oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

658 messages starting Apr 01 17 and ending Jun 30 17
Date index | Thread index | Author index

Saturday, 01 April

podofo: heap-based buffer overflow in PoDoFo::PdfPainter::ExpandTabs (PdfPainter.cpp) Agostino Sarubbo
podofo: heap-based buffer overflow in PoDoFo::PdfSimpleEncoding::ConvertToEncoding (PdfEncoding.cpp) Agostino Sarubbo
podofo: four null pointer dereference Agostino Sarubbo
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Solar Designer
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Solar Designer

Monday, 03 April

Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Martin Prpic
CVE-2017-7377 Qemu: 9pfs: host memory leakage via v9fs_create P J P
CVE-2017-7239: ninka license identification tool: insufficient escaping of external input [vs] Dirk-Willem van Gulik
CVE Request - XStream: DoS when unmarshalling void Jörg Schaible

Tuesday, 04 April

CVE-2017-2667: Hammer CLI SSL certificate verification disabled Dominic Cleal
Re: CVE-2017-7184: kernel: Local privilege escalation in XFRM framework Vladis Dronov
Xen Security Advisory 212 (CVE-2017-7228) - x86: broken check in memory_exchange() permits PV guest breakout Xen . org security team
[CVE-2017-5649] Apache Geode information disclosure vulnerability Anthony Baker
[SECURITY ADVISORY] curl: --write-out out of buffer read Daniel Stenberg
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Marcus Meissner
Django security releases issued: 1.10.7, 1.9.13, and 1.8.18 Tim Graham
Re: Linux kernel ping socket / AF_LLC connect() sin_family race Kurt Seifried

Wednesday, 05 April

Blind SQL Injection and persistent XSS in Wordpress plugin image-gallery-with-slideshow v1.5.2 Larry W. Cashdollar
[OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) Tristan Cacqueray
libxslt math.random issue Marcus Meissner
Re: libxslt math.random issue Florian Weimer

Thursday, 06 April

Re: libxslt math.random issue Hanno Böck
Re: libxslt math.random issue Marcus Meissner
CVE Request: Interger overflow vulnerability in ptp_unpack_OPL function of libmtp (version 1.1.12 and below) 王永科
CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) 王永科
CVE-2017-2672: Foreman image password disclosure in audit log Dominic Cleal
Re: CVE Request: Interger overflow vulnerability in ptp_unpack_EOS_CustomFuncEx function of libmtp (version 1.1.12 and below) Agostino Sarubbo
WebKitGTK+ Security Advisory WSA-2017-0003 Carlos Alberto Lopez Perez

Friday, 07 April

CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo
CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization Matthias Gerstner
[CVE-2016-6805] Arbitrary File Read due to eXternal Xml Entity attack in Apache Ignite Denis Magda
Re: libxslt math.random issue Frank Ch. Eigler
Re: Re: libxslt math.random issue Florian Weimer
Request CVE ID for information disclosure present in ForgeRock OpenIDM 4.0.0 and 4.5.0 Oliveira Lima

Monday, 10 April

CVE-2017-7592: libtiff: left shift Agostino Sarubbo
CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo
CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c Agostino Sarubbo
libtiff: divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) Agostino Sarubbo
libtiff: multiple UBSAN crashes Agostino Sarubbo
libaacplus: signed integer overflow, left shift and assertion failure Agostino Sarubbo
imagemagick: undefined behavior in coders/rle.c Agostino Sarubbo
elfutils: heap-based buffer overflow in handle_gnu_hash (readelf.c) Agostino Sarubbo
elfutils: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) Agostino Sarubbo
Re: CVE-2017-7592: libtiff: left shift Simon McVittie
elfutils: memory allocation failure in __libelf_decompress (elf_compress.c) Agostino Sarubbo
elfutils: heap-based buffer overflow in check_group (elflint.c) Agostino Sarubbo
elfutils: heap-based buffer overflow in check_symtab_shndx (elflint.c) Agostino Sarubbo
elfutils: heap-based buffer overflow in check_sysv_hash (elflint.c) Agostino Sarubbo
elfutils: memory allocation failure in xcalloc (xmalloc.c) Agostino Sarubbo
binutils: two NULL pointer dereference in elflink.c Agostino Sarubbo
Re: binutils: two NULL pointer dereference in elflink.c Marcus Meissner
alloca in inline functions can be dangerous Jason A. Donenfeld
web2py: CVE-2016-10321: does not check if a host is denied before verifying passwords Salvatore Bonaccorso
Re: alloca in inline functions can be dangerous Leandro Pereira
[SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure Mark Thomas
[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service Mark Thomas
[SECURITY] CVE-2017-5648 Apache Tomcat Information Disclosure Mark Thomas
[SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure Mark Thomas

