oss-sec: by date

PreviousPrevious period
Next periodNext

1185 messages starting Sep 30 14 and ending Dec 31 14
Date index | Thread index | Author index

Tuesday, 30 September

Re: Healing the bash fork Michal Zalewski
Re: Healing the bash fork Michal Zalewski
Re: Healing the bash fork Zach Wikholm
Re: Healing the bash fork Peter Bex

Wednesday, 01 October

Re: Healing the bash fork Hanno Böck
Re: Healing the bash fork Jason Cooper
various sddm vulnerabilities Sebastian Krahmer
Xen Security Advisory 108 (CVE-2014-7188) - Improper MSR range used for x2APIC emulation Xen . org security team
RE: binary-patching bash jihyun.jang
Re: Healing the bash fork Tomas Hoger
how to unsubscribe (Re: binary-patching bash) Solar Designer
Re: Healing the bash fork Stuart D. Gathman
Re: Healing the bash fork Florian Weimer
Re: Healing the bash fork Greg KH
Re: Healing the bash fork Jason Cooper
Re: Healing the bash fork Greg KH
more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Hanno Böck
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
CVE Request: linux kernel net_get_random_once bug Andrew Tappert
Re: Healing the bash fork Loganaden Velvindron
Any patch fixe CVE-2014-7186 and CVE-2014-7187 on Bash 3.2‏‏ Hua Q
Re: Healing the bash fork Colin Mahns
Re: CVE Request: linux kernel net_get_random_once bug Hannes Frederic Sowa
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn
More parser odities Kobrin, Eric
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost
xfs directory hash ordering bug Hannes Frederic Sowa
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Zach Wikholm
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Henry, Bobby
Security advisory in Jenkins Kohsuke Kawaguchi
Re: Security advisory in Jenkins Solar Designer
Re: More parser odities Kobrin, Eric
Re: More parser odities Solar Designer
Re: More parser odities Tavis Ormandy
Re: More parser odities Solar Designer
Re: Security advisory in Jenkins Bryan Drewery
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
Re: More parser odities Chet Ramey
Re: Security advisory in Jenkins Solar Designer
Re: Security advisory in Jenkins Solar Designer
Re: More parser odities Michal Zalewski
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn
Re: xfs directory hash ordering bug / Linux kernel cve-assign
Re: CVE Request: linux kernel net_get_random_once bug cve-assign
Re: More parser odities Solar Designer
Re: More parser odities Solar Designer
CVE-2014-7224 - Android accessibility and accessibilityTraversal vulnerability cve-assign
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost
Re: More parser odities Hanno Böck
CVE request: Remote code execution via XSL extensions in SpagoBI David Jorm
Re: CVE request: Remote code execution via XSL extensions in SpagoBI Kurt Seifried
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi

Thursday, 02 October

Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski
CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS Hanno Böck
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski
[OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608) Tristan Cacqueray
Re: gnome-shell lockscreen bypass with printscreen key cve-assign
Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS cve-assign
Re: CVE request: Remote code execution via XSL extensions in SpagoBI cve-assign
Re: Re: gnome-shell lockscreen bypass with printscreen key Daniel Kahn Gillmor
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi
Re: various sddm vulnerabilities Martin Bříza
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT)
Re: Re: gnome-shell lockscreen bypass with printscreen key Alan Coopersmith
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT)
tm_adopt() vulnerability in TORQUE Resource Manager Chad Vizino
Re: tm_adopt() vulnerability in TORQUE Resource Manager Solar Designer
Re: Healing the bash fork David A. Wheeler
[OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641) Tristan Cacqueray

Friday, 03 October

sysklogd vulnerability (CVE-2014-3634) mancha
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi
Re: sysklogd vulnerability (CVE-2014-3634) mancha
Re: sysklogd vulnerability (CVE-2014-3634) Solar Designer
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards
Re: sysklogd vulnerability (CVE-2014-3634) mancha
Re: sysklogd vulnerability (CVE-2014-3634) mancha
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards
Re: sysklogd vulnerability (CVE-2014-3634) mancha
Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric
Re: gnome-shell lockscreen bypass with printscreen key cve-assign
Re: Shellshock timeline Stephane Chazelas
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas
Re: Shellshock timeline Stephane Chazelas
Re: Security advisory in Jenkins Kohsuke Kawaguchi
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Kobrin, Eric
Re: Shellshock timeline Eric Blake
Re: Security advisory in Jenkins Luca Carettoni
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot

Saturday, 04 October

Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Stephane Chazelas
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Hanno Böck
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Steve Jones
Re: Re: gnome-shell lockscreen bypass with printscreen key Kurt Seifried
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Riot
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Lance Davis
Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R

Sunday, 05 October

Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Michal Zalewski
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Hanno Böck
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) David A. Wheeler
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler
Re: sysklogd vulnerability (CVE-2014-3634) Rainer Gerhards
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Rob Fuller
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code David A. Wheeler
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Kurt Seifried
Re: vulnerability in rsyslog Sven Kieske
Re: vulnerability in rsyslog Rainer Gerhards
Re: various sddm vulnerabilities cve-assign

Monday, 06 October

Re: vulnerability in rsyslog Sven Kieske
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi
Re: vulnerability in rsyslog Rainer Gerhards
Re: sysklogd vulnerability (CVE-2014-3634) mancha
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Jose R R
CVE Request(s): Getmail 4 mancha
OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer
Re: vulnerability in rsyslog Simon McVittie
Re: vulnerability in rsyslog Rainer Gerhards
Re: vulnerability in rsyslog John Haxby
Shellshocker - Repository of "Shellshock" Proof of Concept Code Peter G Spera
Re: Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove Tristan Cacqueray
Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley
Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer
Re: OpenSSL RSA 1024 bits implementation broken? Jeremy Stanley
Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) Eric Blake
Re: CVE Request(s): Getmail 4 cve-assign
Re: Healing the bash fork Florian Weimer
Re: OpenSSL RSA 1024 bits implementation broken? Dave Horsfall
automated phishing email Mason Loring Bliss
Re: automated phishing email Hanno Böck
Re: automated phishing email Dave Horsfall
Re: automated phishing email Mason Loring Bliss
Re: CVE Request(s): Getmail 4 mancha
Re: Healing the bash fork David A. Wheeler
Re: OpenSSL RSA 1024 bits implementation broken? David White
Who named shellshock? David A. Wheeler
Re: OpenSSL RSA 1024 bits implementation broken? Pierre Schweitzer
Re: Who named shellshock? Jen Savage
Re: Who named shellshock? Michal Zalewski
Re: Who named shellshock? Larry W. Cashdollar
Re: Who named shellshock? Ed Prevost
CVE-2014-1572 - [SECURITY] The 'realname' parameter is not correctly filtered on user account... smkr
Re: Security advisory in Jenkins Kohsuke Kawaguchi
Re: OpenSSL RSA 1024 bits implementation broken? Steve Kemp
Re: Re: Security advisory in Jenkins Reed Loden
Re: Who named shellshock? Larry W. Cashdollar
Re: Re: Security advisory in Jenkins Kurt Seifried
Re: Who named shellshock? Henry, Bobby
Re: Who named shellshock? Solar Designer
Re: Who named shellshock? Michal Zalewski
Re: Who named shellshock? Michal Zalewski
Re: Who named shellshock? Solar Designer
Re: Who named shellshock? Ed Prevost
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha

