oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

1068 messages starting Dec 31 14 and ending Mar 31 15
Date index | Thread index | Author index

Wednesday, 31 December

Re: CVE Request: PHP: out of bounds read crashes php-cgi Stanislav Malyshev
Re: CVE Request: Linux: Remote crash via batman-adv module - Linux kernel Salvatore Bonaccorso
CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso

Thursday, 01 January

Re: cve request: miniunzip directory traversal Alexander Cherepanov
CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso
Re: Imagemagick fuzzing bug Bastien ROUCARIES

Friday, 02 January

CVE request: Concrete5 XSS vulnerability Henri Salo
Possible "new" CVE for Zoo directory traversal Kurt Seifried
CVE requests: Drupal contributed modules Pere Orga
Re: 2012 CVE request: XXE in nokogiri ruby gem David Jorm
Re: CVE Request: PHP: out of bounds read crashes php-cgi cve-assign
CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Salvatore Bonaccorso

Saturday, 03 January

CVE Request -- Contenido 4.9.x - 4.9.5 -- Reflecting XSS vulnerability in exception handler with deactivated AMR function Steffen Rösemann
CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities Steffen Rösemann
Re: CVE request: file(1) DoS Alexander Cherepanov
Re: CVE request: dir traversal in elfutils cve-assign
Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp cve-assign
Re: parse_datetime() bug in coreutils cve-assign
Re: CVE request: mpfr: buffer overflow in mpfr_strtofr cve-assign
Re: CVE Request: Mediawiki security releases 1.24.1, 1.23.8, 1.22.15 and 1.19.23 cve-assign
Re: CVE Request, Use after free vulnerability in Dwarfdump cve-assign
Re: CVE request for emacs possibly cve-assign
Re: cve request: miniunzip directory traversal cve-assign
cve request: insecure temporary file usage - xbindkeys-config Steve Kemp
Re: CVE request: XSS issues in Koha cve-assign
Re: Re: CVE request: remote code execution vulnerability in gollum < 3.1.1 cve-assign
Re: CVE Request cve-assign
Re: CVE Request for illumos distributions cve-assign
Re: CVE request: denial of service flaw in firebird cve-assign
Re: [grant.murphy () hp com: [oss-security] CVE request for vulnerability in OpenStack Glance] cve-assign
Re: CVE request: insufficient 'X-Forwarded-For' header validation in rabbitmq-server cve-assign
Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign
Re: Re: CVE Request: libsndfile buffer overread cve-assign
Re: mpg123 CVE Assignment? cve-assign
Re: CVE requests: Drupal contributed modules cve-assign
Fwd: Re: CVE Request Question Joshua Rogers
Re: CVE Request for illumos distributions Christos Zoulas
Re: CVE Request for illumos distributions Joshua Rogers
【Vulnerability Report 】 - from QIHU 360 China 罗大龙
Re: CVE Request for illumos distributions Dave Horsfall
Re: CVE request: denial of service flaw in firebird Salvatore Bonaccorso
Re: CVE Request for illumos distributions gremlin

Sunday, 04 January

Re: CVE Request for illumos distributions Alan Coopersmith
CVE Request: gcab: directory traversal Salvatore Bonaccorso
Re: CVE Request for illumos distributions Marcus Meissner
Re: CVE Request for illumos distributions Steven M. Christey
Re: CVE Request for illumos distributions Steven M. Christey
Assignment of CVE IDs with 5 or more digits by January 13, 2015 Steven M. Christey
Re: Assignment of CVE IDs with 5 or more digits by January 13, 2015 Kurt Seifried

Monday, 05 January

CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie
Announcing D-Bus 1.8.14 Simon McVittie
CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Simon McVittie
Re: CVE request: denial of service flaw in firebird Vincent Danen
Re: CVE request: denial of service flaw in firebird cve-assign
Re: CVE Request: gcab: directory traversal cve-assign
Re: cve request: insecure temporary file usage - xbindkeys-config Steven M. Christey
Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash Steven M. Christey
Re: Re: 2012 CVE request: XXE in nokogiri ruby gem Steven M. Christey
Re: CVE Request -- Contenido 4.9.x - 4.9.5 -- Reflecting XSS vulnerability in exception handler with deactivated AMR function cve-assign
Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities cve-assign
Re: CVE Request(s): GnuPG 2/GPG2 cve-assign
Re: CVE-2014-8148: midgard-core configures D-Bus system bus to be insecure Kurt Seifried
Re: CVE request: Concrete5 XSS vulnerability Henri Salo
Re: Re: CVE Request(s): GnuPG 2/GPG2 Moritz Muehlenhoff
[OSSA 2014-041.1] Glance v2 API unrestricted path traversal (CVE-2014-9493) ERRATA 1 Grant Murphy
Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto
CVE Revoke Joshua Rogers
Re: CVE request: Concrete5 XSS vulnerability Korvin Szanto
Re: CVE request: Concrete5 XSS vulnerability Simo Ben youssef

Tuesday, 06 January

CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley
Dublicate CVE assignment for directory traversal in elfutils? (CVE-2014-9486 and CVE-2014-9447) Salvatore Bonaccorso
Re: CVE request: dir traversal in elfutils Vasyl Kaigorodov
Re: CVE Request(s): GnuPG 2/GPG2 Joshua Rogers
Xen Security Advisory 116 (CVE-2015-0361) - xen crash due to use after free on hvm guest teardown Xen . org security team
Possible CVE request: python-pillow: potential denial-of-service in PNG decompression code Vasyl Kaigorodov
CVE-2014-9529 - Linux kernel security/keys/gc.c race condition cve-assign
CVE request Linux kernel: isofs: unchecked printing of ER records P J P
CVE-2012-5853 Henri Salo
CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso
CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities Steffen Rösemann
CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend Steffen Rösemann
CVE request for directory traversal flaw in p7zip Vincent Danen
unsubscribe mmcallis () redhat com Vincent Danen
Re: unsubscribe mmcallis () redhat com Vincent Danen

Wednesday, 07 January

Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso
Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop cve-assign
Re: Dublicate CVE assignment for directory traversal in elfutils? (CVE-2014-9486 and CVE-2014-9447) cve-assign
CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins Vasyl Kaigorodov
Directory traversals in cpio and friends? Alexander Cherepanov
CVE Request for Privoxy Version: 3.0.22 Yury German

Thursday, 08 January

CVE Request: PHP Joshua Rogers
CVE request Daniel Strøm
Re: Directory traversals in cpio and friends? Florian Weimer
Re: CVE Request: PHP Joshua Rogers
[OSSA 2015-001] L3 agent denial of service with radvd 2.0+ (CVE-2014-8153) Tristan Cacqueray
CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities Steffen Rösemann
CVE request: local privilege escalation flaw in Red Star OS 3.0 David Jorm
CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso
Re: CVE Request: kwallet: incorrect CBC encryption handling Marcus Meissner
Re: CVE request Linux kernel: isofs: unchecked printing of ER records cve-assign

Friday, 09 January

Re: CVE Request: kwallet: incorrect CBC encryption handling Florian Weimer
CVE request: local privilege escalation flaws in Red Star OS 3.0 & 2.0 desktop Hacker Fantastic
Re: CVE Request: kwallet: incorrect CBC encryption handling Salvatore Bonaccorso
Re: PIE bypass using VDSO ASLR weakness - Linux kernel cve-assign
CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann
Re: Directory traversals in cpio and friends? Jakub Wilk
Re: CVE Request: libpng 1.6.15 Heap Overflow endeavor

Saturday, 10 January

Re: CVE Request: kwallet: incorrect CBC encryption handling Albert Astals Cid
Re: CVE Request: libpng 1.6.15 Heap Overflow cve-assign
Re: Directory traversals in cpio and friends? Alexander Cherepanov
Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad
Re: CVE Request for Privoxy Version: 3.0.22 cve-assign

