisani (Dec 22)
[oCERT-2014-009] JasPer input sanitization errors Andrea Barisani (Dec 04)
[oCERT-2014-012] JasPer input sanitization errors Andrea Barisani (Dec 18)
[oCERT-2014-011] UnZip input sanitization errors Andrea Barisani (Dec 22)
Andreas Barth
Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded Andreas Barth (Nov 06)
Andrew Nacin
Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 25)
Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 25)
Re: WordPress 4.0.1 Security Release Andrew Nacin (Nov 20)
Andrew Tappert
CVE Request: linux kernel net_get_random_once bug Andrew Tappert (Oct 01)
Andy Lutomirski
Re: CVE Request: Linux x86_64 userspace address leak Andy Lutomirski (Dec 28)
Linux user namespaces can bypass group-based restrictions Andy Lutomirski (Nov 17)
CVE-2014-7975: 0-day umount denial of service Andy Lutomirski (Oct 08)
Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 29)
CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski (Oct 21)
CVE-2014-7970: Linux VFS denial of service Andy Lutomirski (Oct 08)
Re: Linux user namespaces can bypass group-based restrictions Andy Lutomirski (Nov 19)
Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Andy Lutomirski (Dec 01)
Linux kernel: multiple x86_64 vulnerabilities Andy Lutomirski (Dec 15)
Re: CVE-2014-7975: 0-day umount denial of service Andy Lutomirski (Oct 09)
Re: CVE-2014-7970: Linux VFS denial of service Andy Lutomirski (Oct 17)
CVE Request: Linux 3.17 guest-triggerable KVM OOPS Andy Lutomirski (Oct 23)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski (Dec 05)
CVE Request: Linux kernel LDT handling bugs Andy Lutomirski (Nov 23)
CVE Request: Linux x86_64 userspace address leak Andy Lutomirski (Dec 18)
Ángel González
Re: Re: CVE request: lsyncd command injection Ángel González (Nov 25)
Antonio Radici
Re: Bug#771125: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Antonio Radici (Nov 27)
ArkanoiD
Re: Thoughts on Shellshock and beyond ArkanoiD (Oct 08)
Arun Babu Neelicattu
Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu (Oct 22)
CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal Arun Babu Neelicattu (Nov 26)
Bas Pape
Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
Re: Vulnerability fixed in Quassel? Bas Pape (Oct 24)
Bastien ROUCARIES
Imagemagick fuzzing bug Bastien ROUCARIES (Dec 24)
Re: Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
Stack smashing in libjpeg-turbo Bastien ROUCARIES (Nov 06)
Asking for CVE for imagemagick Bastien ROUCARIES (Nov 07)
Request cve for imagemagick security problem (DOS) Bastien ROUCARIES (Oct 29)
Re: Stack smashing in libjpeg-turbo Bastien ROUCARIES (Nov 22)
Bendler, Ehren
RE: attacking hsts through ntp Bendler, Ehren (Oct 20)
Ben Lincoln (0E1C7DBB - OSS)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS) (Oct 15)
Bernhard Hermann
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Bernhard Hermann (Nov 23)
Brandon Whaley
Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley (Oct 15)
Bryan Drewery
Re: Security advisory in Jenkins Bryan Drewery (Oct 07)
Re: Security advisory in Jenkins Bryan Drewery (Oct 01)
Caolán McNamara
Re: [Officesecurity] [oss-security] Re: CVE Request: LibreOffice -- several issues Caolán McNamara (Nov 26)
Carlos Alberto Lopez Perez
Re: Multiple disputed issues in util-vserver Carlos Alberto Lopez Perez (Oct 20)
Chad Vizino
tm_adopt() vulnerability in TORQUE Resource Manager Chad Vizino (Oct 02)
Chet Ramey
Re: Fwd: Non-upstream patches for bash Chet Ramey (Oct 19)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Chet Ramey (Oct 07)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
Re: Aftershock Chet Ramey (Oct 09)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
Re: More parser odities Chet Ramey (Oct 01)
Chris Cormack
CVE request: XSS issues in Koha Chris Cormack (Dec 26)
Chris Steipp
MediaWiki security release - 1.23.7 Chris Steipp (Dec 03)
Christey, Steven M.
RE: request for CVEs for git clients Christey, Steven M. (Dec 19)
coderman
Re: is MD5 finally dead? coderman (Nov 04)
Colin Mahns
Re: Healing the bash fork Colin Mahns (Oct 01)
Colm O hEigeartaigh
New security advisories released for Apache CXF Colm O hEigeartaigh (Oct 24)
New SSL/TLS vulnerabilities in Apache CXF Colm O hEigeartaigh (Dec 22)
cve-assign
Re: CVE Request: Qt Creator fails to verify SSH host key cve-assign (Nov 10)
Re: CVE Request: Linux kernel mac80211 plain text leak cve-assign (Nov 09)
Re: CVE Request: information disclosure in MantisBT attachments cve-assign (Nov 19)
Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) cve-assign (Dec 04)
Re: strings / libbfd crasher cve-assign (Oct 30)
Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 25)
Re: CVE request: icecast: possible leak of on-connect scripts cve-assign (Nov 20)
Re: blkid command injection cve-assign (Nov 26)
Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 cve-assign (Oct 18)
Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 20)
Re: CVE Request: Linux kernel LDT handling bugs cve-assign (Nov 25)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 04)
Re: CVE request: OpenVAS Manager SQL injection (OVSA20141128) cve-assign (Dec 02)
Re: perl-Razor-Agent logs to /razor-agent.log by default cve-assign (Oct 12)
Re: CVE Request: MantisBT SQL injection in view_all_set.php cve-assign (Nov 25)
Re: CVE Request(s): Getmail 4 cve-assign (Oct 06)
CVE-2014-7224 - Android accessibility and accessibilityTraversal vulnerability cve-assign (Oct 01)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 13)
Re: strings / libbfd crasher cve-assign (Oct 26)
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign (Nov 28)
Re: CVE-request: systemd-resolved DNS cache poisoning cve-assign (Nov 12)
Re: CVE request: TYPO3-EXT-SA-2014-013 cve-assign (Oct 17)
Re: CVE request for VDSM denial of service / oVirt cve-assign (Oct 08)
Re: Vulnerability fixed in Quassel? cve-assign (Oct 26)
Re: CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script cve-assign (Dec 05)
Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign (Nov 06)
Re: CVE Request for requests-kerberos cve-assign (Nov 06)
Re: WordPress 4.0.1 Security Release cve-assign (Nov 25)
CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock cve-assign (Oct 30)
Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7) cve-assign (Nov 06)
Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel cve-assign (Dec 31)
Re: CVE request: missing checks for small-sized files in hivex cve-assign (Dec 04)
Re: Stack smashing in libjpeg-turbo cve-assign (Nov 25)
Re: CVE request: lsyncd command injection cve-assign (Nov 19)
CVE-2014-8086 - Linux kernel ext4 race condition cve-assign (Oct 09)
Re: Request cve for imagemagick security problem cve-assign (Oct 30)
Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS cve-assign (Oct 02)
Re: Authentication Bypass in ROR Ecommerce cve-assign (Oct 11)
Re: CVE request: Canto Feed URL Parsing Command Line Injection cve-assign (Nov 26)
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records cve-assign (Dec 25)
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
Re: [security] Pending CVE assignments for SA-CORE-2014-006? cve-assign (Nov 20)
Re: CVE request: heap buffer overflow in ClamAV cve-assign (Nov 21)
Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver cve-assign (Oct 11)
Re: CVE Request: Linux x86_64 userspace address leak cve-assign (Dec 24)
Re: CVE request: Remote code execution via XSL extensions in SpagoBI cve-assign (Oct 02)
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 26)
Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload cve-assign (Nov 12)
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign (Nov 25)
Re: Asking for CVE for imagemagick cve-assign (Nov 11)
Re: Requesting a CVE for pip - Local DoS with predictable temp directory names cve-assign (Nov 19)
Re: CVE Request: ZNC NULL Pointer Dereference cve-assign (Dec 17)
Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign (Oct 21)
Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() cve-assign (Nov 26)
Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 cve-assign (Oct 24)
Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 cve-assign (Oct 09)
Re: CVE Request: CAPTCHA bypass in MantisBT cve-assign (Nov 26)
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign (Nov 28)
Re: Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling cve-assign (Nov 20)
Re: CVE request: out-of-bounds memory access flaw in unrtf cve-assign (Dec 04)
Re: CVE request for vulnerability in OpenStack Swift cve-assign (Oct 08)
Re: Linux user namespaces can bypass group-based restrictions - Linux kernel cve-assign (Nov 19)
Re: old CVE assignments for JQuery 1.10.0 cve-assign (Nov 14)
Re: gnome-shell lockscreen bypass with printscreen key cve-assign (Oct 02)
Re: Pending CVE assignments for SA-CORE-2014-006? cve-assign (Nov 20)