Tuesday, 07 October

Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
Re: Who named shellshock? Florian Weimer
Re: Who named shellshock? Florian Weimer
Re: Who named shellshock? Solar Designer
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code mancha
Thoughts on Shellshock and beyond Hanno Böck
Re: Thoughts on Shellshock and beyond Loganaden Velvindron
Re: Thoughts on Shellshock and beyond Pavel Labushev
Re: Thoughts on Shellshock and beyond Hanno Böck
RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code Sona Sarmadi
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Solar Designer
"New Class of Vulnerability in Perl Web Applications" Solar Designer
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond Loganaden Velvindron
Re: Thoughts on Shellshock and beyond Sven Kieske
Re: Thoughts on Shellshock and beyond Pavel Labushev
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Florian Weimer
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Florian Weimer
Re: Thoughts on Shellshock and beyond John Haxby
Separating code and data Mehaffey, John
Re: CVE Request(s): Getmail 4 cve-assign
Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code Chet Ramey
Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried
Re: Security advisory in Jenkins Bryan Drewery
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign
Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried
CVE request for vulnerability in OpenStack Swift Jeremy Stanley
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign
Re: Discussion: information leakage from server and client software - CVE/hardening/other? Kurt Seifried
Re: Discussion: information leakage from server and client software - CVE/hardening/other? cve-assign
Re: Security advisory in Jenkins Kohsuke Kawaguchi
Re: Separating code and data David A. Wheeler
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond Michal Zalewski

Wednesday, 08 October

CVE request for VDSM denial of service Wade Mealing
Re: CVE request for vulnerability in OpenStack Swift cve-assign
openssh on linux rce in sftp-only mode Hanno Böck
Re: openssh on linux rce in sftp-only mode Jann Horn
Re: CVE request for VDSM denial of service Sven Kieske
Re: Thoughts on Shellshock and beyond Stephane Chazelas
Stéphane Chazelas: How *DID* you find Shellshock? David A. Wheeler
Re: Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? Rich Felker
Re: Thoughts on Shellshock and beyond Tim
Re: CVE request for VDSM denial of service Kurt Seifried
Re: Stéphane Chazelas: How *DID* you find Shellshock? stephane.chazelas
Re: CVE request for VDSM denial of service / oVirt cve-assign
Re: Aftershock (was: Shellshocker - Repository of "Shellshock" Proof of Concept Code) mancha
Re: openssh on linux rce in sftp-only mode Josh Bressers
CVE-2014-7970: Linux VFS denial of service Andy Lutomirski
CVE-2014-7975: 0-day umount denial of service Andy Lutomirski
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond Tracy Reed
Re: openssh on linux rce in sftp-only mode Jann Horn
Re: openssh on linux rce in sftp-only mode Josh Bressers
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond Tim
Re: openssh on linux rce in sftp-only mode Jann Horn
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond ArkanoiD
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Tim
Re: Thoughts on Shellshock and beyond Stephane Chazelas
CVE-2014-3691, foreman-proxy: failure to verify SSL certificates Murray McAllister

Thursday, 09 October

Re: openssh on linux rce in sftp-only mode Vitor Ventura
Re: Thoughts on Shellshock and beyond Sven Kieske
Re: openssh on linux rce in sftp-only mode Yves-Alexis Perez
Re: Thoughts on Shellshock and beyond Michal Zalewski
Re: Thoughts on Shellshock and beyond Sven Kieske
Re: Thoughts on Shellshock and beyond John Haxby
Re: CVE-2014-7975: 0-day umount denial of service rf
[OSSA 2014-034] Swift metadata constraints are not correctly enforced (CVE-2014-7960) Thierry Carrez
Re: Thoughts on Shellshock and beyond Kobrin, Eric
Re: Thoughts on Shellshock and beyond Tim
Re: CVE-2014-7975: 0-day umount denial of service Andy Lutomirski
Re: Thoughts on Shellshock and beyond Sven Kieske
CVE-2014-8086 - Linux kernel ext4 race condition cve-assign
Re: Thoughts on Shellshock and beyond Tracy Reed
Re: Thoughts on Shellshock and beyond David A. Wheeler
wpa_cli and hostapd_cli action script execution vulnerability Jouni Malinen
Re: Thoughts on Shellshock and beyond David A. Wheeler
Authentication Bypass in ROR Ecommerce Tomek Rabczak
Re: Thoughts on Shellshock and beyond David A. Wheeler
liability (was: Re: Thoughts on Shellshock and beyond) Solar Designer
Of Shellshock and logfiles Dave Horsfall
Re: Thoughts on Shellshock and beyond Pavel Labushev
Re: liability dmc
Re: Aftershock Chet Ramey
CVE request: Zend Framework ZF2014-05 and ZF2014-06 Murray McAllister
Re: Of Shellshock and logfiles Kurt Seifried
Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver Siddharth Sharma
Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 cve-assign

Friday, 10 October

Re: liability (was: Re: Thoughts on Shellshock and beyond) Źmicier Januszkiewicz
Re: Thoughts on Shellshock and beyond Florian Weimer
Re: CVE-2014-7975: 0-day umount denial of service rf
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor
0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kristian Fiskerstrand
Re: 0xdeadbeef comes of age: making keysteak with GnuPG David Leon Gil
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Daniel Kahn Gillmor
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG Kurt Seifried
Re: 0xdeadbeef comes of age: making keysteak with GnuPG Werner Koch
What does this PHP exploit do? Dave Horsfall
Re: What does this PHP exploit do? Jann Horn
Re: What does this PHP exploit do? Pierre Schweitzer
Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG flapflap
Re: HKPS [was 0xdeadbeef] David Leon Gil
Re: What does this PHP exploit do? Jon Hart
Re: What does this PHP exploit do? Pierre Schweitzer

Saturday, 11 October

Re: What does this PHP exploit do? Pierre Schweitzer
Re: Thoughts on Shellshock and beyond Pavel Labushev
Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver cve-assign
Re: Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver Kurt Seifried
Re: Authentication Bypass in ROR Ecommerce cve-assign

Sunday, 12 October

Re: Thoughts on Shellshock and beyond Florian Weimer
Re: Thoughts on Shellshock and beyond John Haxby
perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried
Re: perl-Razor-Agent logs to /razor-agent.log by default cve-assign
Re: Re: perl-Razor-Agent logs to /razor-agent.log by default Kurt Seifried
Re: [CVE Requests] rsync and librsync collisions Martin Pool
Re: [CVE Requests] rsync and librsync collisions cve-assign

Monday, 13 October

CVE request: various security flaws in dokuwiki Martin Prpic
shim RCE Sebastian Krahmer
CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Hanno Böck
CVE request for vulnerability in OpenStack Nova Jeremy Stanley
CVE Rejection Request: CVE-2014-7983 Joomla com_contact Persistent XSS Egidio Romano
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Michael Samuel
Re: CVE request for vulnerability in OpenStack Nova cve-assign

Tuesday, 14 October

Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Hanno Böck
Multiple disputed issues in util-vserver Fiedler Roman
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden
[OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) Jeremy Stanley
Re: Truly scary SSL 3.0 vuln to be revealed soon: Alex Gaynor
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden
Re: Thoughts on Shellshock and beyond Pavel Labushev
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required Michael Samuel
Re: Thoughts on Shellshock and beyond Robert Watson
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi
Re: Truly scary SSL 3.0 vuln to be revealed soon: Walter Parker
Re: SSL POODLE (Truly scary SSL 3.0 vuln) gremlin
Re: Truly scary SSL 3.0 vuln to be revealed soon: Reed Loden
Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer
Re: Truly scary SSL 3.0 vuln to be revealed soon: mancha
Re: SSL POODLE (Truly scary SSL 3.0 vuln) Krassimir Tzvetanov
Re: Truly scary SSL 3.0 vuln to be revealed soon: Krassimir Tzvetanov