Sunday, 11 January

Re: CVE request for directory traversal flaw in p7zip cve-assign
Re: CVE request: roundcubemail: possible CSRF attacks to some address book operations as well as to the ACL and Managesieve plugins cve-assign
Re: CVE request cve-assign
Re: CVE Request -- CMS BEdita v. 3.4.0 -- Multiple stored XSS vulnerabilities cve-assign
Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality cve-assign
CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 Henri Salo
Re: Re: CVE-2014-6316: URL redirection issue in MantisBT cve-assign
Re: CVE request Daniel Strøm

Monday, 12 January

CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) Steffen Rösemann
CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend Steffen Rösemann
CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Heidkamp
CVE request: pigz, kgb, pax: directory traversal Thijs Kinkhorst
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray

Tuesday, 13 January

CVE request: httpd: IP address spoofing in mod_remoteip Vasyl Kaigorodov
CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Steffen Rösemann
CVE request: lhasa: directory traversals Alexander Cherepanov
CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not set for cookies with Jenkins on Tomcat Kurt Seifried
Node.js "serve-static" module Open Redirect Kurt Seifried
CVE-2014-8160 Linux Kernel: SCTP firewalling fails until SCTP module is loaded Wade Mealing

Wednesday, 14 January

CVE request: directory traversal flaw in patch Martin Prpic
Re: Node.js "serve-static" module Open Redirect Adam Baldwin
Re: CVE request: lhasa: directory traversals Henri Salo
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo

Thursday, 15 January

[OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme Tristan Cacqueray
Re: CVE request: httpd: IP address spoofing in mod_remoteip cve-assign
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Daniel Kahn Gillmor
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Hanno Böck
CVE Request: cpio -- directory traversal Alexander Cherepanov
jar(1) -- directory traversal Alexander Cherepanov
CVE Request: ha -- directory traversals Alexander Cherepanov
CVE Request: ppmd -- directory traversals Alexander Cherepanov
CVE Request: pxz -- race condition in setting permissions Alexander Cherepanov
Re: CVE Request: cpio -- directory traversal Lyndon Nerenberg
CVE Request: libarchive -- directory traversal in bsdcpio Alexander Cherepanov
Re: CVE Request: cpio -- directory traversal Alexander Cherepanov
Re: Re: CVE request: httpd: IP address spoofing in mod_remoteip Amos Jeffries

Friday, 16 January

Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality Henri Salo
Re: CVE request: file(1) DoS Marc Deslauriers
Re: CVE request: file(1) DoS Alexander Cherepanov
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso
Re: CVE request: file(1) DoS jmm
KDE Plasma vulnerabilities: need CVE Albert Astals Cid
CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
CVE-2015-1042: URL redirection issue in MantisBT Damien Regad
CVE-2014-9571: XSS in install.php Damien Regad
CVE-2014-9573: SQL Injection in manage_user_page.php Damien Regad
CVE-2014-9572: Improper Access Control in install.php Damien Regad
CVE-2014-9571, -9572 and -9573 affect MantisBT Damien Regad
CVE request: CAPTCHA bypass in MantisBT Damien Regad

Saturday, 17 January

Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso
CVE-2005-2096 and gamera Raphael Geissert
Re: Imagemagick fuzzing bug Yury German
Re: CVE request: file(1) DoS cve-assign
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign
Re: Node.js "serve-static" module Open Redirect cve-assign
[RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings

Sunday, 18 January

Re: CVE request: lhasa: directory traversals Alexander Cherepanov
Re: PIE bypass using VDSO ASLR weakness - Linux kernel Andy Lutomirski
Re: CVE request: pigz, kgb, pax: directory traversal cve-assign
Re: CVE request for vulnerability in OpenStack Glance cve-assign
Re: [OSSA 2015-002] Glance v2 API unrestricted path traversal through filesystem:// scheme cve-assign
Re: CVE request: directory traversal flaw in patch cve-assign
Re: CVE Request: cpio -- directory traversal cve-assign
Re: CVE Request: ha -- directory traversals cve-assign
Re: CVE Request: ppmd -- directory traversals cve-assign
Re: CVE Request: pxz -- race condition in setting permissions cve-assign
Re: CVE request: CAPTCHA bypass in MantisBT cve-assign
CVE request: grep heap buffer overrun Jim Meyering
Moodle security issues are now public Marina Glancy

Monday, 19 January

New Apache Santuario security advisory CVE-2014-8152 Colm O hEigeartaigh
CVE Request: Webmin & Usermin - Read Mail Module Vulnerability Patrick William

Tuesday, 20 January

CVE Request: Linux kernel information leak in event device handling Marcus Meissner
[OSSA 2015-002.1] Glance v2 API unrestricted path traversal through filesystem:// scheme (CVE-2015-1195) ERRATA 1 Tristan Cacqueray
RE: CVE Request: Linux kernel information leak in event device handling Mehaffey, John
Possible CVE request: sympa: vulnerability in the web interface Salvatore Bonaccorso
Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi
ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat Kurt Seifried
Re: CVE request: directory traversal flaw in patch Martin Prpic
CVE Request: PHP int overflow Joshua Rogers
Re: CVE Request: Info-ZIP unzip 6.0 mancha
Xen Security Advisory 109 (CVE-2014-8594) - Insufficient restrictions on certain MMU update hypercalls Xen . org security team
Re: Vulnerabilities in VLC 2.1.5 cve-assign
Re: Vulnerabilities in VLC 2.1.5 Fabian Yamaguchi
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks James Morris
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler

Wednesday, 21 January

Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Solar Designer
Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek
CVE request: two issues in vorbis-tools Martin Prpic
Re: CVE request: two issues in vorbis-tools Hanno Böck
Re: CVE Request: Linux kernel information leak in event device handling Pavel Machek
Re: CVE Request: Linux kernel information leak in event device handling Petr Matousek
Re: heap overflow in procmail Jakub Wilk
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Stephen Smalley
CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards. J. Tozo
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Casey Schaufler
CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Ben Hutchings
CVE or not: 2x grml-debootstrap Sebastian Pipping
[oCERT-2015-001] JasPer input sanitization errors Andrea Barisani
Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid
Defense4all security advisory: CVE-2014-8149 users can export report data to an arbitrary file on the server's filesystem David Jorm
Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Matthew Daley

Thursday, 22 January

Re: ping on CVE Request for jenkins-tomcat: Secure and HttpOnly flags are not, set for cookies with Jenkins on Tomcat cve-assign
Re: Possible CVE request: sympa: vulnerability in the web interface cve-assign
Re: CVE Request: Info-ZIP unzip 6.0 cve-assign
Re: KDE Plasma vulnerabilities: need CVE cve-assign
Re: CVE request: directory traversal flaw in patch cve-assign
Re: heap overflow in procmail cve-assign
Re: CVE request: two issues in vorbis-tools cve-assign
Re: CVE request: grep heap buffer overrun cve-assign
Re: KDE Plasma vulnerabilities: need CVE Albert Astals Cid
CVE Request: Linux kernel - Denial of service in notify_change for xattrs. Wade Mealing
CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order Kurt Seifried
CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Steffen Rösemann

Friday, 23 January

Re: CVE request: two issues in vorbis-tools Hanno Böck
Re: CVE request: two issues in vorbis-tools Paris Z
Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Henri Salo
CVE Request: Linux kernel crypto api unprivileged arbitrary module load Marc Deslauriers
CVE request for BZ Kurt Seifried
[perl #119505] Segfault from bad backreference Kurt Seifried
Re: CVE request for BZ David Lawrence
Re: [perl #119505] Segfault from bad backreference Salvatore Bonaccorso