Re: CVE Request: Linux 3.17 guest-triggerable KVM OOPS cve-assign (Oct 24)
Re: CVE Request: smarty: secure mode bypass cve-assign (Oct 22)
Re: CVE Request: binutils -- directory traversal cve-assign (Nov 12)
Re: CVE request for check_diskio nagios/icinga plugin cve-assign (Nov 19)
Re: CVE request for vulnerability in OpenStack Nova cve-assign (Oct 21)
Re: CVE Request: LibreOffice -- several issues cve-assign (Nov 25)
Re: xfs directory hash ordering bug / Linux kernel cve-assign (Oct 01)
Re: CVE Request: polarssl cve-assign (Nov 06)
Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
Re: MediaWiki security release - 1.23.7 cve-assign (Dec 04)
Re: CVE request: cpio heap-based buffer overflow [was Re: [oss-security] so, can we do something about lesspipe? (+ a cpio bug to back up the argument)] cve-assign (Nov 26)
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign (Oct 07)
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required cve-assign (Oct 16)
Re: CVE request: glibc cve-assign (Dec 17)
Re: ftp(1) can be made execute arbitrary commands by malicious webserver cve-assign (Oct 28)
Re: strings / libbfd crasher cve-assign (Nov 04)
Re: CVE request: PHP Object Injection in MantisBT filter API cve-assign (Dec 05)
Re: strings / libbfd crasher cve-assign (Nov 12)
Re: CVE Request(s): Getmail 4 cve-assign (Oct 07)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign (Nov 19)
Re: CVE request: heap buffer overflow in PCRE cve-assign (Nov 20)
Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor cve-assign (Nov 14)
Re: CVE request for GitLab groups API cve-assign (Oct 30)
Re: CVE request: various security flaws in dokuwiki cve-assign (Oct 16)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign (Dec 05)
Re: [CVE Requests] rsync and librsync collisions cve-assign (Oct 12)
CVE-2014-8369 - Linux kernel iommu.c excessive unpinning cve-assign (Oct 24)
Re: CVE Request: systemd-shim DoS issue cve-assign (Oct 22)
Re: CVE request: Python, standard library HTTP clients cve-assign (Dec 11)
Re: PIE bypass using VDSO ASLR weakness cve-assign (Dec 26)
Re: Privilege Escalation via KDE Clock KCM polkit helper cve-assign (Nov 06)
Re: libyaml / YAML-LibYAML DoS cve-assign (Nov 28)
Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign (Dec 31)
Re: various sddm vulnerabilities cve-assign (Oct 05)
Re: CVE Request: linux kernel net_get_random_once bug cve-assign (Oct 01)
Re: gnome-shell lockscreen bypass with printscreen key cve-assign (Oct 03)
Re: CVE-2014-7970: Linux VFS denial of service cve-assign (Oct 17)
Re: CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] cve-assign (Nov 04)
Dag-Erling Smørgrav
Re: Abusing TZ for fun (and little profit) Dag-Erling Smørgrav (Oct 16)
Damien Cauquil
Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil (Nov 27)
CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil (Nov 27)
CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil (Nov 27)
Damien Millescamps
CVE request: heap buffer overflow in ClamAV Damien Millescamps (Nov 21)
Damien Regad
CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Damien Regad (Nov 07)
CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Nov 30)
CVE Request: CAPTCHA bypass in MantisBT Damien Regad (Nov 26)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 22)
Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Damien Regad (Nov 14)
CVE request: PHP Object Injection in MantisBT filter API Damien Regad (Nov 29)
CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 14)
CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability Damien Regad (Nov 07)
Re: CVE Request: information disclosure in MantisBT attachments Damien Regad (Nov 19)
CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script Damien Regad (Nov 29)
MantisBT 1.2.18 Released Damien Regad (Dec 07)
CVE-2014-6316: URL redirection issue in MantisBT Damien Regad (Dec 03)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 19)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad (Dec 05)
Re: MantisBT 1.2.18 Released Damien Regad (Dec 14)
Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554] Damien Regad (Nov 01)
CVE Request: MantisBT SQL injection in view_all_set.php Damien Regad (Nov 25)
SQL injection vulnerability in MantisBT SOAP API Damien Regad (Oct 30)
CVE Request: information disclosure in MantisBT attachments Damien Regad (Nov 15)
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad (Nov 15)
Daniele Bianco
[oCERT 2014-008] libFLAC multiple issues Daniele Bianco (Nov 25)
Daniel Kahn Gillmor
Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Daniel Kahn Gillmor (Nov 26)
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Daniel Kahn Gillmor (Nov 13)
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
Re: Re: Fuzzing project brainstorming Daniel Kahn Gillmor (Nov 20)
leap seconds and security [was: Re: can we talk about secure time?] Daniel Kahn Gillmor (Dec 21)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Daniel Kahn Gillmor (Oct 17)
Re: What is the "Grinch" polkit/wheel group issue? Daniel Kahn Gillmor (Dec 17)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Daniel Kahn Gillmor (Nov 17)
Re: can we talk about secure time? Daniel Kahn Gillmor (Dec 20)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Kahn Gillmor (Dec 05)
Re: Re: gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor (Oct 02)
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor (Oct 10)
Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: can we talk about secure time? Daniel Micay (Dec 20)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
Re: can we talk about secure time? Daniel Micay (Dec 21)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: What is the "Grinch" polkit/wheel group issue? Daniel Micay (Dec 17)
Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
Re: How GNU/Linux distros deal with offset2lib attack? Daniel Micay (Dec 07)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Re: PIE bypass using VDSO ASLR weakness Daniel Micay (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 10)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay (Dec 05)
Daniel Veditz
Re: CVE request: firefox: integer overflow Daniel Veditz (Nov 26)
Dan McDonald
Re: CVE Request for illumos distributions Dan McDonald (Dec 11)
Re: Abusing TZ for fun (and little profit) Dan McDonald (Oct 15)
CVE Request for illumos distributions Dan McDonald (Dec 08)
Dave Horsfall
Re: can we talk about secure time? Dave Horsfall (Dec 21)
Re: What does this PHP exploit do? Dave Horsfall (Oct 15)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall (Oct 29)
Re: can we talk about secure time? Dave Horsfall (Dec 22)
Of Shellshock and logfiles Dave Horsfall (Oct 09)
Re: unzip -l crasher Dave Horsfall (Nov 03)
What does this PHP exploit do? Dave Horsfall (Oct 10)
Re: OpenSSL RSA 1024 bits implementation broken? Dave Horsfall (Oct 06)
Re: automated phishing email Dave Horsfall (Oct 06)
Re: Some weird Apache redirection exploit? Dave Horsfall (Nov 01)
Some weird Apache redirection exploit? Dave Horsfall (Oct 30)
Re: unzip -t crasher Dave Horsfall (Nov 02)
Re: unzip -l crasher Dave Horsfall (Nov 03)
Re: Abusing TZ for fun (and little profit) Dave Horsfall (Oct 15)
Dave Rutherford
Re: strings / libbfd crasher Dave Rutherford (Oct 23)
David A. Wheeler
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 14)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler (Oct 05)
Who named shellshock? David A. Wheeler (Oct 06)
Stéphane Chazelas: How *DID* you find Shellshock? David A. Wheeler (Oct 08)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
Re: Separating code and data David A. Wheeler (Oct 07)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
Re: Healing the bash fork David A. Wheeler (Oct 02)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
Re: Healing the bash fork David A. Wheeler (Oct 06)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler (Oct 05)
Apple goto fail - lessons that should be learned David A. Wheeler (Nov 26)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 09)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 08)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 15)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler (Oct 05)
Re: Apple goto fail - lessons that should be learned David A. Wheeler (Nov 26)
Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler (Oct 03)
Re: CVE request: Python, standard library HTTP clients David A. Wheeler (Dec 10)
Re: Thoughts on Shellshock and beyond David A. Wheeler (Oct 07)
David Cramer
CVE Request David Cramer (Dec 08)
Re: CVE Request David Cramer (Dec 08)
David Edmundson
Privilege Escalation via KDE Clock KCM polkit helper David Edmundson (Nov 04)
David Jorm
2012 CVE request: XXE in nokogiri ruby gem David Jorm (Dec 29)
CVE request: Remote code execution via XSL extensions in SpagoBI David Jorm (Oct 01)