Wednesday, 15 October

Re: SSL POODLE Florian Weimer
Re: SSL POODLE Hanno Böck
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi
Re: Truly scary SSL 3.0 vuln to be revealed soon: Brandon Whaley
list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer
Re: Truly scary SSL 3.0 vuln to be revealed soon: Pierre Schweitzer
Re: Thoughts on Shellshock and beyond Florian Weimer
CVE assignment for POODLE Florian Weimer
Re: Truly scary SSL 3.0 vuln to be revealed soon: Ben Lincoln (0E1C7DBB - OSS)
Re: Thoughts on Shellshock and beyond David A. Wheeler
Re: Truly scary SSL 3.0 vuln to be revealed soon: Hanno Böck
Re: CVE assignment for POODLE Jan Rusnacko
[OSSA 2014-036] Potential leak of passwords into log files (CVE-2014-7230, CVE-2014-7231) Tristan Cacqueray
Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability Stefan Horst
Abusing TZ for fun (and little profit) Jakub Wilk
Re: Abusing TZ for fun (and little profit) Dave Horsfall
Re: Abusing TZ for fun (and little profit) Dan McDonald
Re: What does this PHP exploit do? Dave Horsfall

Thursday, 16 October

Re: Truly scary SSL 3.0 vuln to be revealed soon: ishish
Re: Abusing TZ for fun (and little profit) Dag-Erling Smørgrav
attacking hsts through ntp Hanno Böck
Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required cve-assign
Re: attacking hsts through ntp Kurt Seifried
Re: CVE request: various security flaws in dokuwiki cve-assign
RE: Truly scary SSL 3.0 vuln to be revealed soon: Sona Sarmadi
Re: attacking hsts through ntp Lukas Reschke
Re: attacking hsts through ntp Hanno Böck
Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar
Re: attacking hsts through ntp Kurt Seifried
Re: attacking hsts through ntp Hanno Böck
Re: attacking hsts through ntp Michal Zalewski
Re: attacking hsts through ntp Kurt Seifried
Re: attacking hsts through ntp Hanno Böck
Re: attacking hsts through ntp Adam Langley
Re: attacking hsts through ntp Michael Samuel
Re: attacking hsts through ntp Kurt Seifried

Friday, 17 October

Re: attacking hsts through ntp Hanno Böck
Re: attacking hsts through ntp Yves-Alexis Perez
Re: attacking hsts through ntp Stephen Röttger
CVE request: TYPO3-EXT-SA-2014-013 Henri Salo
libxml2 issue: billioun laughs variant (CVE-2014-3660) Thijs Kinkhorst
Connected UDP sockets and kernel queuing (CVE-2014-6512) Florian Weimer
Re: attacking hsts through ntp Tim
Re: Connected UDP sockets and kernel queuing (CVE-2014-6512) Vitor Ventura
Re: CVE request: TYPO3-EXT-SA-2014-013 cve-assign
Re: Truly scary SSL 3.0 vuln to be revealed soon: Daniel Kahn Gillmor
neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) mancha
Re: attacking hsts through ntp Phil Pennock
Re: attacking hsts through ntp Tim
Re: CVE-2014-7970: Linux VFS denial of service Andy Lutomirski
Re: CVE-2014-7970: Linux VFS denial of service cve-assign
Re: Truly scary SSL 3.0 vuln to be revealed soon: Mark Felder

Saturday, 18 October

Re: neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) Nikos Mavrogiannopoulos
Re: Re: neuter the poodle mancha
Re: Re: neuter the poodle Nikos Mavrogiannopoulos
CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Henri Salo
Re: attacking hsts through ntp Hanno Böck
Re: attacking hsts through ntp Yves-Alexis Perez
Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 cve-assign
Re: Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 Marcus Krause

Sunday, 19 October

CVE request: remote code execution in Android CTS Lord Tuskington
CVE request: Cyanogenmod MITM Lord Tuskington
Re: CVE request: remote code execution in Android CTS Nick Kralevich
Re: CVE request: Cyanogenmod MITM Mike O'Connor
Re: Fwd: Non-upstream patches for bash Chet Ramey
Re: CVE request: remote code execution in Android CTS Lord Tuskington
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Grond
CVEs request: Incorrect temporary file handling && silent code execution in Tomb, a commandline tool to easily operate encryption of secret data Michael Scherer

Monday, 20 October

Re: attacking hsts through ntp Stephen Röttger
RE: attacking hsts through ntp Bendler, Ehren
CVE request for vulnerability in OpenStack Nova Tristan Cacqueray
Re: [FD] [oss-security] CVE request: remote code execution in Android CTS Mario Vilas
Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign
Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 Larry W. Cashdollar
Re: Multiple disputed issues in util-vserver Carlos Alberto Lopez Perez

Tuesday, 21 October

AW: Multiple disputed issues in util-vserver Fiedler Roman
Re: CVE request for vulnerability in OpenStack Nova cve-assign
Re: Vulnerabilities in WordPress Database Manager v2.7.1 cve-assign
CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski
[OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) Tristan Cacqueray

Wednesday, 22 October

CVE Request: systemd-shim DoS issue Marc Deslauriers
CVE-2014-3712 Katello: user parameters passed to to_sym Kurt Seifried
CVE Request: smarty: secure mode bypass Salvatore Bonaccorso
Re: CVE Request: smarty: secure mode bypass cve-assign
Re: CVE Request: systemd-shim DoS issue cve-assign
Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 Arun Babu Neelicattu

Thursday, 23 October

strings / libbfd crasher Hanno Böck
Re: strings / libbfd crasher Michal Zalewski
Re: strings / libbfd crasher Dave Rutherford
CVE Request: Linux 3.17 guest-triggerable KVM OOPS Andy Lutomirski
Re: strings / libbfd crasher mancha
Zarafa WebAccess >= 6.40.4 affected by CVE-2013-2205, CVE-2013-2205 and CVE-2012-3414 Robert Scheck

Friday, 24 October

Re: CVE Request: Linux 3.17 guest-triggerable KVM OOPS cve-assign
Vulnerability fixed in Quassel? Pierre Schweitzer
Re: Vulnerability fixed in Quassel? Bas Pape
Re: Vulnerability fixed in Quassel? Bas Pape
Re: strings / libbfd crasher mancha
Re: strings / libbfd crasher Hanno Böck
CVE-2014-8369 - Linux kernel iommu.c excessive unpinning cve-assign
New security advisories released for Apache CXF Colm O hEigeartaigh
kvm issues Petr Matousek
Re: strings / libbfd crasher Michal Zalewski
Re: strings / libbfd crasher Michal Zalewski
Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 cve-assign
Re: strings / libbfd crasher Hanno Böck
Re: strings / libbfd crasher Michal Zalewski
Re: strings / libbfd crasher mancha
Re: strings / libbfd crasher Tavis Ormandy

Saturday, 25 October

cve request: libbfd? Michal Zalewski
Re: Vulnerability fixed in Quassel? Pierre Schweitzer

Sunday, 26 October

Re: Vulnerability fixed in Quassel? cve-assign
Re: strings / libbfd crasher cve-assign
Re: Re: strings / libbfd crasher Hanno Böck
Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: Re: strings / libbfd crasher Michal Zalewski

Monday, 27 October

CVE-2014-4877 wget: FTP symlink arbitrary filesystem access Petr Matousek
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Re: strings / libbfd crasher Jakub Wilk

Tuesday, 28 October

Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov
[OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708) Tristan Cacqueray
ftp(1) can be made execute arbitrary commands by malicious webserver Alistair Crooks
Re: ftp(1) can be made execute arbitrary commands by malicious webserver Stuart Henderson
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Alexander Cherepanov
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Kurt Seifried
Re: ftp(1) can be made execute arbitrary commands by malicious webserver cve-assign

Wednesday, 29 October

Request cve for imagemagick security problem (DOS) Bastien ROUCARIES
Re: Request cve for imagemagick security problem (DOS) Hanno Böck
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski
Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace Andy Lutomirski
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Dave Horsfall
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Michal Zalewski