Saturday, 24 January

CVE Request: patch: directory traversal via file rename Salvatore Bonaccorso
CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? Salvatore Bonaccorso
Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign
Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs. cve-assign
Socat security advisory 6 - Possible DoS with fork Gerhard Rieger
Re: Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load Mathias Krause
Re: CVE Request: Linux kernel crypto api unprivileged arbitrary module load cve-assign
Re: CVE Request: PHP cve-assign
Re: CVE Request: PHP int overflow cve-assign
SEANux 1.0 remote back door Larry W. Cashdollar
Re: CVE Request: PHP Joshua Rogers
Re: Re: CVE Request: PHP Joshua Rogers
Re: Re: CVE Request: PHP Joshua Rogers
Multiple vulnerabilities in LibTIFF and associated tools William Robinet
Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski
Re: SEANux 1.0 remote back door Larry W. Cashdollar
Re: Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1 Moritz Muehlenhoff

Sunday, 25 January

Re: SEANux 1.0 remote back door Alexander Cherepanov
Re: SEANux 1.0 remote back door Larry W. Cashdollar
CVE for SEANux 1.0? Larry Cashdollar
Re: SEANux 1.0 remote back door Alexander Cherepanov
CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities Henri Salo
busybox CVE-2014-9645 Kurt Seifried
unshield directory traversal Kurt Seifried

Monday, 26 January

Reject CVE-2012-3878? Florian Weimer
CVE request for Privoxy Fabian Keil
[OSSA 2015-003] Glance user storage quota bypass (CVE-2014-9623) Tristan Cacqueray
WebKitGTK+ Security Advisory WSA-2015-0001 Carlos Alberto Lopez Perez
Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin Marc Deslauriers
kamailio: multiple /tmp file vulnerabilities Helmut Grohne
CVE HOWTO - updated and moved to github Kurt Seifried
Re: CVE HOWTO - updated and moved to github Seth Arnold

Tuesday, 27 January

Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload cve-assign
Re: CVE requests for nodejs marked VBScript Content Injection and sequelize SQL Injection in Order cve-assign
Re: [perl #119505] Segfault from bad backreference cve-assign
GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
KVM SYSENTER emulation vulnerability - CVE-2015-0239 Nadav Amit
CVE request: XSS in search functionality for Geo Mashup Wordpress plugin Paolo Perego
Re: CVE Request: XSS and response-splitting bugs in rabbitmq management plugin cve-assign
Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Pierre Schweitzer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Marek Kroemeke
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer
Re: CVE Request: Webmin & Usermin - Read Mail Module Vulnerability cve-assign
Re: CVE or not: 2x grml-debootstrap cve-assign
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory
Re: Socat security advisory 6 - Possible DoS with fork cve-assign
Re: CVE request for Privoxy cve-assign
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine
Re: CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 cve-assign
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Michal Zalewski
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) endrazine
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Filip Palian
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory
kgb-bot can be crashed by some network traffic Kurt Seifried
CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities Steffen Rösemann
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Amos Jeffries
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jonathan Brossard
Re: CVE request: XSS in search functionality for Geo Mashup Wordpress plugin cve-assign
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer

Wednesday, 28 January

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Sven Kieske
Re: unshield directory traversal cve-assign
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Qualys Security Advisory
Re: CVE Request: patch: CVE needed for incomplete fix for CVE-2015-1196? cve-assign
Re: CVE Request: patch: directory traversal via file rename cve-assign
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Peter Bex
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala
CVE-2014-8156: freesmartphone.org stack configures D-Bus system bus to be insecure Simon McVittie
CVE request - ICU Tomas Hoger
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Stephane Chazelas
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Raphael Geissert
the other glibc issue Hanno Böck
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures Moritz Muehlenhoff
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign
Re: CVE request for buffer overrun in CHICKEN Scheme's substring-index[-ci] procedures cve-assign
Re: the other glibc issue cve-assign
Re: kgb-bot can be crashed by some network traffic Pierre Schweitzer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer
CVEs for Drupal contributed modules - January 2015 Pere Orga
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Huzaifa Sidhpurwala
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Yves-Alexis Perez

Thursday, 29 January

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Sven Kieske
Re: CVEs for Drupal contributed modules - January 2015 Pere Orga
Re: the other glibc issue Solar Designer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried
Xen Security Advisory 118 - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team
Re: Re: CVEs for Drupal contributed modules - January 2015 Vasyl Kaigorodov
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
CVE-2015-1420 - Linux kernel fs/fhandle.c race condition cve-assign
CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions Petr Matousek
Re: CVE request - ICU cve-assign
Re: CVE request -- Linux kernel - net: sctp: slab corruption from use after free on INIT collisions cve-assign
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Paul Pluzhnikov
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Michal Zalewski
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Qualys Security Advisory
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kurt Seifried
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) cve-assign
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Jan Schaumann
CVE request: xchat/hexchat don't properly verify SSL certificates Vincent Danen
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Marc Deslauriers
Fwd: ClamAV® blog: ClamAV 0.98.6 has been released! Alexander Cherepanov
Re: Re: CVE request - ICU Tomas Hoger
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sam Dodrill
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Reed Loden
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Daniel Kahn Gillmor
Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow Solar Designer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Hanno Böck
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Kees Cook
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Daniel Kahn Gillmor
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Alexander Cherepanov

Friday, 30 January

Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Florian Weimer
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Michael Samuel
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Sven Schwedas
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02
Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Solar Designer
R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) linkbc02
Re: CVE request: xchat/hexchat don't properly verify SSL certificates Kurt Seifried
CVE request: Xymon Moritz Muehlenhoff
Re: CVE request: xchat/hexchat don't properly verify SSL certificates TingPing
Re: the other glibc issue Rich Felker

Saturday, 31 January

Re: R: [oss-security] GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Ammar Brohi
CVE request: phpbb3 CSRF and CSS injection Henri Salo
CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 Henri Salo
Re: CVE request: Xymon cve-assign
Re: CVE request: phpbb3 CSRF and CSS injection cve-assign
Re: CVE request: Roundcube cross-site scripting vulnerability fixed in 1.0.5 cve-assign
CVE request: Piwigo SQL Injection Achref Akremi
RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer
Re: CVE request: Piwigo SQL Injection cve-assign
Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign

Sunday, 01 February

CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann
Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities cve-assign
Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign
Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer
Re: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities Steffen Rösemann
CVE request: heap buffer overflow in glibc swscanf Paul Pluzhnikov

Monday, 02 February

workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin
CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast Petr Matousek
Re: CVE Request: cpio -- directory traversal Vitezslav Cizek
Re: Linux kernel: multiple x86_64 vulnerabilities Solar Designer

Tuesday, 03 February

vsftpd problem in deny_hosts Marcus Meissner
Re: vsftpd problem in deny_hosts Solar Designer
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin
Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Qualys Security Advisory
Re: vsftpd problem in deny_hosts Marcus Meissner
Re: CVE Request: MySQL: MyISAM temporary file issue Marcus Meissner
Re: vsftpd problem in deny_hosts Moritz Muehlenhoff
Re: vsftpd problem in deny_hosts Chris Evans
Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso
Re: Possible CVE Requests: libmspack: several issues Hanno Böck
Re: CVE request -- Linux kernel - net: DoS due to routing packets to too many different dsts/too fast cve-assign
CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability Steffen Rösemann
Re: CVE-Request -- Pragyan CMS v.3.0 -- SQL injection vulnerability cve-assign
Re: CVE request: heap buffer overflow in glibc swscanf Gsunde Orangen
Re: CVE request: heap buffer overflow in glibc swscanf cve-assign
Re: Re: CVE request: heap buffer overflow in glibc swscanf Daniel Micay
Re: vsftpd problem in deny_hosts Joshua J. Drake

Wednesday, 04 February

Re: Re: CVE request: heap buffer overflow in glibc swscanf Florian Weimer
CVE request: NULL ptr deref in php Johannes Segitz
Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Reed Loden
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Mark Felder
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Florent Daigniere
CVE Request: PHP/file: out-of-bounds memory access in softmagic Moritz Muehlenhoff
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic Hanno Böck
Old nagios CVE Kurt Seifried
CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument Kurt Seifried
CVE request for some NTP stuff Kurt Seifried
Re: CVE request for some NTP stuff Gsunde Orangen
Re: Apache 2.4 mod_ssl SSLSessionTickets -- others vulnerable? Michael Samuel
CVE request for Zero-day in the Fancybox-for-WordPress Plugin Kurt Seifried
MP3::Info file loading from cwd Kurt Seifried
foomatic file loading from cwd Kurt Seifried