David Leon Gil
0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil (Oct 10)
Re: HKPS [was 0xdeadbeef] David Leon Gil (Oct 10)
Re: 0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil (Oct 10)
David White
CVE-2014-8104 - Critical OpenVPN DoS Vulnerability David White (Dec 03)
Re: OpenSSL RSA 1024 bits implementation broken? David White (Oct 06)
Dāvis Mosāns
Re: Re: libyaml / YAML-LibYAML DoS Dāvis Mosāns (Nov 28)
Dawa Ometto
CVE request: remote code execution vulnerability in gollum < 4.0.1 Dawa Ometto (Dec 04)
Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 Dawa Ometto (Dec 18)
Dean Pierce
Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce (Dec 17)
Debian Bug Tracking System
Bug#771125: Info received ([oss-security] CVE request: mutt: heap-based buffer overflow in mutt_substrdup()) Debian Bug Tracking System (Nov 27)
dmc
Re: liability dmc (Oct 09)
Donald Stufft
Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft (Nov 17)
Re: Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft (Nov 19)
Ed Prevost
Re: Who named shellshock? Ed Prevost (Oct 06)
Re: Who named shellshock? Ed Prevost (Oct 06)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
Egidio Romano
CVE Rejection Request: CVE-2014-7983 Joomla com_contact Persistent XSS Egidio Romano (Oct 13)
Elad Alfassa
Re: What is the "Grinch" polkit/wheel group issue? Elad Alfassa (Dec 17)
endeavor
CVE Request: libpng 1.6.15 Heap Overflow endeavor (Dec 22)
Eric Blake
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 06)
Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Eric Blake (Nov 26)
Re: Shellshock timeline Eric Blake (Oct 03)
Re: Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
Re: random number generators - rand(), random(), etc Eric Blake (Nov 07)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake (Oct 03)
Eric Covener
CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener (Nov 28)
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener (Nov 28)
Eric Windisch
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch (Dec 11)
Docker 1.3.2 - Security Advisory [24 Nov 2014] Eric Windisch (Nov 24)
Fabian Keil
Re: Buffer overflow in antiword 0.37 Fabian Keil (Dec 04)
Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 04)
Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 05)
Buffer overflow in antiword 0.37 Fabian Keil (Dec 01)
Felix Eckhofer
Re: unzip -l crasher Felix Eckhofer (Nov 03)
Fiedler Roman
AW: parse_datetime() bug in coreutils Fiedler Roman (Nov 25)
AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
AW: Multiple disputed issues in util-vserver Fiedler Roman (Oct 21)
AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
AW: Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Dec 15)
O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman (Nov 26)
Re: Multiple disputed issues in util-vserver Fiedler Roman (Dec 15)
Multiple disputed issues in util-vserver Fiedler Roman (Oct 14)
flapflap
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG flapflap (Oct 10)
Florent Daigniere
Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere (Dec 06)
Florian Weimer
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 13)
Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
Additional authority files Florian Weimer (Nov 12)
Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 15)
Re: Healing the bash fork Florian Weimer (Oct 01)
Re: can we talk about secure time? Florian Weimer (Dec 21)
Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
CVE assignment for POODLE Florian Weimer (Oct 15)
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 17)
CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) Florian Weimer (Dec 02)
Re: Who named shellshock? Florian Weimer (Oct 07)
Re: CVE request: procmail heap overflow in getlline() Florian Weimer (Dec 04)
Connected UDP sockets and kernel queuing (CVE-2014-6512) Florian Weimer (Oct 17)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Florian Weimer (Dec 05)
CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue Florian Weimer (Nov 02)
Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 10)
mailx issues (CVE-2004-2771, CVE-2014-7844) Florian Weimer (Dec 16)
Re: CVE Request(s): libgcrypt Florian Weimer (Dec 29)
Re: Who named shellshock? Florian Weimer (Oct 07)
CVE request: glibc Florian Weimer (Dec 15)
Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 07)
Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer (Nov 12)
Re: can we talk about secure time? Florian Weimer (Dec 21)
Re: Thoughts on Shellshock and beyond Florian Weimer (Oct 12)
Re: Two rpm flaws Florian Weimer (Dec 09)
OpenBSD signify and "fingerprint" Florian Weimer (Dec 29)
Re: SSL POODLE Florian Weimer (Oct 15)
Embargoes for secondary issues Florian Weimer (Dec 18)
Re: Healing the bash fork Florian Weimer (Oct 06)
Francisco Alonso
CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Francisco Alonso (Nov 20)
Grandma Eubanks
Re: What is the "Grinch" polkit/wheel group issue? Grandma Eubanks (Dec 17)
Grant Murphy
[OSSA-2014-041] Glance v2 API unrestricted path traversal Grant Murphy (Dec 23)
[grant.murphy () hp com: [oss-security] CVE request for vulnerability in OpenStack Glance] Grant Murphy (Dec 22)
Greg KH
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 06)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 18)
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Greg KH (Nov 14)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
Re: Healing the bash fork Greg KH (Oct 01)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 19)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
Re: Healing the bash fork Greg KH (Oct 01)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 07)
Re: PIE bypass using VDSO ASLR weakness Greg KH (Dec 11)
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH (Dec 18)
gremlin
Re: postgresql: pg_dump creates world-readable dump gremlin (Dec 07)
Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin (Oct 14)
Grond
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond (Oct 19)
Gunnar Wolf
Re: Pending CVE assignments for SA-CORE-2014-006? Gunnar Wolf (Nov 20)
Gynvael Coldwind
Re: Imagemagick fuzzing bug Gynvael Coldwind (Dec 25)
Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Gynvael Coldwind (Nov 19)
Re: Fuzzing project brainstorming Gynvael Coldwind (Nov 20)
Re: Imagemagick fuzzing bug Gynvael Coldwind (Dec 24)
Hannes Frederic Sowa
Re: CVE Request: linux kernel net_get_random_once bug Hannes Frederic Sowa (Oct 01)
xfs directory hash ordering bug Hannes Frederic Sowa (Oct 01)
Hanno Böck
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 08)
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 21)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Hanno Böck (Oct 05)
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 25)
Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 08)
Re: attacking hsts through ntp Hanno Böck (Oct 16)
Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 03)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck (Nov 07)
Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck (Nov 26)
Re: can we talk about secure time? Hanno Böck (Dec 21)
Re: file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117 Hanno Böck (Dec 16)
Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Hanno Böck (Nov 14)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Hanno Böck (Oct 04)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
Re: automated phishing email Hanno Böck (Oct 06)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 18)
Re: Apple goto fail - lessons that should be learned Hanno Böck (Nov 26)
Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
Re: attacking hsts through ntp Hanno Böck (Oct 17)
Re: RE: strings /libbfd crash Hanno Böck (Nov 03)
Re: PowerDNS Security Advisory 2014-02 Hanno Böck (Dec 09)
Re: More parser odities Hanno Böck (Oct 01)
Re: unzip -l crasher Hanno Böck (Nov 03)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 06)
Fuzzing project brainstorming Hanno Böck (Nov 20)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
Re: Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Hanno Böck (Nov 23)
can we talk about secure time? Hanno Böck (Dec 20)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 15)
openssh on linux rce in sftp-only mode Hanno Böck (Oct 08)
attacking hsts through ntp Hanno Böck (Oct 16)
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Hanno Böck (Oct 14)
Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
Re: strings / libbfd crasher Hanno Böck (Oct 24)
strings / libbfd crasher Hanno Böck (Oct 23)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 20)
Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 16)
CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS Hanno Böck (Oct 02)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 18)