Thursday, 30 October

CVE request for GitLab groups API Valery Sizov
Some weird Apache redirection exploit? Dave Horsfall
Re: Some weird Apache redirection exploit? Tim
Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) Aaron Patterson
Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) Aaron Patterson
CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock cve-assign
[AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets Aaron Patterson
SQL injection vulnerability in MantisBT SOAP API Damien Regad
RE: SQL injection vulnerability in MantisBT SOAP API P Richards
RE: SQL injection vulnerability in MantisBT SOAP API P Richards
Re: SQL injection vulnerability in MantisBT SOAP API Damien Regad
Re: strings / libbfd crasher cve-assign
Re: CVE request for GitLab groups API cve-assign
Re: Request cve for imagemagick security problem cve-assign

Friday, 31 October

tnftp 20141031 released to resolve CVE-2014-8517. Luke Mewburn

Saturday, 01 November

Re: Some weird Apache redirection exploit? Dave Horsfall
Re: SQL injection vulnerability in MantisBT SOAP API [CVE-2014-8554] Damien Regad

Sunday, 02 November

CVE-2014-7207 assignment: Debian-specific Linux 3.2 backport issue Florian Weimer
unzip -t crasher Jakub Wilk
Re: unzip -t crasher Dave Horsfall
Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: Re: strings / libbfd crasher Hanno Böck
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Re: strings / libbfd crasher Jann Horn
Re: unzip -t crasher Murray McAllister
Re: unzip -t crasher mancha

Monday, 03 November

unzip -l crasher Martin Carpenter
Re: unzip -l crasher Martin Carpenter
Re: unzip -l crasher Felix Eckhofer
Re: unzip -l crasher Hanno Böck
Re: unzip -l crasher Dave Horsfall
Re: unzip -t crasher mancha
more unzip issues Hanno Böck
Re: more unzip issues Alexander Cherepanov
Re: unzip -l crasher Martin Carpenter
Re: unzip -l crasher Dave Horsfall
Re: unzip -t crasher mancha
RE: strings /libbfd crash Joshua Rogers
Re: RE: strings /libbfd crash Hanno Böck
Re: RE: strings /libbfd crash mancha
Re: Re: strings / libbfd crasher mancha
Re: Re: strings / libbfd crasher Michal Zalewski
CVE-2014-8566 and CVE-2014-8567: mod_auth_mellon issues affecting users of 0.8.0 Murray McAllister
Re: Re: strings / libbfd crasher mancha
Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) Solar Designer
ping on CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Kurt Seifried
CVE Request: polarssl Marcus Meissner

Tuesday, 04 November

Re: strings / libbfd crasher cve-assign
Re: CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] cve-assign
Privilege Escalation via KDE Clock KCM polkit helper David Edmundson
CVE Request: binutils -- directory traversal Alexander Cherepanov
Re: Re: strings / libbfd crasher Alexander Cherepanov
CVE Request for requests-kerberos Ian Cordasco
Re: CVE Request for requests-kerberos Kurt Seifried
Re: CVE Request for requests-kerberos Ian Cordasco
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: Re: strings / libbfd crasher Alexander Cherepanov
is MD5 finally dead? Kurt Seifried
Re: is MD5 finally dead? Michael Samuel
Re: is MD5 finally dead? Alex Gaynor
Re: is MD5 finally dead? Michael Samuel
Re: is MD5 finally dead? Solar Designer
Re: is MD5 finally dead? coderman

Wednesday, 05 November

CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7) Tomas Hoger
CVE-2014-7828 FreeIPA 4.0/4.1 does not require password when OTP used Vincent Danen
Re: Re: strings / libbfd crasher mancha
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities Larry W. Cashdollar
CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers

Thursday, 06 November

Re: CVE request: PHP xmlrpc date_from_ISO8601() buffer overflow (in php < 5.2.7) cve-assign
Re: CVE Request: polarssl cve-assign
CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld
Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded Andreas Barth
CVE Request: Linux kernel mac80211 plain text leak Marcus Meissner
CVE request for Apache Traffic Server Javier Nieto
Stack smashing in libjpeg-turbo Bastien ROUCARIES
Re: Stack smashing in libjpeg-turbo Michal Zalewski
Exploitable issues in Linux perf/ftrace subsystems Robert Święcki
Re: CVE Request: Qt Creator fails to verify SSH host key Michael Samuel
Re: CVE Request for requests-kerberos cve-assign
Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability cve-assign
Re: Privilege Escalation via KDE Clock KCM polkit helper cve-assign
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Seth Arnold
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers
Re: Stack smashing in libjpeg-turbo Michal Zalewski
Re: Re: Bug#742140: libpam-oath: PAM module does not check whether strdup allocations succeeded Russ Allbery
Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov

Friday, 07 November

Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Sven Kieske
Re: Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Rogers
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Michal Zalewski
Asking for CVE for imagemagick Bastien ROUCARIES
Re: Asking for CVE for imagemagick Bastien ROUCARIES
random number generators - rand(), random(), etc jb
Re: random number generators - rand(), random(), etc Michal Zalewski
Re: random number generators - rand(), random(), etc Eric Blake
Re: random number generators - rand(), random(), etc jb
Re: Re: random number generators - rand(), random(), etc Eric Blake
CVE-2014-7146: MantisBT XmlImportExport plugin PHP Code Injection Vulnerability Damien Regad
CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Damien Regad

Sunday, 09 November

Re: CVE Request: Linux kernel mac80211 plain text leak cve-assign
CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan

Monday, 10 November

CVE-2014-7824: D-Bus denial of service via incomplete fix for CVE-2014-3636 Simon McVittie
Re: CVE Request: Qt Creator fails to verify SSH host key cve-assign
Re: CVE Request: Qt Creator fails to verify SSH host key Jason A. Donenfeld

Tuesday, 11 November

Re: cve request: libbfd? Vasyl Kaigorodov
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Nicholas Clifton
CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo
Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload Henri Salo
CVE Request - dns-sync node module Steve Kemp
Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Asking for CVE for imagemagick cve-assign

Wednesday, 12 November

CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer
Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer
Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer
Re: CVE-request: systemd-resolved DNS cache poisoning cve-assign
Additional authority files Florian Weimer
RE: [security-vendor] [oss-security] Additional authority files Radzykewycz, T (Radzy)
Re: CVE Request: Multiple Vulnerabilities - XSS/Remote Code Injection in MODX Karthik Rangarajan
Re: CVE Request: binutils -- directory traversal cve-assign
Re: strings / libbfd crasher cve-assign
Re: CVE request: Joomla component com_sexycontactform and WordPress plugin sexy-contact-form unrestricted file upload cve-assign

Thursday, 13 November

Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer
CVE-2014-7843 Linux kernel: aarch64: copying from /dev/zero causes local DoS Petr Matousek
CVE-2014-7841 Linux kernel: net: sctp: NULL pointer dereference in af->from_addr_param on malformed packet Petr Matousek
CVE-2014-7842 Linux kernel: kvm: reporting emulation failures to userspace Petr Matousek
Linux kernel: SCTP issues Petr Matousek
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Daniel Kahn Gillmor
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Jeremy Stanley

Friday, 14 November

Re: Re: CVE-request: systemd-resolved DNS cache poisoning Sebastian Krahmer
Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Hanno Böck
CVE Request: Linux kernel: ttusb-dec: overflow by descriptor Marcus Meissner
Re: CVE-2014-8598: MantisBT XML Import/Export plugin unrestricted access Damien Regad
old CVE assignments for JQuery 1.10.0 Vincent Danen
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Greg KH
Re: CVE Request: Linux kernel: ttusb-dec: overflow by descriptor cve-assign
Re: old CVE assignments for JQuery 1.10.0 cve-assign
CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad
RE: CVE Request: XSS vulnerability in MantisBT 1.2.13 P Richards

Saturday, 15 November

Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad
Re: Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Paul Richards
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad
Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability Joshua Roers
CVE Request: information disclosure in MantisBT attachments Damien Regad
Re: Re: strings / libbfd crasher Alexander Cherepanov
Re: Re: strings / libbfd crasher Michal Zalewski
Re: Linux kernel: SCTP issues Sven Kieske
Re: Re: strings / libbfd crasher Alexander Cherepanov
CVE Request: "Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer" Soroush Dalili