Tuesday, 11 April

CVE-2017-2669: Dovecot DoS when passdb dict was used for authentication Aki Tuomi

Wednesday, 12 April

libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo
Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo
Re: CVE-2017-7592: libtiff: left shift Hanno Böck
ISC announces three BIND vulnerabilities Michael McNally
Re: CVE Request - XStream: DoS when unmarshalling void Andrej Nemec

Thursday, 13 April

libsndfile: invalid memory READ and invalid memory WRITE in flac_buffer_copy (flac.c) Agostino Sarubbo

Friday, 14 April

Re: CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) Pali Rohár
Re: alloca in inline functions can be dangerous Florian Weimer
Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman

Saturday, 15 April

Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Agostino Sarubbo
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Leo Famulari
Re: alloca in inline functions can be dangerous Andreas Lausch-Waas
Re: Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Nick Boyce

Sunday, 16 April

Re: libsamplerate: global buffer overflow in calc_output_single (src_sinc.c) Ian Zimmerman
MantisBT - Full admin access vulnerability 7b4xrw+5q6jtt69cnwlw
Re: MantisBT - Full admin access vulnerability - CVE-2017-7615 Damien Regad
Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler

Monday, 17 April

Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Greg KH
CVE-2017-5645: Apache Log4j socket receiver deserialization vulnerability Matt Sicker
Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Solar Designer
Additional information for packagers concerning recent BIND security vulnerabilities ISC Security Officer
Re: Re: CVE Request: Cap'n Proto: Bounds check elided by compiler optimization Kenton Varda
[ANNOUNCE] HPACK Bomb Attack vulnerability in ATS - CVE-2016-5396 Bryan Call
[ANNOUNCE] Chunking and content-length vulnerability in ATS - CVE-2017-5659 Bryan Call

Tuesday, 18 April

[CVE-2017-5662] Apache Batik information disclosure vulnerability Simon Steiner
[CVE-2017-5661] Apache XML Graphics FOP information disclosure vulnerability Simon Steiner
New security advisories for Apache CXF Colm O hEigeartaigh
Re: Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass Brad Spengler
CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow Solar Designer
Re: Apache XML Graphics FOP information disclosure vulnerability Ian Zimmerman
[SECURITY ADVISORY] curl: TLS session resumption client cert bypass (again) Daniel Stenberg

Wednesday, 19 April

CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host P J P
CVE-2017-7874 versus CVE-2009-1185 ? Sebastian Krahmer
CVE-2017-7718 Qemu: display: cirrus: OOB read access issue P J P
Re: CVE-2017-7874 versus CVE-2009-1185 ? Marcus Meissner
CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Filippo Cavallarin
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski

Thursday, 20 April

CVE-2017-7979: Linux kernel: local DoS via packet action API Fabian Grünbichler
Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover
CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Andrej Nemec
Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage

Friday, 21 April

CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines P J P

Saturday, 22 April

CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Xiaobo Xiang
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Agostino Sarubbo
Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp) Xiaobo Xiang

Sunday, 23 April

libcroco: heap overflow and undefined behavior Agostino Sarubbo
imageworsener: divide-by-zero in iwgif_record_pixel (imagew-gif.c) Agostino Sarubbo
imageworsener: multiple vulnerabilities Agostino Sarubbo

Monday, 24 April

Re: CVE Request: podofo: stack overflow in PoDoFo::PdfParser::ReadDocumentStructure(PdfParser.cpp ) Andrej Nemec
Re: libcroco: heap overflow and undefined behavior Marcus Meissner
remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox
CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld
Re: CVE request: remote heap overflow in linux networking stack Solar Designer
SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Bob Friesenhahn
Re: CVE-2017-7692: Squirrelmail 1.4.22 Remote Code Execution Dawid Golunski
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Kurt Seifried

Tuesday, 25 April

[ANNOUNCE] CVE-2015-7559 - DoS in client via shutdown command Dejan Bosanac
CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c Andrej Nemec
CVE-2017-8086 Qemu: 9pfs: host memory leakage via v9pfs_list_xattr P J P
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld
Re: CVE request: remote heap overflow in linux networking stack Andrej Nemec
[OSSA-2017-004] federated user gets wrong role (CVE-2017-2673) Tristan Cacqueray
CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability Chris Douglas
CVE-2017-3161: Apache Hadoop NameNode XSS vulnerability Chris Douglas
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Stuart Gathman
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dimitrios Glynos