Re: attacking hsts through ntp Hanno Böck (Oct 18)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
Re: Healing the bash fork Hanno Böck (Oct 01)
Re: can we talk about secure time? Hanno Böck (Dec 21)
Re: PIE bypass using VDSO ASLR weakness Hanno Böck (Dec 11)
Re: SSL POODLE Hanno Böck (Oct 15)
OpenBSD patch issue also affects GNU patch Hanno Böck (Nov 25)
Re: Fuzzing project brainstorming Hanno Böck (Nov 20)
CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Hanno Böck (Oct 13)
Re: Request cve for imagemagick security problem (DOS) Hanno Böck (Oct 29)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
more unzip issues Hanno Böck (Nov 03)
Re: attacking hsts through ntp Hanno Böck (Oct 16)
Re: Imagemagick fuzzing bug Hanno Böck (Dec 24)
Re: strings / libbfd crasher Hanno Böck (Oct 24)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck (Nov 17)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
The Fuzzing Project Hanno Böck (Nov 23)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 04)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck (Dec 05)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck (Oct 14)
Re: attacking hsts through ntp Hanno Böck (Oct 16)
Re: Thoughts on Shellshock and beyond Hanno Böck (Oct 07)
more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Hanno Böck (Oct 01)
Hector Marco
Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 11)
Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco (Dec 04)
Henri Salo
CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo (Nov 11)
Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Henri Salo (Nov 27)
CVE request: MyBB 1.8.3 & 1.6.16 security releases Henri Salo (Dec 10)
Please reject CVE-2014-8585 Henri Salo (Nov 26)
WordPress 4.0.1 Security Release Henri Salo (Nov 20)
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo (Dec 16)
CVE request: TYPO3-CORE-SA-2014-003 Henri Salo (Dec 11)
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress Henri Salo (Dec 02)
CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo (Dec 16)
CVE request: Canto Feed URL Parsing Command Line Injection Henri Salo (Nov 26)
CVE request: Reflected XSS in Nibbleblog <= v4.0.1 Henri Salo (Dec 10)
Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo (Nov 11)
CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Henri Salo (Oct 18)
CVE request: TYPO3-EXT-SA-2014-013 Henri Salo (Oct 17)
CVE request: procmail heap overflow in getlline() Henri Salo (Dec 03)
Re: CVE request: Reflected XSS in Nibbleblog <= v4.0.1 Henri Salo (Dec 28)
Henry, Bobby
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Henry, Bobby (Oct 01)
Re: Who named shellshock? Henry, Bobby (Oct 06)
Hua Q
Any patch fixe CVE-2014-7186 and CVE-2014-7187 on Bash 3.2 Hua Q (Oct 01)
Huzaifa Sidhpurwala
CVE question: Return of POODLE Huzaifa Sidhpurwala (Dec 08)
Two rpm flaws Huzaifa Sidhpurwala (Dec 09)
Ian Cordasco
Re: libyaml / YAML-LibYAML DoS Ian Cordasco (Nov 28)
CVE Request for requests-kerberos Ian Cordasco (Nov 04)
Re: CVE Request for requests-kerberos Ian Cordasco (Nov 04)
Ingy dot Net
Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
Re: libyaml / YAML-LibYAML DoS Ingy dot Net (Nov 28)
Ipstenu (Mika Epstein)
Re: Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Ipstenu (Mika Epstein) (Dec 16)
ishish
Re: Truly scary SSL 3.0 vuln to be revealed soon: ishish (Oct 16)
Jakub Wilk
Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk (Nov 17)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk (Nov 17)
Re: Abusing TZ for fun (and little profit) Jakub Wilk (Dec 14)
Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
Abusing TZ for fun (and little profit) Jakub Wilk (Oct 15)
unzip -t crasher Jakub Wilk (Nov 02)
Re: Re: strings / libbfd crasher Jakub Wilk (Oct 27)
Re: CC'ing external lists/bugs Jakub Wilk (Nov 29)
Jann Horn
Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
Re: openssh on linux rce in sftp-only mode Jann Horn (Oct 08)
Re: Re: strings / libbfd crasher Jann Horn (Nov 02)
Re: What does this PHP exploit do? Jann Horn (Oct 10)
Jan Rusnacko
Re: CVE assignment for POODLE Jan Rusnacko (Oct 15)
Jason A. Donenfeld
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 10)
CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld (Nov 06)
Jason Cooper
Re: Healing the bash fork Jason Cooper (Oct 01)
Re: Healing the bash fork Jason Cooper (Oct 01)
Javier Nieto
CVE request for Apache Traffic Server Javier Nieto (Nov 06)
jb
random number generators - rand(), random(), etc jb (Nov 07)
Re: random number generators - rand(), random(), etc jb (Nov 07)
Jen Savage
Re: Who named shellshock? Jen Savage (Oct 06)
Jeremy Stanley
Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
[OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) Jeremy Stanley (Oct 14)
Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley (Oct 06)
CVE request for vulnerability in OpenStack Nova Jeremy Stanley (Oct 13)
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Jeremy Stanley (Nov 13)
CVE request for vulnerability in OpenStack Swift Jeremy Stanley (Oct 07)
jihyun.jang
RE: binary-patching bash jihyun.jang (Oct 01)
jmm
Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm (Nov 25)
John Haxby
Re: vulnerability in rsyslog John Haxby (Oct 06)
Re: can we talk about secure time? John Haxby (Dec 22)
Re: Thoughts on Shellshock and beyond John Haxby (Oct 09)
Re: Thoughts on Shellshock and beyond John Haxby (Oct 07)
Re: Thoughts on Shellshock and beyond John Haxby (Oct 12)
Re: libyaml / YAML-LibYAML DoS John Haxby (Nov 28)
Jonathan Gray
Re: Re: libyaml / YAML-LibYAML DoS Jonathan Gray (Nov 28)
libyaml / YAML-LibYAML DoS Jonathan Gray (Nov 27)
Jon Hart
Re: What does this PHP exploit do? Jon Hart (Oct 10)
Jose R R
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 06)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 05)
Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R (Oct 04)
Josh Bressers
Re: openssh on linux rce in sftp-only mode Josh Bressers (Oct 08)
Re: openssh on linux rce in sftp-only mode Josh Bressers (Oct 08)
Joshua J. Drake
Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake (Dec 03)
Joshua Roers
Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers (Nov 15)
Off-by-one question Joshua Roers (Nov 21)
Joshua Rogers
CVE Request: Graphviz format string vuln Joshua Rogers (Nov 24)
CVE Request(s): libgcrypt Joshua Rogers (Dec 29)
Re: The Fuzzing Project Joshua Rogers (Nov 23)
CVE Request: libsndfile buffer overread Joshua Rogers (Dec 25)
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 07)
Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Dec 31)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers (Nov 16)
Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers (Nov 17)
Re: Location of OS security audit reports Joshua Rogers (Nov 16)
Re: CVE Request: Graphviz format string vuln Joshua Rogers (Nov 30)
Re: Re: CVE Request: Graphviz format string vuln Joshua Rogers (Dec 09)
Re: Off-by-one question Joshua Rogers (Nov 22)
CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 05)
Re: Re: Location of OS security audit reports Joshua Rogers (Nov 20)
libbfd / bfd Joshua Rogers (Dec 26)
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers (Nov 06)
CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
Re: CVE Request: libsndfile buffer overread Joshua Rogers (Dec 31)
libsndfile DoS/divide-by-zero Joshua Rogers (Dec 24)
Re: CVE Request(s): libgcrypt Joshua Rogers (Dec 29)
RE: strings /libbfd crash Joshua Rogers (Nov 03)
CVE Request(s): GnuPG 2/GPG2 Joshua Rogers (Dec 29)
Re: The Fuzzing Project Joshua Rogers (Nov 28)
Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers (Nov 19)
Jouni Malinen
wpa_cli and hostapd_cli action script execution vulnerability Jouni Malinen (Oct 09)
J. Tozo
Graylog2-Web LDAP Injection - CVE-2014-9217 J. Tozo (Dec 22)
Julien Cristau
Re: request for CVEs for git clients Julien Cristau (Dec 20)
Re: postgresql: pg_dump creates world-readable dump Julien Cristau (Dec 07)
Karthik Kambatla
Apache Hadoop 2.5.2 release to fix CVE-2014-3627 Karthik Kambatla (Dec 03)
Karthik Rangarajan
CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan (Nov 09)
Re: CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan (Nov 12)
Kees Cook
Re: Offset2lib: bypassing full ASLR on 64bit Linux Kees Cook (Dec 04)
Kobrin, Eric
Re: More parser odities Kobrin, Eric (Oct 01)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
Re: Thoughts on Shellshock and beyond Kobrin, Eric (Oct 09)
More parser odities Kobrin, Eric (Oct 01)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric (Oct 03)
Kohsuke Kawaguchi
Security advisory in Jenkins Kohsuke Kawaguchi (Oct 01)
Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 06)
Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 07)
Re: Security advisory in Jenkins Kohsuke Kawaguchi (Oct 03)