Sunday, 16 November

Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki
Location of OS security audit reports M.T. Roebuck
Re: Location of OS security audit reports Joshua Rogers
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson

Monday, 17 November

Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk
Re: Location of OS security audit reports Nguyen Cong
Moodle security issues are now public Marina Glancy
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Święcki
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski
[CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Jakub Wilk
Linux user namespaces can bypass group-based restrictions Andy Lutomirski
Re: Re: CVE-request: systemd-resolved DNS cache poisoning Florian Weimer
Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Daniel Kahn Gillmor
Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry W. Cashdollar
Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Joshua Rogers
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Robert Watson
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski

Tuesday, 18 November

Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Raphael Geissert
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Źmicier Januszkiewicz
Xen Security Advisory 110 (CVE-2014-8595) - Missing privilege level checks in x86 emulation of far branches Xen . org security team
Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls Xen . org security team
RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Radzykewycz, T (Radzy)
Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability Larry Cashdollar
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Seth Arnold
CVE request: lsyncd command injection Murray McAllister
Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released! Steven Morgan
CVE Request: LibreOffice -- several issues Alexander Cherepanov
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov
Re: Fwd: [Clamav-devel] ClamAV(R) blog: ClamAV 0.98.5 has been released! Kurt Seifried
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Kurt Seifried
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Michal Zalewski
CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer

Wednesday, 19 November

Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Gynvael Coldwind
Re: CVE Request: information disclosure in MantisBT attachments Damien Regad
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad
Re: Location of OS security audit reports M.T. Roebuck
Re: Location of OS security audit reports M.T. Roebuck
Re: Re: Location of OS security audit reports Tracy Reed
Re: Location of OS security audit reports Tracy Reed
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Joshua Rogers
Re: Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft
Re: CVE Request: LibreOffice -- several issues timo . warns
[OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821) Tristan Cacqueray
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 cve-assign
Re: CVE Request: information disclosure in MantisBT attachments cve-assign
CVE request: icecast: possible leak of on-connect scripts Murray McAllister
Re: Linux user namespaces can bypass group-based restrictions Andy Lutomirski
Re: Re: Location of OS security audit reports Nguyen Cong
Pending CVE assignments for SA-CORE-2014-006? Salvatore Bonaccorso
Re: Linux user namespaces can bypass group-based restrictions - Linux kernel cve-assign
Re: CVE request: lsyncd command injection cve-assign
Re: Requesting a CVE for pip - Local DoS with predictable temp directory names cve-assign
Re: CVE request for check_diskio nagios/icinga plugin cve-assign

Thursday, 20 November

Re: Re: Linux user namespaces can bypass group-based restrictions Vitor Ventura
Re: RE: [security-vendor] Re: [oss-security] Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Sven Kieske
Re: Location of OS security audit reports Sven Kieske
Re: Re: Location of OS security audit reports Niklas Kielblock
Re: Re: Linux user namespaces can bypass group-based restrictions Simon McVittie
Re: Re: Location of OS security audit reports Mark Kipyegon
Re: Re: Location of OS security audit reports Solar Designer
Re: Location of OS security audit reports Alexander Cherepanov
Fuzzing project brainstorming Hanno Böck
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Alexander Cherepanov
Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less Hanno Böck
Re: Pending CVE assignments for SA-CORE-2014-006? Gunnar Wolf
CVE request: heap buffer overflow in PCRE Vasyl Kaigorodov
Re: Pending CVE assignments for SA-CORE-2014-006? cve-assign
Re: CVE request: icecast: possible leak of on-connect scripts cve-assign
Re: Fuzzing project brainstorming Kurt Seifried
[AMENDED] [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack Aaron Patterson
Re: Fuzzing project brainstorming Hanno Böck
Re: Fuzzing project brainstorming Sven Kieske
Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Xen . org security team
Re: Fuzzing project brainstorming Amos Jeffries
Re: Fuzzing project brainstorming M.T. Roebuck
Re: Fuzzing project brainstorming Gynvael Coldwind
Re: Location of OS security audit reports M.T. Roebuck
Re: Location of OS security audit reports M.T. Roebuck
Re: Re: Location of OS security audit reports Joshua Rogers
Re: Location of OS security audit reports M.T. Roebuck
Re: Location of OS security audit reports M.T. Roebuck
CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Francisco Alonso
Re: [security] Pending CVE assignments for SA-CORE-2014-006? Peter Wolanin
Re: Fuzzing project brainstorming Michal Zalewski
Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified mancha
Re: Fuzzing project brainstorming Hanno Böck
Re: Re: Fuzzing project brainstorming Hanno Böck
Re: Re: Fuzzing project brainstorming Daniel Kahn Gillmor
WordPress 4.0.1 Security Release Henri Salo
Fwd: [langsec-discuss] 2nd LangSec workshop at IEEE S&P CFP and website Sven Kieske
Re: Fuzzing project brainstorming Michal Zalewski
RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John
Re: [security] Pending CVE assignments for SA-CORE-2014-006? cve-assign
Re: WordPress 4.0.1 Security Release Kurt Seifried
Re: WordPress 4.0.1 Security Release Andrew Nacin
Re: Fuzzing project brainstorming Alexander Cherepanov
Re: CVE request: heap buffer overflow in PCRE Murray McAllister
Re: CVE request: heap buffer overflow in PCRE cve-assign
Re: Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling cve-assign
Re: Fuzzing project brainstorming Gynvael Coldwind

Friday, 21 November

Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Vasyl Kaigorodov
Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Marcus Meissner
Re: Re: CVE request: lsyncd command injection Michael Samuel
CVE request: heap buffer overflow in ClamAV Damien Millescamps
Xen Security Advisory 113 (CVE-2014-9030) - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Xen . org security team
Re: cve request: libbfd? Vasyl Kaigorodov
Re: cve request: libbfd? Alexander Cherepanov
Re: Fuzzing project brainstorming M.T. Roebuck
Re: CVE request: heap buffer overflow in ClamAV cve-assign
Off-by-one question Joshua Roers

Saturday, 22 November

Re: Off-by-one question Simon McVittie
Re: CVE Request: XSS vulnerability in MantisBT 1.2.13 Damien Regad
Running Java across a privilege boundry Tim Brown
Re: Off-by-one question Stuart Gathman
Re: Running Java across a privilege boundry Russ Allbery
Re: Running Java across a privilege boundry Marc Chadwick
Re: Running Java across a privilege boundry Russ Allbery
Re: Stack smashing in libjpeg-turbo Bastien ROUCARIES
Re: Running Java across a privilege boundry Tim Brown
Re: Off-by-one question Joshua Rogers

Sunday, 23 November

so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Michal Zalewski
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Hanno Böck
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Bernhard Hermann
Re: Running Java across a privilege boundry Solar Designer
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov
The Fuzzing Project Hanno Böck
Re: The Fuzzing Project Joshua Rogers
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Lionel Debroux
CVE Request: Linux kernel LDT handling bugs Andy Lutomirski
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Michael Samuel
Re: The Fuzzing Project Sven Kieske

Monday, 24 November

CVE request: firefox: integer overflow Vasyl Kaigorodov
Docker 1.3.2 - Security Advisory [24 Nov 2014] Eric Windisch
parse_datetime() bug in coreutils Seth Arnold
CVE request: cpio heap-based buffer overflow [was Re: [oss-security] so, can we do something about lesspipe? (+ a cpio bug to back up the argument)] Murray McAllister
CVE Request: Graphviz format string vuln Joshua Rogers