Wednesday, 26 April

CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2 P J P
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski
Multiple vulnerabilities in Jenkins Daniel Beck
Re: CVE request: remote heap overflow in linux networking stack Jason A. Donenfeld
kedpm: Information leak via the command history file Antoine Beaupré
Re: SquirrelMail <= 1.4.23 Remote Code Execution (CVE-2017-7692) Dawid Golunski

Thursday, 27 April

CVE-2017-8288: gnome-shell may leave extensions enabled in the lock screen Emilio Pozuelo Monfort
Re: kedpm: Information leak via the command history file Emilio Pozuelo Monfort
CVE Request: Two memory corruption vulnerabilities ldns 1.7 Stephan Zeisberg
Re: kedpm: Information leak via the command history file Antoine Beaupré
Re: CVE Request: Two memory corruption vulnerabilities ldns 1.7 Andrej Nemec
Re: MITRE is adding data intake to its CVE ID process Solar Designer
Re: MITRE is adding data intake to its CVE ID process Kurt Seifried
Re: MITRE is adding data intake to its CVE ID process Solar Designer
CVE-2017-8291 ghostscript remote code execution Marcus Meissner
CVE-2017-8301: TLS verification vulnerability in LibreSSL 2.5.1 - 2.5.3 Jakub Jirutka
Re: MITRE is adding data intake to its CVE ID process Kash Pande
Re: CVE-2017-8283 Directory traversal in dpkg-source via indented patches on non-GNU systems Guillem Jover
Re: CVE-2017-8291 ghostscript remote code execution security

Friday, 28 April

Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier
Re: CVE-2017-8291 ghostscript remote code execution Kurt H Maier
CVE-2017-7475 Cairo-1.15.4 Denial-of-Service Attack due to Logical Problem in Program 李琪
Re: CVE-2017-8291 ghostscript remote code execution David Black
Re: CVE-2017-8291 ghostscript remote code execution redrain root
Re: CVE-2017-8291 ghostscript remote code execution Tavis Ormandy

Saturday, 29 April

Re: CVE-2017-8291 ghostscript remote code execution redrain root
Re: mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c) Agostino Sarubbo
Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c) Agostino Sarubbo
Re: CVE-2017-7578: libming: heap overflow in parser.c (Incomplete fix for CVE-2016-9831) Agostino Sarubbo
Re: libming: listswf: NULL pointer dereference in dumpBuffer (read.c) Agostino Sarubbo
Re: libming: listswf: heap-based buffer overflow in _iprintf (outputtxt.c) Agostino Sarubbo
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo
Re: libming: listswf: heap-based buffer overflow in parseSWF_RGBA (parser.c) Agostino Sarubbo
Re: libming: listmp3: left shift in listmp3.c Agostino Sarubbo
Re: libming: listmp3: global-buffer-overflow in printMP3Headers (listmp3.c) Agostino Sarubbo
SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Securify B.V.

Sunday, 30 April

imageworsener: memory allocation failure in my_mallocfn (imagew-cmd.c) Agostino Sarubbo
imageworsener: two left shift Agostino Sarubbo
imageworsener: heap-based buffer overflow in iw_process_cols_to_intermediate (imagew-main.c) Agostino Sarubbo
Arbitrary file upload vulnerability in Wordpress plugin flickr-picture-backup v0.7 Larry W. Cashdollar
radicale: CVE-2017-8342: prone to timing oracles and simple bruteforce attacks Salvatore Bonaccorso

Monday, 01 May

libsndfile: global buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo
libsndfile: invalid memory read in flac_buffer_copy (flac.c) Agostino Sarubbo
libsndfile: heap-based buffer overflow in flac_buffer_copy (flac.c) Agostino Sarubbo
rzip: heap-based buffer overflow in read_buf (stream.c) Agostino Sarubbo
libsndfile: global buffer overflow in i2les_array (pcm.c) Agostino Sarubbo
ettercap: etterfilter: heap-based buffer overflow write Agostino Sarubbo
libmad: assertion failure in layer3.c Agostino Sarubbo
libmad: heap-based buffer overflow in mad_layer_III (layer3.c) Agostino Sarubbo
libmad: heap-based buffer overflow in mad_bit_skip (bit.c) Agostino Sarubbo
Re: SyntaxHighlight MediaWiki extension allows injection of arbitrary Pygments options Brian Wolff
telegram-desktop: insecure permission of $HOME/.TelegramDesktop directory Agostino Sarubbo
libarchive: two heap-based buffer overflow read Agostino Sarubbo
terminal emulators' processing of escape sequences Solar Designer
RuboCop: insecure use of /tmp Jakub Wilk
Integer Overflow in rxvt Jason A. Donenfeld
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez
Re: terminal emulators' processing of escape sequences Yves-Alexis Perez
Re: Integer Overflow in rxvt Jason A. Donenfeld
Re: terminal emulators' processing of escape sequences Michal Zalewski
Re: terminal emulators' processing of escape sequences Robert Święcki