Krassimir Tzvetanov
Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov (Oct 14)
Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov (Oct 14)
Kristian Fiskerstrand
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kristian Fiskerstrand (Oct 10)
Kurt Seifried
Re: attacking hsts through ntp Kurt Seifried (Oct 16)
Re: WordPress 4.0.1 Security Release Kurt Seifried (Nov 20)
Re: can we talk about secure time? Kurt Seifried (Dec 21)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Kurt Seifried (Oct 05)
perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried (Oct 12)
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kurt Seifried (Oct 10)
Re: attacking hsts through ntp Kurt Seifried (Oct 16)
Re: Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried (Oct 07)
Re: Re: Security advisory in Jenkins Kurt Seifried (Oct 06)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
Re: CVE request: Remote code execution via XSL extensions in SpagoBI Kurt Seifried (Oct 01)
Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released! Kurt Seifried (Nov 18)
Re: attacking hsts through ntp Kurt Seifried (Oct 16)
Re: What is the "Grinch" polkit/wheel group issue? Kurt Seifried (Dec 17)
Re: Of Shellshock and logfiles Kurt Seifried (Oct 09)
is MD5 finally dead? Kurt Seifried (Nov 04)
Re: CVE Request for requests-kerberos Kurt Seifried (Nov 04)
Re: Re: gnome-shell lockscreen bypass with printscreen key Kurt Seifried (Oct 04)
Re: Fuzzing project brainstorming Kurt Seifried (Nov 20)
CVE for net-mail/dbmail-3.2.2: CRAM-MD5 authentication bypass Kurt Seifried (Dec 30)
Re: attacking hsts through ntp Kurt Seifried (Oct 16)
CVE request for emacs possibly Kurt Seifried (Dec 30)
CVE REJECT CVE-2014-3605 Kurt Seifried (Nov 25)
request for CVEs for git clients Kurt Seifried (Dec 18)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Kurt Seifried (Nov 18)
CVE-2014-3712 Katello: user parameters passed to to_sym Kurt Seifried (Oct 22)
Re: Re: perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried (Oct 12)
Re: Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver Kurt Seifried (Oct 11)
Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried (Oct 07)
Re: CVE request: procmail heap overflow in getlline() Kurt Seifried (Dec 04)
Re: request for CVEs for git clients Kurt Seifried (Dec 18)
Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried (Oct 07)
Re: CVE request for VDSM denial of service Kurt Seifried (Oct 08)
ping on CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Kurt Seifried (Nov 03)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried (Oct 28)
Lance Davis
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Lance Davis (Oct 04)
Larry Cashdollar
Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry Cashdollar (Nov 18)
Larry W. Cashdollar
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Larry W. Cashdollar (Dec 16)
Re: Who named shellshock? Larry W. Cashdollar (Oct 06)
Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry W. Cashdollar (Nov 17)
Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 20)
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar (Oct 16)
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar (Nov 05)
Re: Who named shellshock? Larry W. Cashdollar (Oct 06)
lazytyped
Re: How GNU/Linux distros deal with offset2lib attack? lazytyped (Dec 06)
Lionel Debroux
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Lionel Debroux (Nov 23)
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 07)
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 06)
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux (Dec 18)
Loganaden Velvindron
Re: How GNU/Linux distros deal with offset2lib attack? Loganaden Velvindron (Dec 06)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron (Dec 09)
Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
Re: Thoughts on Shellshock and beyond Loganaden Velvindron (Oct 07)
Re: Healing the bash fork Loganaden Velvindron (Oct 01)
Lord Tuskington
CVE request: Cyanogenmod MITM Lord Tuskington (Oct 19)
Re: CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
CVE request: remote code execution in Android CTS Lord Tuskington (Oct 19)
Luca Carettoni
Re: Security advisory in Jenkins Luca Carettoni (Oct 03)
Lukas Odzioba
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba (Dec 26)
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba (Dec 25)
Lukas Reschke
Re: attacking hsts through ntp Lukas Reschke (Oct 16)
Luke Mewburn
tnftp 20141031 released to resolve CVE-2014-8517. Luke Mewburn (Oct 31)
mancha
Re: Re: strings / libbfd crasher mancha (Nov 03)
sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha (Oct 07)
Re: Aftershock (was: Shellshocker - Repository of "Shellshock" Proof of Concept Code) mancha (Oct 08)
Re: Re: neuter the poodle mancha (Oct 18)
Re: unzip -t crasher mancha (Nov 02)
Re: strings / libbfd crasher mancha (Oct 24)
CVE Request(s): Getmail 4 mancha (Oct 06)
Re: strings / libbfd crasher mancha (Oct 23)
Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
Re: unzip -t crasher mancha (Nov 03)
Re: Re: strings / libbfd crasher mancha (Nov 05)
Re: unzip -t crasher mancha (Nov 03)
Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha (Oct 14)
CVE Request: Info-ZIP unzip 6.0 mancha (Dec 22)
Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
Re: CVE Request(s): Getmail 4 mancha (Oct 06)
Re: strings / libbfd crasher mancha (Oct 24)
Re: Re: strings / libbfd crasher mancha (Nov 03)
Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified mancha (Nov 20)
Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 03)
Re: sysklogd vulnerability (CVE-2014-3634) mancha (Oct 06)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha (Oct 06)
Re: RE: strings /libbfd crash mancha (Nov 03)
neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) mancha (Oct 17)
Re: OpenBSD signify and "fingerprint" mancha (Dec 30)
Marc Chadwick
Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
Marc Deslauriers
CVE Request: systemd-shim DoS issue Marc Deslauriers (Oct 22)
Marcus Krause
Re: Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Marcus Krause (Oct 18)
Marcus Meissner
CVE Request: Linux kernel: ttusb-dec: overflow by descriptor Marcus Meissner (Nov 14)
CVE Request: Linux kernel mac80211 plain text leak Marcus Meissner (Nov 06)
Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Marcus Meissner (Nov 21)
What is the "Grinch" polkit/wheel group issue? Marcus Meissner (Dec 17)
CVE Request: polarssl Marcus Meissner (Nov 03)
Marina Glancy
Moodle security issues are now public Marina Glancy (Nov 17)
Mario Vilas
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas (Oct 20)
Mark Felder
Re: Truly scary SSL 3.0 vuln to be revealed soon: Mark Felder (Oct 17)
Mark Kipyegon
Re: Re: Location of OS security audit reports Mark Kipyegon (Nov 20)
Martin Bříza
Re: various sddm vulnerabilities Martin Bříza (Oct 02)
Martin Carpenter
Re: unzip -l crasher Martin Carpenter (Nov 03)
unzip -l crasher Martin Carpenter (Nov 03)
Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
Re: unzip -l crasher Martin Carpenter (Nov 03)
Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
Martino Dell'Ambrogio
Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio (Dec 04)
Re: PIE bypass using VDSO ASLR weakness Martino Dell'Ambrogio (Dec 09)
Martin Pool
Re: [CVE Requests] rsync and librsync collisions Martin Pool (Oct 12)
Martin Prpic
CVE request: missing checks for small-sized files in hivex Martin Prpic (Nov 25)
CVE request: XSS flaw fixed in dokuwiki 2014-09-29b Martin Prpic (Dec 15)
Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b Martin Prpic (Dec 15)
Re: CVE request: missing checks for small-sized files in hivex Martin Prpic (Dec 01)
CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server Martin Prpic (Dec 16)
CVE request: various security flaws in dokuwiki Martin Prpic (Oct 13)
Mason Loring Bliss
Re: automated phishing email Mason Loring Bliss (Oct 06)
automated phishing email Mason Loring Bliss (Oct 06)
Mateusz Jurczyk
Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Mateusz Jurczyk (Dec 10)
Mathias Krause
Re: PIE bypass using VDSO ASLR weakness Mathias Krause (Dec 09)
Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause (Dec 18)
Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause (Dec 19)
Matthew Daley
Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Matthew Daley (Nov 26)
Matt U
Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Matt U (Dec 03)
Max Mühlbronner
Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Max Mühlbronner (Dec 03)
Mehaffey, John
RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John (Nov 20)
Separating code and data Mehaffey, John (Oct 07)
Menkhus, Mark (Global Cyber Security SSRT)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
Michael Gilbert