Tuesday, 25 November

AW: parse_datetime() bug in coreutils Fiedler Roman
[oCERT 2014-008] libFLAC multiple issues Daniele Bianco
CVE request: missing checks for small-sized files in hivex Martin Prpic
CVE Request: buffer overflow in ksba_oid_to_str in Libksba Salvatore Bonaccorso
CVE REJECT CVE-2014-3605 Kurt Seifried
CVE request: teeworlds: security issues fixed in 0.6.3 release Salvatore Bonaccorso
Re: WordPress 4.0.1 Security Release Andrew Nacin
Re: WordPress 4.0.1 Security Release Andrew Nacin
Re: WordPress 4.0.1 Security Release cve-assign
Re: Re: CVE request: icecast: possible leak of on-connect scripts jmm
CVE Request: MantisBT SQL injection in view_all_set.php Damien Regad
Re: Re: CVE request: lsyncd command injection Ángel González
OpenBSD patch issue also affects GNU patch Hanno Böck
Re: OpenBSD patch issue also affects GNU patch Alan Coopersmith
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck
Re: Running Java across a privilege boundry Solar Designer
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign
Re: CVE request: icecast: possible leak of on-connect scripts cve-assign
Re: CVE Request: Linux kernel LDT handling bugs cve-assign
Re: CVE Request: MantisBT SQL injection in view_all_set.php cve-assign
Re: CVE Request: LibreOffice -- several issues cve-assign
Re: Stack smashing in libjpeg-turbo cve-assign

Wednesday, 26 November

Re: OpenBSD patch issue also affects GNU patch Tobias Stoeckmann
O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman
Re: Re: CVE request: lsyncd command injection Sven Schwedas
Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Eric Blake
blkid command injection Sebastian Krahmer
AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman
Re: Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov
Re: CVE Request: LibreOffice -- several issues Alexander Cherepanov
Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Daniel Kahn Gillmor
Re: [Officesecurity] [oss-security] Re: CVE Request: LibreOffice -- several issues Caolán McNamara
CVE Request: CAPTCHA bypass in MantisBT Damien Regad
Re: CVE request: cpio heap-based buffer overflow [was Re: [oss-security] so, can we do something about lesspipe? (+ a cpio bug to back up the argument)] cve-assign
Re: blkid command injection cve-assign
Apple goto fail - lessons that should be learned David A. Wheeler
Re: CVE request: firefox: integer overflow Daniel Veditz
Re: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Matthew Daley
AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman
Re: Apple goto fail - lessons that should be learned Hanno Böck
Re: Apple goto fail - lessons that should be learned David A. Wheeler
CVE request: Canto Feed URL Parsing Command Line Injection Henri Salo
Please reject CVE-2014-8585 Henri Salo
CVE Request: LibreOffice -- several issues Alexander Cherepanov
Re: Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba Hanno Böck
CVE-2014-7816 Undertow (on Windows): Information disclosure via directory traversal Arun Babu Neelicattu
CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Murray McAllister
Re: CVE request: Canto Feed URL Parsing Command Line Injection cve-assign
Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Murray McAllister
Re: CVE Request: CAPTCHA bypass in MantisBT cve-assign
Re: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() cve-assign
Re: CVE Request: buffer overflow in ksba_oid_to_str in Libksba cve-assign

Thursday, 27 November

CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil
Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Henri Salo
Xen Security Advisory 111 (CVE-2014-8866) - Excessive checking in compatibility mode hypercall argument translation Xen . org security team
Xen Security Advisory 112 (CVE-2014-8867) - Insufficient bounding of "REP MOVS" to MMIO emulated inside the hypervisor Xen . org security team
Re: CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil
Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues Rene Engelhard
Re: blkid command injection Murray McAllister
Bug#771125: Info received ([oss-security] CVE request: mutt: heap-based buffer overflow in mutt_substrdup()) Debian Bug Tracking System
Re: Bug#771125: CVE request: mutt: heap-based buffer overflow in mutt_substrdup() Antonio Radici
CC'ing external lists/bugs (Re: [oss-security] Bug#771125: Info received ([oss-security] CVE request: mutt: heap-based buffer overflow in mutt_substrdup())) Solar Designer
libyaml / YAML-LibYAML DoS Jonathan Gray
CVE Request: Multiple vulnerabilities in Centreon <= 2.5.3 Damien Cauquil

Friday, 28 November

Re: libyaml / YAML-LibYAML DoS John Haxby
Re: The Fuzzing Project Joshua Rogers
CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener
Re: libyaml / YAML-LibYAML DoS Ingy dot Net
Re: libyaml / YAML-LibYAML DoS Ian Cordasco
Re: libyaml / YAML-LibYAML DoS cve-assign
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign
Re: libyaml / YAML-LibYAML DoS Ingy dot Net
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments Eric Covener
Re: libyaml / YAML-LibYAML DoS Ingy dot Net
Re: Re: libyaml / YAML-LibYAML DoS Dāvis Mosāns
Re: CVE Request: "LuaAuthzProvider" in Apache HTTP Server mixes up arguments cve-assign
Re: Re: libyaml / YAML-LibYAML DoS Jonathan Gray

Saturday, 29 November

Re: CC'ing external lists/bugs Jakub Wilk
CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script Damien Regad
CVE request: PHP Object Injection in MantisBT filter API Damien Regad

Sunday, 30 November

Re: CVE Request: Graphviz format string vuln Joshua Rogers
CVE request: OpenVAS Manager SQL injection (OVSA20141128) Murray McAllister
CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad

Monday, 01 December

Re: CVE request for check_diskio nagios/icinga plugin Pierre Schweitzer
Re: CVE request: missing checks for small-sized files in hivex Martin Prpic
Buffer overflow in antiword 0.37 Fabian Keil
Re: CVE Request: Graphviz format string vuln Vit Ry
Re: Re: CVE Request: Graphviz format string vuln Steven M. Christey
Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Andy Lutomirski
Re: Buffer overflow in antiword 0.37 Murray McAllister

Tuesday, 02 December

Re: blkid command injection Sebastian Krahmer
CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) Florian Weimer
CVE-2014-9129: XSS and CSRF in CM Download Manager plugin for WordPress Henri Salo
Re: CVE request: OpenVAS Manager SQL injection (OVSA20141128) cve-assign

Wednesday, 03 December

CVE-2014-8104 - Critical OpenVPN DoS Vulnerability David White
RE: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Nicolas Gaudin
CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck
Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Max Mühlbronner
Re: CVE-2014-8104 - Critical OpenVPN DoS Vulnerability Matt U
Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski
MediaWiki security release - 1.23.7 Chris Steipp
CVE request: procmail heap overflow in getlline() Henri Salo
CVE-2014-6316: URL redirection issue in MantisBT Damien Regad
Re: CVE request: procmail heap overflow in getlline() Joshua J. Drake
Re: CVE request: procmail heap overflow in getlline() Tero Marttila
Apache Hadoop 2.5.2 release to fix CVE-2014-3627 Karthik Kambatla

Thursday, 04 December

Re: CVE request: procmail heap overflow in getlline() Santiago Vila
Re: CVE request: procmail heap overflow in getlline() Kurt Seifried
Re: CVE request: procmail heap overflow in getlline() Florian Weimer
Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio
Re: CVE request: procmail heap overflow in getlline() Florian Weimer
CVE-2014-8106 qemu: cirrus: insufficient blit region checks Petr Matousek
[oCERT-2014-009] JasPer input sanitization errors Andrea Barisani
Re: CVE request: procmail heap overflow in getlline() Martino Dell'Ambrogio
Re: CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen
Re: Buffer overflow in antiword 0.37 Fabian Keil
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign
Re: CVE request: missing checks for small-sized files in hivex cve-assign
Re: CVE request: out-of-bounds memory access flaw in unrtf cve-assign
Re: MediaWiki security release - 1.23.7 cve-assign
Re: CVE request: OpenSSH ~/.k5users patch (Fedora and downstreams) cve-assign
Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil
Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck
CVE request: remote code execution vulnerability in gollum < 4.0.1 Dawa Ometto
Re: Offset2lib: bypassing full ASLR on 64bit Linux Kees Cook