Thursday, 05 February

Re: CVE request: NULL ptr deref in php cve-assign
[oCERT-2015-002] e2fsprogs input sanitization errors Andrea Barisani
[ANNOUNCE] CVE-2014-3600, CVE-2014-3612 and CVE-2014-8110 - Apache ActiveMQ vulnerabilities Dejan Bosanac
[ANNOUNCE] CVE-2014-3579 - ActiveMQ Apollo vulnerability Dejan Bosanac
Re: Linux kernel: multiple x86_64 vulnerabilities Shawn
Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin cve-assign
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle cve-assign
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign
Re: CVE Request: PHP/file: out-of-bounds memory access in softmagic cve-assign
Re: Re: CVE request for Zero-day in the Fancybox-for-WordPress Plugin Henri Salo
Re: CVE request - ICU cve-assign
CVE requests for Drupal contributed modules Pere Orga
Re: CVE Request: cpio -- directory traversal Alexander Cherepanov
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle Marina Glancy
CVE request: two OpenLDAP DoS issues Ryan Tandy

Friday, 06 February

CVE request for denial-of-service vulnerability in fcgi Till Maas
Re: CVE request for denial-of-service vulnerability in fcgi Kurt Seifried
lynx: crash when parsing overly long links Kurt Seifried
older fuseiso stuff Kurt Seifried
some older pbm2l2030 stuff Kurt Seifried
older issues in libbluray Kurt Seifried
Re: lynx: crash when parsing overly long links Alan Coopersmith
byzanz: Out-of heap-based buffer write in GIF encoder Kurt Seifried
potrace: possible heap overflow Kurt Seifried
libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Kurt Seifried
python-rope: pickle.load of remotely supplied data with no authentication required Kurt Seifried
Re: lynx: crash when parsing overly long links Kurt Seifried

Saturday, 07 February

Re: CVE request: two OpenLDAP DoS issues cve-assign
Re: CVE request for denial-of-service vulnerability in fcgi cve-assign
Re: Multiple vulnerabilities in LibTIFF and associated tools cve-assign
gcj jar manifest parsing segfault with classpath references Kurt Seifried
ghostscript double free and invalid read caused by embedded jbig2 data Kurt Seifried
CVE REJECT CVE-2009-1193 Kurt Seifried
Re: ghostscript double free and invalid read caused by embedded jbig2 data Hanno Böck
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() Kurt Seifried
Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried
some really old openjdk stuff/possible java Kurt Seifried
Re: ghostscript double free and invalid read caused by embedded jbig2 data Gynvael Coldwind
Spencer regexp heap overflow? Alistair Crooks
Fwd: ezmlm response Constantine Shulyupin
Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Reed Loden
Re: Mozilla: Use-after-free when doing multiple nesting using bad tags Kurt Seifried
Re: kgb-bot can be crashed by some network traffic cve-assign

Sunday, 08 February

CVE-Request -- eFront v. 3.6.15.2 build 18021 (Community Edition) -- Multiple CSRF vulnerabilities Steffen Rösemann
Re: lynx: crash when parsing overly long links Hanno Böck
Re: kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap() - Linux kernel cve-assign
CVE-2013-6501 php: predictible filename used for cache in world writable directory Kurt Seifried
CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Kurt Seifried
Re: CVE-2013-6501 php: predictible filename used for cache in world writable directory Stanislav Malyshev
please REJECT CVE-2013-4186 Kurt Seifried
Re: CVE-Request -- eFront v. 3.6.15.2 build 18021 (Community Edition) -- Multiple CSRF vulnerabilities cve-assign
Moodle security issue made public Marina Glancy
Re: CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities cve-assign

Monday, 09 February

CVE-2014-8165: remote code execution in powerpc-utils-python Florian Weimer
Re: CVE request for Moodlee MDL-48980 Security: Always clean the result from min_get_slash_argument - Moodle cve-assign
CVE-2015-0245: denial of service in dbus >= 1.4 systemd activation Simon McVittie
CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Alexander Cherepanov
Re: CVE-2013-4578 OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars Ritwik Ghoshal
CVE request: XSS in MantisBT Damien Regad
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign
CVE request: sudo TZ issue Todd C. Miller
CVE Request: jabberd remote information disclosure Thijs Alkemade
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Mike O'Connor
RE: CVE request: XSS in MantisBT P Richards
Current outstanding CVE requests Kurt Seifried
CVE-Request -- Linux kernel - panic on nftables rule flush Wade Mealing

Tuesday, 10 February

Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Florian Weimer
Two new security advisories released for Apache WSS4J Colm O hEigeartaigh
Re: CVE-Request -- Linux kernel - panic on nftables rule flush Florian Weimer
Re: CVE request: sudo TZ issue Florian Weimer
Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger
Re: Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco
eCryptfs key wrapping help to crack user password Sylvain Pelissier
wordexp(3) Solar Designer
Re: wordexp(3) Rich Felker
Re: CVE-Request -- Linux kernel - panic on nftables rule flush cve-assign
Re: CVE request: sudo TZ issue Todd C. Miller
CVE Request: Cups: cupsRasterReadPixels buffer overflow Kristian Fiskerstrand
Re: eCryptfs key wrapping help to crack user password Tyler Hicks
CVE-2015-0260: Kallithea: API key of repository's creator exposed by get_repo API method Andrew Shadura
Fwd: X.Org Security Advisory: CVE-2015-0255: Information leak in the XkbSetGeometry request of X servers Alan Coopersmith
Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda
Re: CVE request: sudo TZ issue cve-assign
Re: wordexp(3) Rich Felker

Wednesday, 11 February

Re: Re: CVE request: sudo TZ issue Florian Weimer
Re: wordexp(3) John Haxby
Re: wordexp(3) Stuart Henderson
Re: CVE Request: Info-ZIP unzip 6.0 mancha
Re: wordexp(3) Florian Weimer
Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda
Re: Re: CVE request: sudo TZ issue Todd C. Miller
Re: wordexp(3) Tim
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign
Re: heap overflow in procmail Salvatore Bonaccorso
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco
Re: wordexp(3) Daniel Micay

Thursday, 12 February

CVE request: MovableType before 5.2.12 John Lightsey
Re: heap overflow in procmail Jakub Wilk
Re: CVE-Request -- CMS PHPKit WCMS v.1.6.6 -- Reflecting XSS vulnerability in administrative backend (poll archive) cve-assign
Re: CVE-Request -- CMS Croogo v.2.2.0 -- Reflecting XSS in filemanager in the administrative backend cve-assign
Re: CVE-Request -- CMS b2evolution v.5.2.0 -- Reflecting XSS vulnerability in filemanager functionality cve-assign
Re: kamailio: multiple /tmp file vulnerabilities cve-assign
CVE request: lame Moritz Muehlenhoff
CVE request: archmage directory traversal Moritz Muehlenhoff
Re: Possible CVE request: python-pillow: potential denial-of-service in PNG decompression code cve-assign
Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper cve-assign
Re: CVE Request: Cups: cupsRasterReadPixels buffer overflow cve-assign
Re: CVE request: sudo TZ issue cve-assign
Xen Security Advisory 117 (CVE-2015-0268) - arm: vgic-v2: GICD_SGIR is not properly emulated Xen . org security team
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign
Re: CVE request: archmage directory traversal cve-assign
Re: CVE request: MovableType before 5.2.12 - Movable Type cve-assign
Re: Re: CVE request: sudo TZ issue Rich Felker