cve request: miniunzip directory traversal Michael Gilbert (Dec 31)
Michael Samuel
Re: Re: CVE request: lsyncd command injection Michael Samuel (Nov 21)
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Michael Samuel (Oct 13)
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Michael Samuel (Oct 14)
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Michael Samuel (Nov 23)
Re: CVE Request: Qt Creator fails to verify SSH host key Michael Samuel (Nov 06)
Re: is MD5 finally dead? Michael Samuel (Nov 04)
Re: is MD5 finally dead? Michael Samuel (Nov 04)
Re: attacking hsts through ntp Michael Samuel (Oct 16)
Michael Scherer
CVEs request: Incorrect temporary file handling && silent code execution in Tomb, a commandline tool to easily operate encryption of secret data Michael Scherer (Oct 19)
Michal Zalewski
Re: random number generators - rand(), random(), etc Michal Zalewski (Nov 07)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 16)
Re: Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
Re: attacking hsts through ntp Michal Zalewski (Oct 16)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Michal Zalewski (Nov 07)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Re: Who named shellshock? Michal Zalewski (Oct 06)
Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Michal Zalewski (Nov 23)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 03)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 07)
Re: Healing the bash fork Michal Zalewski (Sep 30)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 01)
Re: Re: strings / libbfd crasher Michal Zalewski (Oct 26)
Re: Re: strings / libbfd crasher Michal Zalewski (Oct 27)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 09)
Re: Who named shellshock? Michal Zalewski (Oct 06)
Re: More parser odities Michal Zalewski (Oct 01)
Re: strings / libbfd crasher Michal Zalewski (Oct 24)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
Re: strings / libbfd crasher Michal Zalewski (Oct 24)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 17)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 15)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 17)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski (Oct 29)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
Re: strings / libbfd crasher Michal Zalewski (Oct 24)
Re: strings / libbfd crasher Michal Zalewski (Oct 23)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Michal Zalewski (Oct 05)
cve request: libbfd? Michal Zalewski (Oct 25)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski (Nov 18)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Re: Healing the bash fork Michal Zalewski (Sep 30)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)
Re: Fuzzing project brainstorming Michal Zalewski (Nov 20)
Re: Re: strings / libbfd crasher Michal Zalewski (Nov 04)
Re: Who named shellshock? Michal Zalewski (Oct 06)
Re: Thoughts on Shellshock and beyond Michal Zalewski (Oct 08)
Mike Hommey
Re: Offset2lib: bypassing full ASLR on 64bit Linux Mike Hommey (Dec 08)
Mike O'Connor
Re: CVE request: Cyanogenmod MITM Mike O'Connor (Oct 19)
Moritz Muehlenhoff
Re: CVE request: mpfr: buffer overflow in mpfr_strtofr Moritz Muehlenhoff (Dec 29)
Moritz Mühlenhoff
Re: parse_datetime() bug in coreutils Moritz Mühlenhoff (Dec 28)
M.T. Roebuck
Re: Fuzzing project brainstorming M.T. Roebuck (Nov 20)
Re: Location of OS security audit reports M.T. Roebuck (Nov 19)
Re: Fuzzing project brainstorming M.T. Roebuck (Nov 21)
Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
Re: Location of OS security audit reports M.T. Roebuck (Nov 20)
Re: Location of OS security audit reports M.T. Roebuck (Nov 19)
Location of OS security audit reports M.T. Roebuck (Nov 16)
Murphy, Grant Charles
CVE request for vulnerability in OpenStack Glance Murphy, Grant Charles (Dec 15)
Murray McAllister
CVE request: icecast: possible leak of on-connect scripts Murray McAllister (Nov 19)
krb5: kadmin NULL pointer dereference issues, CVE-2014-5353 and CVE-2014-5354 Murray McAllister (Dec 15)
Re: CVE request: heap buffer overflow in PCRE Murray McAllister (Nov 20)
Re: unzip -t crasher Murray McAllister (Nov 02)
CVE request: cpio heap-based buffer overflow [was Re: [oss-security] so, can we do something about lesspipe? (+ a cpio bug to back up the argument)] Murray McAllister (Nov 24)
Re: Buffer overflow in antiword 0.37 Murray McAllister (Dec 01)
CVE-2014-3691, foreman-proxy: failure to verify SSL certificates Murray McAllister (Oct 08)
Re: blkid command injection Murray McAllister (Nov 27)
CVE request: lsyncd command injection Murray McAllister (Nov 18)
file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117 Murray McAllister (Dec 15)
CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Murray McAllister (Nov 26)
CVE-2014-8566 and CVE-2014-8567: mod_auth_mellon issues affecting users of 0.8.0 Murray McAllister (Nov 03)
CVE request: OpenVAS Manager SQL injection (OVSA20141128) Murray McAllister (Nov 30)
CVE request: Zend Framework ZF2014-05 and ZF2014-06 Murray McAllister (Oct 09)
Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Murray McAllister (Nov 26)
ncl () cock li
Re: can we talk about secure time? ncl () cock li (Dec 20)
Nguyen Cong
Re: Location of OS security audit reports Nguyen Cong (Nov 17)
Re: Re: Location of OS security audit reports Nguyen Cong (Nov 19)
Nicholas Clifton
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Nicholas Clifton (Nov 11)
Nick Kralevich
Re: CVE request: remote code execution in Android CTS Nick Kralevich (Oct 19)
Nicolas Gaudin
RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Nicolas Gaudin (Dec 03)
Nicolas Vigier
Re: What is the "Grinch" polkit/wheel group issue? Nicolas Vigier (Dec 17)
Niklas Kielblock
Re: Re: Location of OS security audit reports Niklas Kielblock (Nov 20)
Nikos Mavrogiannopoulos
Re: neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) Nikos Mavrogiannopoulos (Oct 18)
Re: Re: neuter the poodle Nikos Mavrogiannopoulos (Oct 18)
Paul Pluzhnikov
Re: Offset2lib: bypassing full ASLR on 64bit Linux Paul Pluzhnikov (Dec 05)
Paul Richards
Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards (Nov 15)
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Paul Richards (Dec 05)
Pavel Labushev
Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev (Dec 05)
Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 07)
Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 14)
Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 11)
Re: Thoughts on Shellshock and beyond Pavel Labushev (Oct 09)
Peter Bex
Re: Healing the bash fork Peter Bex (Sep 30)
Peter G Spera
Shellshocker - Repository of "Shellshock" Proof of Concept Code Peter G Spera (Oct 06)
Peter van Dijk
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 09)
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 12)
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
PowerDNS Security Advisory 2014-02 Peter van Dijk (Dec 08)
Peter Wolanin
Re: [security] Pending CVE assignments for SA-CORE-2014-006? Peter Wolanin (Nov 20)
Petr Matousek
CVE-2014-7842 Linux kernel: kvm: reporting emulation failures to userspace Petr Matousek (Nov 13)
CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS Petr Matousek (Nov 13)
Linux kernel: SCTP issues Petr Matousek (Nov 13)
CVE-2014-4877 wget: FTP symlink arbitrary filesystem access Petr Matousek (Oct 27)
kvm issues Petr Matousek (Oct 24)
CVE-2014-8106 qemu: cirrus: insufficient blit region checks Petr Matousek (Dec 04)
CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet Petr Matousek (Nov 13)
Phil Pennock
Re: attacking hsts through ntp Phil Pennock (Oct 17)
Pierre Schweitzer
Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
Re: What does this PHP exploit do? Pierre Schweitzer (Oct 10)
CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
Re: What does this PHP exploit do? Pierre Schweitzer (Oct 10)
Re: What does this PHP exploit do? Pierre Schweitzer (Oct 11)
Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 15)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer (Oct 14)
Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 24)
OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer (Oct 06)
Re: CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer (Dec 01)
CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer (Nov 18)
Re: Vulnerability fixed in Quassel? Pierre Schweitzer (Oct 25)
Re: CVE request: denial of service in suricata Pierre Schweitzer (Dec 12)
P J P
Re: CVE Request: Linux x86_64 userspace address leak P J P (Dec 26)
Re: CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock P J P (Dec 13)
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P (Dec 25)
CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P (Dec 17)
P Richards
RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards (Dec 05)
RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards (Nov 14)
RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards (Dec 05)
RE: SQL injection vulnerability in MantisBT SOAP API P Richards (Oct 30)
Radzykewycz, T (Radzy)
RE: [security-vendor] [oss-security] Additional authority files Radzykewycz, T (Radzy) (Nov 12)
RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Radzykewycz, T (Radzy) (Nov 18)
Rainer Gerhards
Re: vulnerability in rsyslog Rainer Gerhards (Oct 06)
Re: vulnerability in rsyslog Rainer Gerhards (Oct 06)
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 03)
Re: vulnerability in rsyslog Rainer Gerhards (Oct 05)
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 05)
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards (Oct 03)
Raphael Geissert
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 17)
Re: Embargoes for secondary issues Raphael Geissert (Dec 18)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 18)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert (Nov 17)
Reed Loden
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden (Oct 14)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden (Dec 05)
Re: request for CVEs for git clients Reed Loden (Dec 19)
Re: Re: Security advisory in Jenkins Reed Loden (Oct 06)
Remi Gacogne
Re: MantisBT 1.2.18 Released Remi Gacogne (Dec 08)
Rene Engelhard
Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues Rene Engelhard (Nov 27)
Reno Robert
Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 10)
Re: PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
PIE bypass using VDSO ASLR weakness Reno Robert (Dec 09)
rf
Re: CVE-2014-7975: 0-day umount denial of service rf (Oct 09)
Re: CVE-2014-7975: 0-day umount denial of service rf (Oct 10)
Richard Johnson
Re: can we talk about secure time? Richard Johnson (Dec 25)
Rich Felker
Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? Rich Felker (Oct 08)
Riot
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 04)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot (Oct 03)
Robert Scheck
CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp Robert Scheck (Dec 07)
Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
Re: postgresql: pg_dump creates world-readable dump Robert Scheck (Dec 07)
Zarafa WebAccess >= 6.40.4 affected by CVE-2013-2205, CVE-2013-2205 and CVE-2012-3414 Robert Scheck (Oct 23)
Robert Święcki
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki (Nov 07)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 17)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki (Nov 16)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki (Nov 16)
Exploitable issues in Linux perf/ftrace subsystems Robert Święcki (Nov 06)
Robert Watson
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 17)
Re: Thoughts on Shellshock and beyond Robert Watson (Oct 14)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 16)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson (Nov 17)
Rob Fuller
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Rob Fuller (Oct 05)
Russ Allbery
Re: Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded Russ Allbery (Nov 06)
Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
Re: request for CVEs for git clients Russ Allbery (Dec 18)
Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
Ryan Dewhurst
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst (Dec 16)
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst (Dec 16)
Salvatore Bonaccorso
Pending CVE assignments for SA-CORE-2014-006? Salvatore Bonaccorso (Nov 19)
CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 Salvatore Bonaccorso (Dec 21)
CVE Request: MiniUPnPd: several issues Salvatore Bonaccorso (Dec 09)
Re: CVE Request: MiniUPnPd: several issues Salvatore Bonaccorso (Dec 29)
CVE Request: PHP: out of bounds read crashes php-cgi Salvatore Bonaccorso (Dec 31)
CVE request: teeworlds: security issues fixed in 0.6.3 release Salvatore Bonaccorso (Nov 25)
CVE Request: buffer overflow in ksba_oid_to_str in Libksba Salvatore Bonaccorso (Nov 25)
CVE Request: Linux: Remote crash via batman-adv module Salvatore Bonaccorso (Dec 31)
CVE Request: smarty: secure mode bypass Salvatore Bonaccorso (Oct 22)
Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 Salvatore Bonaccorso (Dec 29)
Santiago Vila
Re: CVE request: procmail heap overflow in getlline() Santiago Vila (Dec 04)
Sean Amoss
CVE Request: ZNC NULL Pointer Dereference Sean Amoss (Dec 13)
Sebastian Krahmer
shim RCE Sebastian Krahmer (Oct 13)
CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 12)
Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 12)
Re: blkid command injection Sebastian Krahmer (Dec 02)
Re: blkid command injection Sebastian Krahmer (Dec 15)
blkid command injection Sebastian Krahmer (Nov 26)
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer (Nov 14)
various sddm vulnerabilities Sebastian Krahmer (Oct 01)
Seth Arnold
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold (Nov 18)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold (Nov 18)
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold (Nov 06)
parse_datetime() bug in coreutils Seth Arnold (Nov 24)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold (Dec 05)
Shawn
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Shawn (Dec 05)
Re: How GNU/Linux distros deal with offset2lib attack? Shawn (Dec 08)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
How GNU/Linux distros deal with offset2lib attack? Shawn (Dec 05)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
Re: How GNU/Linux distros deal with offset2lib attack? Shawn (Dec 07)
Siddharth Sharma
Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver Siddharth Sharma (Oct 09)
Simon McVittie
CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636 Simon McVittie (Nov 10)
Re: Off-by-one question Simon McVittie (Nov 22)
Re: vulnerability in rsyslog Simon McVittie (Oct 06)
Re: Re: Linux user namespaces can bypass group-based restrictions Simon McVittie (Nov 20)
smkr
CVE-2014-1572 - [SECURITY] The 'realname' parameter is not correctly filtered on user account... smkr (Oct 06)
Solar Designer
how to unsubscribe (Re: binary-patching bash) Solar Designer (Oct 01)
Re: More parser odities Solar Designer (Oct 01)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
Re: Re: Location of OS security audit reports Solar Designer (Nov 20)
Re: Who named shellshock? Solar Designer (Oct 06)
Re: More parser odities Solar Designer (Oct 01)
Re: More parser odities Solar Designer (Oct 01)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
Re: Who named shellshock? Solar Designer (Oct 06)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer (Oct 02)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 06)
Re: Running Java across a privilege boundry Solar Designer (Nov 25)
Re: Running Java across a privilege boundry Solar Designer (Nov 23)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
Re: Who named shellshock? Solar Designer (Oct 07)
Re: Security advisory in Jenkins Solar Designer (Oct 01)
"New Class of Vulnerability in Perl Web Applications" Solar Designer (Oct 07)
Re: sysklogd vulnerability (CVE-2014-3634) Solar Designer (Oct 03)
Re: tm_adopt() vulnerability in TORQUE Resource Manager Solar Designer (Oct 02)
Re: Security advisory in Jenkins Solar Designer (Oct 01)
CC'ing external lists/bugs (Re: [oss-security] Bug#771125: Info received ([oss-security] CVE request: mutt: heap-based buffer overflow in mutt_substrdup())) Solar Designer (Nov 27)
Re: Security advisory in Jenkins Solar Designer (Oct 01)
list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Oct 15)
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Solar Designer (Dec 16)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 07)
Re: More parser odities Solar Designer (Oct 01)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 05)
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer (Nov 03)
Re: CVE Request Solar Designer (Dec 08)
Re: Running Java across a privilege boundry Solar Designer (Dec 08)
Re: is MD5 finally dead? Solar Designer (Nov 04)
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer (Oct 07)
liability (was: Re: Thoughts on Shellshock and beyond) Solar Designer (Oct 09)
Sona Sarmadi
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 01)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 07)
Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 14)
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 06)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 15)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi (Oct 05)
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi (Oct 16)
Soroush Dalili
CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer" Soroush Dalili (Nov 15)
Stefan Horst
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst (Oct 15)
Stephane Chazelas
Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