Friday, 05 December

Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Paul Richards
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad
Re: Offset2lib: bypassing full ASLR on 64bit Linux Agostino Sarubbo
Re: Offset2lib: bypassing full ASLR on 64bit Linux Shawn
Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: Offset2lib: bypassing full ASLR on 64bit Linux Florian Weimer
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: CVE Request: DB credentials disclosure in MantisBT's unattended upgrade script cve-assign
Re: CVE request: PHP Object Injection in MantisBT filter API cve-assign
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT cve-assign
Re: CVE Request - dns-sync node module Steve Kemp
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: CVE Request: Multiple XSS vulnerabilities in MantisBT Damien Regad
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: Offset2lib: bypassing full ASLR on 64bit Linux Paul Pluzhnikov
RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards
Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden
RE: CVE-2014-6316: URL redirection issue in MantisBT P Richards
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Kahn Gillmor
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: Offset2lib: bypassing full ASLR on 64bit Linux Pavel Labushev
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Andy Lutomirski
Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Reed Loden
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Seth Arnold
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
How GNU/Linux distros deal with offset2lib attack? Shawn

Saturday, 06 December

Re: How GNU/Linux distros deal with offset2lib attack? lazytyped
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux
Re: Offset2lib: bypassing full ASLR on 64bit Linux Florent Daigniere
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
Re: How GNU/Linux distros deal with offset2lib attack? Loganaden Velvindron
Re: Offset2lib: bypassing full ASLR on 64bit Linux Hanno Böck

Sunday, 07 December

Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux
CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp Robert Scheck
MantisBT 1.2.18 Released Damien Regad
Re: How GNU/Linux distros deal with offset2lib attack? Shawn
postgresql: pg_dump creates world-readable dump Agostino Sarubbo
Re: postgresql: pg_dump creates world-readable dump gremlin
Re: postgresql: pg_dump creates world-readable dump Robert Scheck
Re: postgresql: pg_dump creates world-readable dump Agostino Sarubbo
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
Re: postgresql: pg_dump creates world-readable dump Julien Cristau
Re: postgresql: pg_dump creates world-readable dump Robert Scheck
Re: How GNU/Linux distros deal with offset2lib attack? Daniel Micay
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux

Monday, 08 December

Re: How GNU/Linux distros deal with offset2lib attack? Shawn
Xen Security Advisory 114 (CVE-2014-9065,CVE-2014-9066) - p2m lock starvation Xen . org security team
CVE request: mpfr: buffer overflow in mpfr_strtofr Vasyl Kaigorodov
Re: MantisBT 1.2.18 Released Vasyl Kaigorodov
Re: MantisBT 1.2.18 Released Remi Gacogne
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck
PowerDNS Security Advisory 2014-02 Peter van Dijk
Re: PowerDNS Security Advisory 2014-02 Hanno Böck
CVE Request David Cramer
Re: Offset2lib: bypassing full ASLR on 64bit Linux Mike Hommey
Re: CVE Request Solar Designer
Re: Running Java across a privilege boundry Solar Designer
Re: CVE Request David Cramer
CVE question: Return of POODLE Huzaifa Sidhpurwala
CVE Request for illumos distributions Dan McDonald
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk

Tuesday, 09 December

PIE bypass using VDSO ASLR weakness Reno Robert
Re: PowerDNS Security Advisory 2014-02 Hanno Böck
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk
Re: PIE bypass using VDSO ASLR weakness Daniel Micay
Two rpm flaws Huzaifa Sidhpurwala
Re: Two rpm flaws Yves-Alexis Perez
Re: Re: CVE Request: Graphviz format string vuln Joshua Rogers
Re: PIE bypass using VDSO ASLR weakness Reno Robert
Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith
Re: Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr Vincent Lefevre
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb
Re: PIE bypass using VDSO ASLR weakness Martino Dell'Ambrogio
Re: Two rpm flaws Florian Weimer
[OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124) Tristan Cacqueray
Re: PIE bypass using VDSO ASLR weakness Mathias Krause
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
CVE Request: MiniUPnPd: several issues Salvatore Bonaccorso
Re: CVE question: Return of POODLE Steven M. Christey
Re: PIE bypass using VDSO ASLR weakness Daniel Micay
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X servers Alan Coopersmith
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb
CVE request: denial of service flaw in firebird Vincent Danen
Re: Offset2lib: bypassing full ASLR on 64bit Linux Loganaden Velvindron

Wednesday, 10 December

Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Vasyl Kaigorodov
Re: Possible CVE request: freetype: out-of-bounds stack-based read/write in cf2_hintmap_build() (incomplete fix for CVE-2014-2240) Mateusz Jurczyk
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb
Re: Offset2lib: bypassing full ASLR on 64bit Linux Steve Grubb
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
Re: Offset2lib: bypassing full ASLR on 64bit Linux Daniel Micay
CVE request: Reflected XSS in Nibbleblog <= v4.0.1 Henri Salo
CVE request: MyBB 1.8.3 & 1.6.16 security releases Henri Salo
[OSSA 2014-039.1] Neutron DoS through invalid DNS configuration (CVE-2014-7821) ERRATA 1 Tristan Cacqueray
CVE request: Python, standard library HTTP clients Alex Gaynor
Re: CVE request: Python, standard library HTTP clients David A. Wheeler
Re: PIE bypass using VDSO ASLR weakness Reno Robert

Thursday, 11 December

Re: Re: Offset2lib: bypassing full ASLR on 64bit Linux Hector Marco
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov
Re: so, can we do something about lesspipe? (+ a cpio bug to back up the argument) Alexander Cherepanov
Re: CVE request: Python, standard library HTTP clients cve-assign
Re: PIE bypass using VDSO ASLR weakness Hanno Böck
Re: PIE bypass using VDSO ASLR weakness Greg KH
CVE request: TYPO3-CORE-SA-2014-003 Henri Salo
Re: CVE request: out-of-bounds memory access flaw in unrtf Alexander Cherepanov
Re: CVE Request for illumos distributions Dan McDonald
Docker 1.3.3 - Security Advisory [11 Dec 2014] Eric Windisch

Friday, 12 December

CVE request: denial of service in suricata Pierre Schweitzer
Re: CVE request: denial of service in suricata Victor Julien
Re: CVE request: denial of service in suricata Pierre Schweitzer
Re: CVE request: denial of service in suricata Victor Julien
Re: CVE request: denial of service in suricata Pierre Schweitzer
Re: CVE request: denial of service in suricata Victor Julien
Re: CVE request: denial of service in suricata Pierre Schweitzer
Re: PowerDNS Security Advisory 2014-02 Peter van Dijk

Saturday, 13 December

Re: CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock P J P
CVE Request: ZNC NULL Pointer Dereference Sean Amoss

Sunday, 14 December

Re: Abusing TZ for fun (and little profit) Jakub Wilk
Re: MantisBT 1.2.18 Released Damien Regad

Monday, 15 December

CVE request: glibc Florian Weimer
CVE request: XSS flaw fixed in dokuwiki 2014-09-29b Martin Prpic
Re: blkid command injection Sebastian Krahmer
Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b Martin Prpic
Re: Multiple disputed issues in util-vserver Fiedler Roman
Linux kernel: multiple x86_64 vulnerabilities Andy Lutomirski
AW: Re: AW: O_CREAT|O_DIRECTORY on nonexisting file expected behaviour? Fiedler Roman
CVE request for vulnerability in OpenStack Glance Murphy, Grant Charles
krb5: kadmin NULL pointer dereference issues, CVE-2014-5353 and CVE-2014-5354 Murray McAllister
file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117 Murray McAllister