Friday, 13 February

Re: Re: CVE request: sudo TZ issue Simon McVittie
CVE Requests - glibc overflows (strxfrm) mancha
CVE-Request -- Linux ASLR integer overflow Hector Marco
Re: Re: CVE request: sudo TZ issue Todd C. Miller
CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu
Re: CVE-Request -- Linux ASLR integer overflow Hector Marco
Re: CVE Request -- CMS Sefrengo v.1.6.0 -- SQL injection and XSS vulnerabilities cve-assign
Re: CVE Request -- CMS Kajona v. 4.6 -- Reflecting XSS in administrative backend cve-assign
Re: CVE Request - dns-sync node module cve-assign
CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF Steffen Rösemann
CVE requests for Drupal contributed modules Pere Orga
Re: CVE-Request -- Linux ASLR integer overflow cve-assign
Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck
Re: CVE request: XSS in MantisBT Damien Regad
RE: Re: CVE request: XSS in MantisBT P Richards
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) Hanno Böck
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF Steffen Rösemann
Possible vulnerability fixed in ZPAQ v7.02 Matt Mahoney

Saturday, 14 February

Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Hanno Böck
Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF cve-assign
Re: Multiple issues in GnuPG found through keyring fuzzing (TFPA 001/2015) cve-assign
Re: CVE-Request -- Linux ASLR integer overflow Kees Cook

Sunday, 15 February

CVE-Request - Offset2lib Hector Marco
Re: CVE-Request - Offset2lib Daniel Micay
End of the m0n0wall project Henri Salo
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service cve-assign

Monday, 16 February

Re: CVE request: XSS in MantisBT Damien Regad
RE: Re: CVE request: XSS in MantisBT P Richards
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Vasyl Kaigorodov
Re: CVE-Request -- Google Email App 4.2.2 remote denial of service Hector Marco
CVE-Request - bitbake Maxin John
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu
Re: CVE request: XSS in MantisBT Damien Regad
CVE request: spencer regexp Moritz Muehlenhoff
Re: [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks Josh Boyer

Tuesday, 17 February

CVE request: novnc: session hijack through insecurely set session token cookies Vasyl Kaigorodov
CVE request: vulnerabilities in libcsoap Patrick Coleman
Re: CVE request: vulnerabilities in libcsoap Patrick Coleman
CVE-2015-1315 - Info-ZIP UnZip - Out-of-bounds Write William Robinet
CVE-2014-9328: clamav: special crafted upack files may lead to segfault Sebastian Andrzej Siewior
CVE-2015-1463: clamav: special crafted petite can lead to a crash Sebastian Andrzej Siewior
CVE request: Linux kernel ecryptfs 1-byte overwrite Kees Cook
Re: CVE-Request - bitbake Florian Weimer
Re: CVE request: Linux kernel ecryptfs 1-byte overwrite cve-assign
FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried
Re: FreeBSD: URGENT: RNG broken for last 4 months Loganaden Velvindron

Wednesday, 18 February

CVE Request: cabextract -- directory traversal Alexander Cherepanov
CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Loganaden Velvindron
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco
CVE Request: xdg-utils: xdg-open: command injection vulnerability Salvatore Bonaccorso
CVE-Request -- Piwigo <= v. 2.7.3 -- Reflecting XSS- and SQLi-vulnerability in administrative backend Steffen Rösemann
Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability cve-assign
CVE request: xrdp mancha
Re: foomatic file loading from cwd Kurt Seifried
Re: CVE request: xrdp mancha
Re: Re: CVE Request: xdg-utils: xdg-open: command injection vulnerability Michael Gilbert
Re: FreeBSD: URGENT: RNG broken for last 4 months cve-assign
Re: FreeBSD: URGENT: RNG broken for last 4 months Kurt Seifried

Thursday, 19 February

CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
Re: CVE request for vulnerability in OpenStack Glance cve-assign
Re: CVE request for vulnerability in OpenStack Glance Tristan Cacqueray
Re: CVE request for vulnerability in OpenStack Glance cve-assign
Fixing the glibc runtime linker Tim Brown
Re: Fixing the glibc runtime linker Stuart Gathman
Re: CVE-Request -- Piwigo <= v. 2.7.3 -- Reflecting XSS- and SQLi-vulnerability in administrative backend cve-assign
Re: Fixing the glibc runtime linker Paul Pluzhnikov
Requesting CVE for ImageMagick DoS Jodie Cunningham
Re: Fixing the glibc runtime linker Tim Brown
Re: Fixing the glibc runtime linker Tim Brown
Re: Fixing the glibc runtime linker Paul Pluzhnikov
Re: Fixing the glibc runtime linker Rich Felker
Re: Fixing the glibc runtime linker Paul Pluzhnikov
Re: Fixing the glibc runtime linker Rich Felker

Friday, 20 February

Re: Fixing the glibc runtime linker Paul Pluzhnikov
Re: Fixing the glibc runtime linker Tim Brown
Re: Fixing the glibc runtime linker Casper . Dik
CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso
Re: Fixing the glibc runtime linker Paul Pluzhnikov
Re: Fixing the glibc runtime linker Rich Felker
Re: Fixing the glibc runtime linker Paul Pluzhnikov
Re: Fixing the glibc runtime linker Rich Felker
CVE-2015-2041 - Linux kernel - incorrect data type in llc2_timeout_table cve-assign
CVE-2015-2042 - Linux kernel - incorrect data type in rds_sysctl_rds_table cve-assign
CVE Request: jabberd remote information disclosure Joe Malcolm
Re: CVE request: XSS in MantisBT cve-assign

Saturday, 21 February

RE: CVE request: XSS in MantisBT P Richards
CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities Steffen Rösemann
CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities Steffen Rösemann
Re: CVE request: XSS in MantisBT cve-assign
Re: Fixing the glibc runtime linker Rich Felker
CVE-2015-0881 Kurt Seifried
Re: CVE-2015-0881 C Peters
Re: CVE-2015-0881 Kurt Seifried
CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 Salvatore Bonaccorso

Sunday, 22 February

Re: CVE-2015-0881 Amos Jeffries
Re: heap overflow in procmail Salvatore Bonaccorso
CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond
Re: CVE Request: TYPO3-CORE-SA-2015-001: Authentication Bypass in TYPO3 CMS 4.5 cve-assign
Re: older issues in libbluray Moritz Mühlenhoff
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages Moritz Muehlenhoff
Re: Possible CVE Requests: libmspack: several issues Moritz Mühlenhoff
Re: CVE request: xchat/hexchat don't properly verify SSL certificates jmm
Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Muehlenhoff
Re: CVE Request: jabberd remote information disclosure Moritz Muehlenhoff
CVE request: glibc PR 17269 _IO_wstr_overflow integer overflow Paul Pluzhnikov
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities cve-assign
Re: older issues in libbluray Kurt Seifried
CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities Steffen Rösemann
Re: CVE Request: cabextract -- directory traversal cve-assign
Re: CVE Request: jabberd remote information disclosure cve-assign

Monday, 23 February

Re: older issues in libbluray Florian Weimer
Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf
CVE request: BD-J implementation in libbluray Florian Weimer
Re: older issues in libbluray Florian Weimer
Re: older fuseiso stuff Florian Weimer
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf
Re: CVE request: BD-J implementation in libbluray Florian Weimer
Re: CVE request: BD-J implementation in libbluray Jean-Baptiste Kempf
Re: Re: CVE request: BD-J implementation in libbluray Sven Schwedas
CVE-2015-0275 -- Linux kernel: fs: ext4: fallocate zero range page size > block size BUG() Petr Matousek
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond
Re: Re: CVE Request: cabextract -- directory traversal Alexander Cherepanov
Re: CVE-2015-0881 Kurt Seifried
Re: CVE Request: jabberd remote information disclosure Thijs Alkemade
Re: [videolan] [oss-security] older issues in libbluray Kurt Seifried
Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf
[OSSA 2015-004] Glance import task leaks image in backend (CVE-2014-9684, CVE-2015-1881) Tristan Cacqueray
CVE request: unace Moritz Muehlenhoff
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities Steffen Rösemann
Re: CVE Request: cabextract -- directory traversal cve-assign
Re: CVE Request: jabberd remote information disclosure cve-assign
Re: CVE request: unace cve-assign
Re: Summer bug cleaning - rpcbind -h option - REJECT CVE-2012-3541 Kurt Seifried