Re: Shellshock timeline Stephane Chazelas (Oct 03)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 04)
Re: Thoughts on Shellshock and beyond Stephane Chazelas (Oct 08)
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas (Oct 03)
Re: Shellshock timeline Stephane Chazelas (Oct 03)
stephane.chazelas
Re: Stéphane Chazelas: How *DID* you find Shellshock? stephane.chazelas (Oct 08)
Stephen Röttger
Re: attacking hsts through ntp Stephen Röttger (Oct 17)
Re: attacking hsts through ntp Stephen Röttger (Oct 20)
Steve Grubb
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 09)
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb (Dec 10)
Steve Jones
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Steve Jones (Oct 04)
Steve Kemp
Re: CVE Request - dns-sync node module Steve Kemp (Dec 05)
CVE Request - dns-sync node module Steve Kemp (Nov 11)
Re: OpenSSL RSA 1024 bits implementation broken? Steve Kemp (Oct 06)
Steven M. Christey
Re: Re: CVE Request: Graphviz format string vuln Steven M. Christey (Dec 01)
Re: CVE question: Return of POODLE Steven M. Christey (Dec 09)
Steven Morgan
Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released! Steven Morgan (Nov 18)
Stuart D. Gathman
Re: Healing the bash fork Stuart D. Gathman (Oct 01)
Stuart Gathman
Re: Off-by-one question Stuart Gathman (Nov 22)
Stuart Henderson
Re: can we talk about secure time? Stuart Henderson (Dec 20)
Re: ftp(1) can be made execute arbitrary commands by malicious webserver Stuart Henderson (Oct 28)
Sven Kieske
Re: Location of OS security audit reports Sven Kieske (Nov 20)
Re: Fuzzing project brainstorming Sven Kieske (Nov 20)
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske (Nov 07)
Fwd: [langsec-discuss] 2nd LangSec workshop at IEEE S&P CFP and website Sven Kieske (Nov 20)
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Sven Kieske (Nov 20)
Re: vulnerability in rsyslog Sven Kieske (Oct 05)
Re: The Fuzzing Project Sven Kieske (Nov 23)
Re: vulnerability in rsyslog Sven Kieske (Oct 06)
Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 07)
Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
Re: Linux kernel: SCTP issues Sven Kieske (Nov 15)
Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
Re: Thoughts on Shellshock and beyond Sven Kieske (Oct 09)
Re: CVE request for VDSM denial of service Sven Kieske (Oct 08)
Sven Schwedas
Re: Re: CVE request: lsyncd command injection Sven Schwedas (Nov 26)
Tavis Ormandy
Re: More parser odities Tavis Ormandy (Oct 01)
Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
Ted Unangst
Re: OpenBSD signify and "fingerprint" Ted Unangst (Dec 29)
Tero Marttila
Re: CVE request: procmail heap overflow in getlline() Tero Marttila (Dec 03)
Thierry Carrez
[OSSA 2014-034] Swift metadata constraints are not correctly enforced (CVE-2014-7960) Thierry Carrez (Oct 09)
Thijs Kinkhorst
libxml2 issue: billioun laughs variant (CVE-2014-3660) Thijs Kinkhorst (Oct 17)
Tim
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 07)
Re: attacking hsts through ntp Tim (Oct 17)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: Thoughts on Shellshock and beyond Tim (Oct 09)
Re: Thoughts on Shellshock and beyond Tim (Oct 08)
Re: attacking hsts through ntp Tim (Oct 17)
Re: Some weird Apache redirection exploit? Tim (Oct 30)
Tim Brown
Running Java across a privilege boundry Tim Brown (Nov 22)
Re: Running Java across a privilege boundry Tim Brown (Dec 18)
Re: Running Java across a privilege boundry Tim Brown (Nov 22)
Timothy D. Morgan
Command Injection in mime-support/run-mailcap (CVE-2014-7209) Timothy D. Morgan (Dec 31)
timo . warns
Re: CVE Request: LibreOffice -- several issues timo . warns (Nov 19)
Tobias Stoeckmann
Re: OpenBSD patch issue also affects GNU patch Tobias Stoeckmann (Nov 26)
Todd C. Miller
Re: What is the "Grinch" polkit/wheel group issue? Todd C. Miller (Dec 17)
Tomas Hoger
CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7) Tomas Hoger (Nov 05)
Re: Healing the bash fork Tomas Hoger (Oct 01)
Tomek Rabczak
Authentication Bypass in ROR Ecommerce Tomek Rabczak (Oct 09)
Tracy Reed
Re: Location of OS security audit reports Tracy Reed (Nov 19)
Re: Re: Location of OS security audit reports Tracy Reed (Nov 19)
Re: Thoughts on Shellshock and beyond Tracy Reed (Oct 09)
Re: Thoughts on Shellshock and beyond Tracy Reed (Oct 08)
Tristan Cacqueray
[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608) Tristan Cacqueray (Oct 02)
[OSSA 2014-036] Potential leak of passwords into log files (CVE-2014-7230, CVE-2014-7231) Tristan Cacqueray (Oct 15)
[OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124) Tristan Cacqueray (Dec 09)
Re: Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove Tristan Cacqueray (Oct 06)
[OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641) Tristan Cacqueray (Oct 02)
[OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821) Tristan Cacqueray (Nov 19)
[OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) Tristan Cacqueray (Oct 21)
[OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708) Tristan Cacqueray (Oct 28)
[OSSA 2014-039.1] Neutron DoS through invalid DNS configuration (CVE-2014-7821) ERRATA 1 Tristan Cacqueray (Dec 10)
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray (Oct 20)
Tute Costa
CSRF vulnerability in doorkeeper OAuth provider rubygem Tute Costa (Dec 17)
Tute Costa - thoughtbot
[CVE-2014-8144] CSRF vulnerability in doorkeeper Tute Costa - thoughtbot (Dec 17)
Valery Sizov
CVE request for GitLab groups API Valery Sizov (Oct 30)
Vasyl Kaigorodov
CVE request: heap buffer overflow in PCRE Vasyl Kaigorodov (Nov 20)
Re: MantisBT 1.2.18 Released Vasyl Kaigorodov (Dec 08)
CVE request: firefox: integer overflow Vasyl Kaigorodov (Nov 24)
Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Vasyl Kaigorodov (Nov 21)
Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)
Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Vasyl Kaigorodov (Dec 10)
CVE request: mpfr: buffer overflow in mpfr_strtofr Vasyl Kaigorodov (Dec 08)
Victor Julien
Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
Re: CVE request: denial of service in suricata Victor Julien (Dec 12)
Vincent Danen
CVE request: denial of service flaw in firebird Vincent Danen (Dec 09)
Re: CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 04)
CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 03)
old CVE assignments for JQuery 1.10.0 Vincent Danen (Nov 14)
CVE-2014-7828 FreeIPA 4.0/4.1 does not require password when OTP used Vincent Danen (Nov 05)
Vincent Lefevre
Re: Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr Vincent Lefevre (Dec 09)
Vitor Ventura
Re: openssh on linux rce in sftp-only mode Vitor Ventura (Oct 09)
Re: Re: Linux user namespaces can bypass group-based restrictions Vitor Ventura (Nov 20)
Re: Connected UDP sockets and kernel queuing (CVE-2014-6512) Vitor Ventura (Oct 17)
Vit Ry
Re: CVE Request: Graphviz format string vuln Vit Ry (Dec 01)
Wade Mealing
CVE request for VDSM denial of service Wade Mealing (Oct 08)
Walter Parker
Re: can we talk about secure time? Walter Parker (Dec 21)
Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker (Oct 14)
Werner Koch
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Werner Koch (Oct 10)
Xen . org security team
Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls Xen . org security team (Nov 18)
Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation Xen . org security team (Nov 27)
Xen Security Advisory 114 (CVE-2014-9065,CVE-2014-9066) - p2m lock starvation Xen . org security team (Dec 08)
Xen Security Advisory 113 (CVE-2014-9030) - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Xen . org security team (Nov 21)
Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Xen . org security team (Nov 20)
Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches Xen . org security team (Nov 18)
Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor Xen . org security team (Nov 27)
Xen Security Advisory 108 (CVE-2014-7188) - Improper MSR range used for x2APIC emulation Xen . org security team (Oct 01)
xiaoqixue_1
CVE Request, Use after free vulnerability in Dwarfdump xiaoqixue_1 (Dec 30)
Yury German
mpg123 CVE Assignment? Yury German (Dec 28)
Yury Gribov
Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
Yves-Alexis Perez
Re: attacking hsts through ntp Yves-Alexis Perez (Oct 18)
Re: Two rpm flaws Yves-Alexis Perez (Dec 09)
Re: openssh on linux rce in sftp-only mode Yves-Alexis Perez (Oct 09)
Re: attacking hsts through ntp Yves-Alexis Perez (Oct 17)
Zach Wikholm
Re: Healing the bash fork Zach Wikholm (Sep 30)
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Zach Wikholm (Oct 01)
Źmicier Januszkiewicz
Re: liability (was: Re: Thoughts on Shellshock and beyond) Źmicier Januszkiewicz (Oct 10)
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Źmicier Januszkiewicz (Nov 18)