Tuesday, 16 December

Re: file(1): multiple denial of service issues (resource consumption), CVE-2014-8116 and CVE-2014-8117 Hanno Böck
CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server Martin Prpic
CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Larry W. Cashdollar
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Henri Salo
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Solar Designer
Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Parameter Remote Path Traversal File Access Ryan Dewhurst
Re: Re: CVE-2014-9119: DB Backup plugin for WordPress download.php file Ipstenu (Mika Epstein)
mailx issues (CVE-2004-2771, CVE-2014-7844) Florian Weimer
CVE request: file(1) DoS Alexander Cherepanov

Wednesday, 17 December

CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P
What is the "Grinch" polkit/wheel group issue? Marcus Meissner
Re: What is the "Grinch" polkit/wheel group issue? Elad Alfassa
Re: What is the "Grinch" polkit/wheel group issue? Todd C. Miller
Re: What is the "Grinch" polkit/wheel group issue? Nicolas Vigier
Re: What is the "Grinch" polkit/wheel group issue? Daniel Kahn Gillmor
CSRF vulnerability in doorkeeper OAuth provider rubygem Tute Costa
Re: What is the "Grinch" polkit/wheel group issue? Kurt Seifried
[CVE-2014-8144] CSRF vulnerability in doorkeeper Tute Costa - thoughtbot
Re: What is the "Grinch" polkit/wheel group issue? Dean Pierce
Re: What is the "Grinch" polkit/wheel group issue? Grandma Eubanks
Re: What is the "Grinch" polkit/wheel group issue? Daniel Micay
Re: CVE request: glibc cve-assign
Re: CVE Request: ZNC NULL Pointer Dereference cve-assign

Thursday, 18 December

Re: How GNU/Linux distros deal with offset2lib attack? Lionel Debroux
Re: Running Java across a privilege boundry Tim Brown
Re: How GNU/Linux distros deal with offset2lib attack? Amos Jeffries
Re: Running Java across a privilege boundry Jakub Wilk
Embargoes for secondary issues Florian Weimer
Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause
Re: Embargoes for secondary issues Raphael Geissert
Re: Running Java across a privilege boundry Martin Carpenter
[oCERT-2014-012] JasPer input sanitization errors Andrea Barisani
Re: Running Java across a privilege boundry Jakub Wilk
Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 Dawa Ometto
Re: Running Java across a privilege boundry Alexander Cherepanov
Re: Running Java across a privilege boundry Martin Carpenter
Re: Running Java across a privilege boundry Alexander Cherepanov
CVE Request: Linux x86_64 userspace address leak Andy Lutomirski
Re: Running Java across a privilege boundry Martin Carpenter
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH
request for CVEs for git clients Kurt Seifried
Re: request for CVEs for git clients Kurt Seifried
Re: request for CVEs for git clients Alex Gaynor
Re: request for CVEs for git clients Russ Allbery

Friday, 19 December

Re: request for CVEs for git clients Reed Loden
RE: request for CVEs for git clients Christey, Steven M.
Re: How GNU/Linux distros deal with offset2lib attack? Mathias Krause
Re: How GNU/Linux distros deal with offset2lib attack? Greg KH

Saturday, 20 December

can we talk about secure time? Hanno Böck
Re: request for CVEs for git clients Julien Cristau
Re: can we talk about secure time? Stuart Henderson
Re: can we talk about secure time? Daniel Kahn Gillmor
Re: can we talk about secure time? ncl () cock li
Re: can we talk about secure time? Daniel Micay

Sunday, 21 December

Re: can we talk about secure time? Florian Weimer
CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 Salvatore Bonaccorso
Re: can we talk about secure time? Daniel Micay
Re: can we talk about secure time? Dave Horsfall
leap seconds and security [was: Re: can we talk about secure time?] Daniel Kahn Gillmor
Re: can we talk about secure time? Florian Weimer
Re: can we talk about secure time? Hanno Böck
Re: can we talk about secure time? Kurt Seifried
Re: can we talk about secure time? Hanno Böck
Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck
Re: can we talk about secure time? Walter Parker

Monday, 22 December

Re: can we talk about secure time? John Haxby
New SSL/TLS vulnerabilities in Apache CXF Colm O hEigeartaigh
[oCERT-2014-011] UnZip input sanitization errors Andrea Barisani
[oCERT-2014-010] SoX input sanitization errors Andrea Barisani
[grant.murphy () hp com: [oss-security] CVE request for vulnerability in OpenStack Glance] Grant Murphy
Graylog2-Web LDAP Injection - CVE-2014-9217 J. Tozo
CVE Request: Info-ZIP unzip 6.0 mancha
Re: can we talk about secure time? Dave Horsfall
CVE Request: libpng 1.6.15 Heap Overflow endeavor

Tuesday, 23 December

[OSSA-2014-041] Glance v2 API unrestricted path traversal Grant Murphy

Wednesday, 24 December

Imagemagick fuzzing bug Bastien ROUCARIES
Re: Imagemagick fuzzing bug Hanno Böck
libsndfile DoS/divide-by-zero Joshua Rogers
Re: Imagemagick fuzzing bug Gynvael Coldwind
Re: Imagemagick fuzzing bug Alexander Cherepanov
Re: CVE Request: Linux x86_64 userspace address leak cve-assign

Thursday, 25 December

CVE Request: libsndfile buffer overread Joshua Rogers
Re: can we talk about secure time? Richard Johnson
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records cve-assign
Re: Imagemagick fuzzing bug Gynvael Coldwind
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records P J P

Friday, 26 December

Re: CVE Request: Linux x86_64 userspace address leak P J P
Re: CVE Request Linux kernel: fs: isofs: infinite loop in CE records Lukas Odzioba
Re: PIE bypass using VDSO ASLR weakness cve-assign
CVE request: XSS issues in Koha Chris Cormack
libbfd / bfd Joshua Rogers

Saturday, 27 December

Re: libbfd / bfd Alexander Cherepanov

Sunday, 28 December

Re: CVE Request: Linux x86_64 userspace address leak Andy Lutomirski
mpg123 CVE Assignment? Yury German
Re: CVE request: Reflected XSS in Nibbleblog <= v4.0.1 Henri Salo
Re: parse_datetime() bug in coreutils Moritz Mühlenhoff
CVE request: dir traversal in elfutils Alexander Cherepanov

Monday, 29 December

OpenBSD signify and "fingerprint" Florian Weimer
CVE Request: Double Free in PHP Joshua Rogers
Re: OpenBSD signify and "fingerprint" Ted Unangst
Re: CVE Request: Double Free in PHP cve-assign
Re: Re: CVE Request: Double Free in PHP Joshua Rogers
CVE Request(s): GnuPG 2/GPG2 Joshua Rogers
CVE Request(s): libgcrypt Joshua Rogers
Re: CVE Request(s): libgcrypt Florian Weimer
Re: CVE Request(s): libgcrypt Joshua Rogers
Re: CVE request: mpfr: buffer overflow in mpfr_strtofr Moritz Muehlenhoff
Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 Salvatore Bonaccorso
Re: CVE Request: MiniUPnPd: several issues Salvatore Bonaccorso
Re: CVE Request: Double Free in PHP cve-assign
Re: Re: CVE Request: Double Free in PHP Joshua Rogers
2012 CVE request: XXE in nokogiri ruby gem David Jorm

Tuesday, 30 December

Re: OpenBSD signify and "fingerprint" mancha
CVE request for emacs possibly Kurt Seifried
CVE for net-mail/dbmail-3.2.2: CRAM-MD5 authentication bypass Kurt Seifried
CVE Request, Use after free vulnerability in Dwarfdump xiaoqixue_1

Wednesday, 31 December

CVE Request: PHP: out of bounds read crashes php-cgi Salvatore Bonaccorso
CVE Request: Linux: Remote crash via batman-adv module Salvatore Bonaccorso
Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign
Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel cve-assign
Command Injection in mime-support/run-mailcap (CVE-2014-7209) Timothy D. Morgan
Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers
Re: CVE Request: libsndfile buffer overread Joshua Rogers
cve request: miniunzip directory traversal Michael Gilbert
PreviousPrevious period
Next periodNext