Tuesday, 24 February

Please REJECT CVE-2012-6686 Florian Weimer
Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy
Re: Re: [videolan] [oss-security] older issues in libbluray Jean-Baptiste Kempf
Re: Re: [videolan] [oss-security] older issues in libbluray Tavis Ormandy
Re: CVE Request: Linux kernel information leak in event device handling Moritz Muehlenhoff

Wednesday, 25 February

Re: CVE request: vulnerabilities in libcsoap Patrick Coleman
CVE-2015-2080 - Jetty remote unauthenticated credential exposure cve-assign
Xen Security Advisory 118 (CVE-2015-1563) - arm: vgic: incorrect rate limiting of guest triggered logging Xen . org security team
Re: Fixing the glibc runtime linker John Haxby
Re: CVE Request : Several Bugs Found on Libflac 1.3.1 and Libtta++-2.2 Zhenghao Hu
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign

Thursday, 26 February

CVE request: glibc scanf implementation crashes on certain inputs Florian Weimer
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored Sébastien Delafond
CVE request: Joomla Google Maps Plugin Hanno Böck
CVE request: glibc: potential application crash due to overread in fnmatch Florian Weimer
Re: CVE Request: mod-gnutls: GnuTLSClientVerify require is ignored cve-assign
XSS In Zope Kurt Seifried
CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay
CVE Request: null ptr deref in lame v3.99.5 Brian Carpenter
Re: CVE Request: null ptr deref in lame v3.99.5 Moritz Muehlenhoff
Re: CVE request: Joomla Google Maps Plugin cve-assign
Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay
Re: Requesting CVE for ImageMagick DoS Jodie Cunningham
Re: eCryptfs key wrapping help to crack user password Tyler Hicks
Re: libmnl: incorrect validation of netlink message origin allows attackers to spoof netlink messages - Linux kernel cve-assign

Friday, 27 February

Re: Re: CVE request: Joomla Google Maps Plugin Hanno Böck
CVE request: RFC 4253 section 8 wooes Florent Daigniere
dropbear and PuTTY missing DHE sanity checks [was: Re: CVE request: RFC 4253 section 8 wooes] Daniel Kahn Gillmor
CVE-2015-0296 preinstall scriptlet in texlive-base rpm of fedora allows unprivileged user to delete arbitrary files(maybe others) Siddharth Sharma
Re: CVE-Request -- phpBugTracker v. 1.6.0 -- Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities cve-assign
Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities cve-assign
Re: eCryptfs key wrapping help to crack user password cve-assign

Saturday, 28 February

CVE Request: PuTTY fails to clear private key information from memory Patrick Coleman
Re: CVE Request: PuTTY fails to clear private key information from memory cve-assign
CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) Brian Carpenter
Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker
Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay
Re: CVE Request: PuTTY fails to clear private key information from memory Zubin Mithra
Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable) cve-assign
Re: CVE-2015-0881 Amos Jeffries
Re: CVE-2015-0881 Jerome Athias

Sunday, 01 March

Re: Re: CVE request: BD-J implementation in libbluray Florian Weimer
CVE request: DokuWiki privilege escalation in RPC API Sebastian Pipping
Re: CVE request: DokuWiki privilege escalation in RPC API cve-assign
Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Steven Stewart-Gallus
Re: CVE-2015-0881 Kurt Seifried

Monday, 02 March

CVE request: Maven downloads JARs via HTTP Martin Prpic
Re: CVE request: Maven downloads JARs via HTTP gremlin
Re: XSS In Zope cve-assign
Re: CVE request: Maven downloads JARs via HTTP Martin Prpic
Re: CVE request: Maven downloads JARs via HTTP gremlin
Re: CVE request: Maven downloads JARs via HTTP Simon McVittie
Re: CVE-Request -- Zeuscart v. 4 -- Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities cve-assign
Debian / xterm #779397 Kurt Seifried

Tuesday, 03 March

Re: Debian / xterm #779397 Thomas Dickey
Re: Re: Debian / xterm #779397 Simon McVittie
Re: validation on update gremlin
Re: Re: Debian / xterm #779397 Marcus Meissner
Re: CVE-Request: Linux ASLR mmap weakness: Reducing entropy by half Hector Marco
Re: validation on update Kurt Seifried
Re: Re: Debian / xterm #779397 Stephane Chazelas
Re: Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso
Re: CVE request: Maven downloads JARs via HTTP cve-assign
CVE request Galen Charlton
PostgreSQL password hashing Michael Samuel
Re: CVE request - Evergreen cve-assign
Re: CVE request - Evergreen Galen Charlton
Re: CVE request - Evergreen cve-assign
CVE request: PHPMoAdmin Unauthorized Remote Code Execution Henri Salo

Wednesday, 04 March

Re: CVE request: PHPMoAdmin Unauthorized Remote Code Execution cve-assign
CVE request: Invalid pointer dereference in the GNOME librest library Florian Weimer
Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
unassigning CVE-2015-2104 Paul McMillan
Re: unassigning CVE-2015-2104 Kurt Seifried
CVE-2014-6440: Heap Overflow in VLC Transcode Module Bill Blough

Thursday, 05 March

Re: [FD] Java 8u40 released: why? Gsunde Orangen
Xen Security Advisory 121 (CVE-2015-2044) - Information leak via internal x86 system device emulation Xen . org security team
Xen Security Advisory 122 (CVE-2015-2045) - Information leak through version information hypercall Xen . org security team
Certificate pinning and the browser PKI Florian Weimer
Re: CVE Request: libarchive -- directory traversal in bsdcpio Alessandro Ghedini
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Re: Certificate pinning and the browser PKI Martin Hecht
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Tomas Hoger
Re: CVE Request: libarchive -- directory traversal in bsdcpio Moritz Mühlenhoff
Re: unassigning CVE-2015-2104 cve-assign
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Re: unassigning CVE-2015-2104 Amos Jeffries
CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Prathan Phongthiproek

Friday, 06 March

Re: CVE-Request: WeBid 1.1.1 Unrestricted File Upload Exploit Henri Salo
Re: CVE-2015-0881 Amos Jeffries
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS Martin Prpic
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried

Saturday, 07 March

Mono TLS vulnerabilities Jo Shields
Re: Certificate pinning and the browser PKI Daniel Kahn Gillmor

Sunday, 08 March

Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Multiple vulnerabilities in Untangle NGFW 9-11 Hutton

Monday, 09 March

Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke
Re: CVE Request: libarchive -- directory traversal in bsdcpio Marcus Meissner
CVE-2014-8172 John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Please assign a CVE to this recent cups-filters vulnerability Fabio Olive Leite
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Instant v2.0 SQL Injection Vulnerability Steevee a.k.a Stefanus
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried

Tuesday, 10 March

Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel
Xen Security Advisory 124 - Non-standard PCI device functionality may render pass-through insecure Xen . org security team
Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team
Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption due to x86 emulator flaw Xen . org security team
CVE Request: PHP 5.6.6 changelog Francisco Alonso
Re: PEP-466 common compatible implementation. (was ... CVE-2015-1777) John Haxby
Re: CVE request: Ruby on Rails ActiveModel::Name to_json Call Infinite Loop Remote DoS cve-assign
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices Salvatore Bonaccorso
Re: Instant v2.0 SQL Injection Vulnerability cve-assign
Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. cve-assign
Re: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response. Marek Kroemeke
less invalid memory access fixed (CVE-2014-9488) Hanno Böck
Re: Instant v2.0 SQL Injection Vulnerability Solar Designer
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel

Wednesday, 11 March

Re: CVE Request: PHP 5.6.6 changelog Francisco Alonso
Re: CVE request: spencer regexp Siddharth Sharma
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 John Haxby
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Donald Stufft
Re: CVE request: spencer regexp cve-assign
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Re: CVE Request: PHP 5.6.6 changelog Joshua Rogers
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Kurt Seifried
Re: Another Python app (rhn-setup: rhnreg_ks) not checking hostnames in certs properly CVE-2015-1777 Michael Samuel

Thursday, 12 March

Xen Security Advisory 119 (CVE-2015-2152) - HVM qemu unexpectedly enabling emulated VGA graphics backends Xen . org security team
Re: Re: CVE request: spencer regexp Siddharth Sharma
Re: Re: CVE request: spencer regexp Siddharth Sharma
Assign a CVE for Python's restkit Please Donald Stufft
CVE request: lftp saves unknown host's fingerprint in known_hosts without any prompt Vasyl Kaigorodov
Re: Re: CVE request: spencer regexp Alistair Crooks
Re: CVE Request: Gtk2 Perl Module: incorrect memory management in Gtk2::Gdk::Display::list_devices cve-assign
Re: CVE request: novnc: session hijack through insecurely set session token cookies cve-assign
Re: CVE request: glibc scanf implementation crashes on certain inputs cve-assign
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich

Friday, 13 March

Disabling reading of kernel log buffer reading for user halfdog
Re: Disabling reading of kernel log buffer reading for user Marek Kroemeke
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team
Re: Disabling reading of kernel log buffer reading for user Jann Horn
Re: Disabling reading of kernel log buffer reading for user Grandma Eubanks
Re: Vendor adoption of PIE INFO#934476 oss-security Solar Designer
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team
Re: Vendor adoption of PIE INFO#934476 oss-security Daniel Micay
[OSSA 2015-005] Nova console Cross-Site WebSocket hijacking (CVE-2015-0259) Tristan Cacqueray
CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P
catdoc has bugs Dean Pierce
Re: Vendor adoption of PIE INFO#934476 oss-security Nick Kralevich
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH
RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign

Saturday, 14 March

CVE-2015-2289: Serendipity CMS cross-site scripting vulnerability in 2.0 version Henri Salo
CVE Request: XSS issue in MantisBT permalink_page.php Damien Regad
Re: CVE-2014-6316: URL redirection issue in MantisBT Damien Regad
CVE Request for python-requests session fixation vulnerability Ian Cordasco
CVE Request for information leak in Etherpad exports Jeremy Stanley
Re: CVE Request for python-requests session fixation vulnerability cve-assign
Re: CVE Request: XSS issue in MantisBT permalink_page.php cve-assign
Re: CVE Request for information leak in Etherpad exports cve-assign
Re: CVE request: vulnerabilities in libcsoap cve-assign

Sunday, 15 March

CVE Request - Apache Solr 4.10 Puneeth Gowda
Re: CVE Request: PHP 5.6.6 changelog cve-assign
Re: CVE Request: libarchive -- directory traversal in bsdcpio cve-assign
Moodle security issues made public Marina Glancy
CVE Request: Cap'n Proto: Several issues Salvatore Bonaccorso

Monday, 16 March

Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P
CVE Request: memory leak in openssl "hostname" TLS Extension Marcus Meissner
Re: CVE request: spencer regexp cve-assign
Re: CVE Request: memory leak in openssl "hostname" TLS Extension Vitezslav Cizek
Re: CVE Request: memory leak in openssl "hostname" TLS Extension cve-assign
CVE-2015-0263 and CVE-2015-0264 - Apache Camel medium disclosure vulnerability Christian Mueller
Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer
Re: CVE Request: Cap'n Proto: Several issues cve-assign

Tuesday, 17 March

[CVE-2015-0250] Apache Batik information disclosure vulnerability Luis Bernardo
Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Sven Schwedas
Re: Fwd: [ANNOUNCE] X.Org Security Advisory: More BDF file parsing issues in libXfont Alan Coopersmith
Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) Peter Kjellström
Re: Mono TLS vulnerabilities cve-assign
Re: Incomplete data at nvd for CVE-2014-8159 (infiniband / verbs) cve-assign
CVE Request: WebKitGTK+ late TLS certificate verification Michael Catanzaro

Wednesday, 18 March

CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary cve-assign
Re: CVE Request: WebKitGTK+ late TLS certificate verification cve-assign
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Christian Rebischke
CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas
CVE Request: Linux kernel execution in the early microcode loader. Quentin Casasnovas
Re: Fwd: [openssl-announce] Forthcoming OpenSSL releases Solar Designer
Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer
Re: CVE Request: Linux kernel execution in the early microcode loader. Daniel Micay
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law
Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Timo Warns
Re: Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Emmanuel Law
CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access Shachar Raindel

Thursday, 19 March

Re: CVE Request: Linux kernel execution in the early microcode loader. Florian Weimer
OpenSSL sec. advisory mancha
cve-assign delays Steven M. Christey
Re: cve-assign delays Kurt Seifried
CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 Pere Orga
Xerces-C Security Advisory [CVE-2015-0252] Cantor, Scott
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 cve-assign
OpenDaylight security advisory: CVE-2015-1778 authentication bypass, CVE-2015-1611 CVE-2015-1612 topology spoofing via LLDP David Jorm

Friday, 20 March

membership request to the closed linux-distros security mailing list Sona Sarmadi
Re: membership request to the closed linux-distros security mailing list Solar Designer
Re: membership request to the closed linux-distros security mailing list Anthony Liguori
Re: membership request to the closed linux-distros security mailing list Stuart Henderson
Re: membership request to the closed linux-distros security mailing list Anthony Liguori
Re: membership request to the closed linux-distros security mailing list Marcus Meissner
Re: membership request to the closed linux-distros security mailing list Anthony Liguori
Re: membership request to the closed linux-distros security mailing list Kurt Seifried
CVE request: denial of service in Quassel Pierre Schweitzer
Re: membership request to the closed linux-distros security mailing list Daniel Micay
CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo
Re: membership request to the closed linux-distros security mailing list John Haxby
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign
Re: CVE Request: Linux kernel execution in the early microcode loader. cve-assign
Re: membership request to the closed linux-distros security mailing list Alan Coopersmith

Saturday, 21 March

Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree Salvatore Bonaccorso
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. Quentin Casasnovas
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 Pere Orga
Re: CVE Request: Linux kernel unprivileged denial-of-service due to mis-protected xsave/xrstor instructions. cve-assign
CVE for Kali Linux Kurt Seifried
rsyslog/logs/1 minute off (another RISKS thing) Kurt Seifried
Re: CVE for Kali Linux Justin Steven
Re: CVE for Kali Linux Kurt Seifried
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Russ Allbery
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Michael Samuel

Sunday, 22 March

Re: CVE for Kali Linux Amos Jeffries
Re: CVE for Kali Linux Florian Weimer
Re: CVE for Kali Linux Florian Weimer
Re: membership request to the closed linux-distros security mailing list Florian Weimer
Re: membership request to the closed linux-distros security mailing list Florian Weimer
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Daniel Micay
Dulwich security issue Jelmer Vernooij
Re: CVE for Kali Linux Kurt Seifried
Re: CVE for Kali Linux Jeremy Stanley
Re: CVE for Kali Linux Kurt Seifried
Re: CVE for Kali Linux David A. Wheeler
CVE-Request -- openEMR v. 4.2.0 -- Multiple stored/reflecting XSS- and SQLi vulns Steffen Rösemann
Re: CVE for Kali Linux Solar Designer
Re: Possible CVE Request: dulwich: does not prevent to write files in commits with invalid paths to working tree cve-assign
Re: CVE for Kali Linux Solar Designer
Re: CVE for Kali Linux Kurt Seifried
Re: CVE for Kali Linux Donald Stufft
Re: CVE for Kali Linux David A. Wheeler
Re: Assign a CVE for Python's restkit Please Donald Stufft
Re: CVE for Kali Linux Daniel Micay
OpenSSL DoS tester now available (CVE-2015-0291) mancha
Re: CVE for Kali Linux Daniel Micay
CVE requests for Drupal contributed modules Pere Orga
Re: CVE for Kali Linux Kristian Fiskerstrand
Re: CVE for Kali Linux Stephen Kitt
Re: CVE for Kali Linux Jeremy Stanley
Re: CVE for Kali Linux Alexander Cherepanov
Re: CVE for Kali Linux Alexander Cherepanov
Re: CVE for Kali Linux Russ Allbery
Re: CVE for Kali Linux Solar Designer
Re: CVE for Kali Linux Russ Allbery
Re: CVE for Kali Linux cve-assign
Re: CVE for Kali Linux David A. Wheeler
Re: CVE for Kali Linux Daniel Micay
Re: CVE for Kali Linux Kurt Seifried
Re: CVE for Kali Linux Solar Designer

Monday, 23 March

Re: Assign a CVE for Python's restkit Please cve-assign
Re: CVE request: Invalid pointer dereference in the GNOME librest library cve-assign
Re: CVE for Kali Linux Alexander Cherepanov
Re: CVE for Kali Linux Alexander Cherepanov
Re: CVE for Kali Linux Marcus Meissner
CVE requests for shibboleth service provider Yves-Alexis Perez
CVE Request: gd buffer read overflow in gd_gif_in.c Francisco Alonso
CVE Request: Linux kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer Petr Matousek
Re: CVE requests for shibboleth service provider cve-assign
Re: CVE Request: gd buffer read overflow in gd_gif_in.c Moritz Muehlenhoff
CVE request: Two vulnerabilities in Tor Moritz Muehlenhoff
Re: CVE Request: gd buffer read overflow in gd_gif_in.c cve-assign
CVE request: Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities Henri Salo
CVE-2015-0841: off-by-one error in network code of monopd/libcapsinetwork Florian Weimer
Re: CVE for Kali Linux Alexander Cherepanov
Re: CVE Request: Linux kernel: sys_sendto/sys_recvfrom does not validate the user provided ubuf pointer cve-assign
Re: CVE requests for shibboleth service provider Yves-Alexis Perez
Re: CVE for Kali Linux Marcus Meissner
Re: CVE Request: ZIP Integer Overflow leads to writing past heap boundary Thomas Klausner
CVE request for OpenStack Compute (nova) Garth Mollett
CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Kurt Seifried
CVE-2015-1820: ruby rest-client session fixation vulnerability Andy Brody
CVE request Qemu: malicious PRDT flow from guest to host P J P
Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Dave Horsfall
2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried
Re: CVE request: Two vulnerabilities in Tor Salvatore Bonaccorso
Re: CVE request: Two vulnerabilities in Tor Kurt Seifried

Tuesday, 24 March

CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder Petr Matousek
Re: CVE request for OpenStack Compute (nova) cve-assign
CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation P J P
Re: CVE request for OpenStack Compute (nova) Garth Mollett
Re: CVE for Kali Linux Marcus Meissner
Re: Re: CVE request for OpenStack Compute (nova) Jeremy Stanley
Re: CVE-2014-8166 cups: code execution via unescape ANSI escape sequences Florian Weimer
Re: CVE request: Two vulnerabilities in Tor Kurt Seifried
Re: CVE for Kali Linux Alexander Cherepanov
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer
Re: CVE request Linux kernel: fs: btrfs: non-atomic xattr replace operation cve-assign
CVE-2013-1666 description still missing Henri Salo
Re: CVE request: Two vulnerabilities in Tor cve-assign
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Kurt Seifried
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Eric Windisch
CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Trevor Jay

Wednesday, 25 March

Re: CVE request for OpenStack Compute (nova) cve-assign
CVS-Request: realmd code execution/auth bypass Sebastian Krahmer
Re: CVE request for OpenStack Compute (nova) Jeremy Stanley
Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer
Re: CVS-Request: realmd code execution/auth bypass cve-assign

Thursday, 26 March

Fwd: setroubleshoot root exploit (CVE-Request) Sebastian Krahmer
Re: Fwd: setroubleshoot root exploit (CVE-Request) Huzaifa Sidhpurwala
Re: Fwd: setroubleshoot root exploit (CVE-Request) Solar Designer
Re: CVE requests for Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2015-001 cve-assign
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign

Friday, 27 March

Re: CVE request: denial of service in Quassel Pierre Schweitzer
Re: Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Alexander Cherepanov
CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Hector Marco
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g Jodie Cunningham
CVE request: Erlang POODLE TLS vulnerability Hanno Böck
Fwd: Insecure file upload in Berta CMS Simon Waters
Re: CVE-Request: AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%. Solar Designer
Re: CVE request: Erlang POODLE TLS vulnerability cve-assign
Re: CVE request: denial of service in Quassel cve-assign
Re: CVE request: denial of service in Quassel Pierre Schweitzer
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign
Re: CVE Request: Multiple vulnerabilities in freexl 1.0.0g cve-assign
Advisory: CVE-2014-9707: GoAhead Web Server 3.0.0 - 3.4.1 Matthew Daley
Advisory: CVE-2014-9708: Appweb Web Server Matthew Daley
Re: CVE request: denial of service in Quassel cve-assign
Re: Fwd: Insecure file upload in Berta CMS cve-assign

Saturday, 28 March

CVE Request: arj: free on invalid pointer due to to buffer overflow Salvatore Bonaccorso
New Rootkit - Lightweight rootkit implemented by bash shell scripts v0.10 wzt wzt
CVE request (Debian specific): slapd: dangerous access rule in default config Yves-Alexis Perez
Re: CVE Request: arj: free on invalid pointer due to to buffer overflow cve-assign
Re: CVE request (Debian specific): slapd: dangerous access rule in default config cve-assign

Sunday, 29 March

CVE request: XSS in roundcube before 1.1.0 Hanno Böck
Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) Hanno Böck
CVE request: 2 issues in inspircd Sébastien Delafond
Re: CVE request: XSS in roundcube before 1.1.0 Salvatore Bonaccorso
Re: potrace: possible heap overflow cve-assign
Re: byzanz: Out-of heap-based buffer write in GIF encoder cve-assign
Re: some older pbm2l2030 stuff cve-assign
CVE Request: CSRF in Realms Wiki Javantea
CVE Request: Remote Code Execution in Realms Wiki install.sh Javantea
Security advisory for musl libc - stack-based buffer overflow in ipv6 literal parsing [CVE-2015-1817] Rich Felker
CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c Salvatore Bonaccorso
CVE Request: ikiwiki: cross-site scripting via openid_identifier Salvatore Bonaccorso

Monday, 30 March

Re: some older pbm2l2030 stuff Vasyl Kaigorodov
Re: Insecure file upload in Berta CMS Simon Waters
CVE Request: ikiwiki: cross-site scripting via openid_identifier Vasyl Kaigorodov
Re: CVS-Request: realmd code execution/auth bypass Sebastian Krahmer
Re: CVE Request: DBD-Firebird: Buffer Overflow in dbdimp.c cve-assign
Re: CVS-Request: realmd code execution/auth bypass cve-assign
Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier Simon McVittie
Fwd: CVE-2015-0249: Apache Roller allows admin users to execute arbitrary Java code Dave
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks
Re: CVE Request: ikiwiki: cross-site scripting via openid_identifier cve-assign
Re: Fw: GNU Libtasn1 4.4 released ( fixes stack overflow in asn1_der_decoding) cve-assign
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan

Tuesday, 31 March

CVE request: freebsd/sh stack overflow vulnerability wzt wzt
Xen Security Advisory 125 (CVE-2015-2752) - Long latency MMIO mapping operations are not preemptible Xen . org security team
Xen Security Advisory 127 (CVE-2015-2751) - Certain domctl operations may be abused to lock up the host Xen . org security team
Xen Security Advisory 126 (CVE-2015-2756) - Unmediated PCI command register access in qemu Xen . org security team
Xen Security Advisory 120 (CVE-2015-2150) - Non-maskable interrupts triggerable by guests Xen . org security team
Re: 2 moderate (borderline low) docker flaws fixed in >=1.5 and possibly earlier Florian Weimer

Previous period

Next period