Tuesday, 02 May

Re: terminal emulators' processing of escape sequences Steve Kemp
Xen Security Advisory 214 - grant transfer allows PV guest to elevate privileges Xen . org security team
Xen Security Advisory 213 - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team
Xen Security Advisory 215 - possible memory corruption via failsafe callback Xen . org security team
CVE-2017-7645 Linux kernel: nfsd: remote DoS Ari Kauppi
CVE-2017-7895 Linux kernel: nfsd: Remote arbitrary memory read Ari Kauppi
Re: terminal emulators' processing of escape sequences Solar Designer

Wednesday, 03 May

CVE-2017-8309 Qemu: audio: host memory leakage via capture buffer P J P
CVE-2017-8379 Qemu: input: host memory lekage via keyboard P J P
CVE-2017-8380 Qemu: scsi: megasas: out-of-bounds read in megasas_mmio_write P J P
Re: terminal emulators' processing of escape sequences Guido Berhoerster
[oss-security]Sourcetree arbitrary command execution redrain root
Re: terminal emulators' processing of escape sequences Robert Święcki
[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15 Sysdream Labs
[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin Sysdream Labs
Re: [oss-security]Sourcetree arbitrary command execution Adrien Nader
MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár
Re: MySQL - Again Riddle vulnerability (public disclosure) Pali Rohár
rpcbomb: remote rpcbind denial-of-service Guido Vranken
[white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski
Re: rpcbomb: remote rpcbind denial-of-service Seth Arnold
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Sam Pizzey

Thursday, 04 May

Re: rpcbomb: remote rpcbind denial-of-service Guido Vranken

Friday, 05 May

Re: rpcbomb: remote rpcbind denial-of-service Marcus Meissner
Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer

Sunday, 07 May

libpcre: heap-based buffer overflow write in pcre2test.c Agostino Sarubbo
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Kash Pande
Re: rpcbomb: remote rpcbind denial-of-service Salvatore Bonaccorso
Re: [white-paper] Pwning PHP mail() function For Fun And RCE (ver 1.0) Dawid Golunski

Monday, 08 May

Reminder about CVE process? Perry E. Metzger
Re: terminal emulators' processing of escape sequences Shiz
CVE updates: fixes in Apache Atlas 0.7.1-incubating Madhan Neethiraj
Re: Reminder about CVE process? Cliff Perry
Re: terminal emulators' processing of escape sequences Ryan Munz
libetpan: NULL dereference vulnerability Perry E. Metzger
Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Russ Cox
Re: Re: remote DoS via CPU exhaustion in anon FTP server glob expansion Kurt Seifried
Re: rpcbomb: remote rpcbind denial-of-service Florian Weimer
lxterminal: insecurely uses /tmp for a socket file Medical Wei

Tuesday, 09 May

lrzip: divide-by-zero in bufRead::get (libzpaq.h) Agostino Sarubbo
lrzip: NULL pointer dereference in bufRead::get (libzpaq.h) Agostino Sarubbo
lrzip: NULL pointer dereference in join_pthread (stream.c) Agostino Sarubbo
lrzip: invalid memory read in lzo_decompress_buf (stream.c) Agostino Sarubbo
lrzip: heap-based buffer overflow write in read_1g (stream.c) Agostino Sarubbo
lrzip: use-after-free in read_stream (stream.c) Agostino Sarubbo
Numerous FreeTDS crashes fixed on master Brandon Perry
CVE-2016-6799: Internal system information leak Simon MacDonald
CVE Request: Denial of Service in Dropbox lepton Insu Yun
Re: CVE Request: Denial of Service in Dropbox lepton Seth Arnold

Wednesday, 10 May

generic kde LPE Sebastian Krahmer
Re: generic kde LPE Simon McVittie
Re: CVE Request: Denial of Service in Dropbox lepton Insu Yun
Dolibarr ERP & CRM - Multiple Issues FOXMOLE Advisories
Re: Numerous FreeTDS crashes fixed on master Brandon Perry
Re: CVE-2017-7308: Linux kernel: integer overflow in packet_set_ring Andrey Konovalov

Thursday, 11 May

CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Vladis Dronov
CVE-2017-8798 - miniupnpc integer signedness error when parsing a chunked encoded http response oststrom (public)

Friday, 12 May

Xen Security Advisory 213 (CVE-2017-8903) - x86: 64bit PV guest breakout via pagetable use-after-mode-change Xen . org security team
Xen Security Advisory 215 (CVE-2017-8905) - possible memory corruption via failsafe callback Xen . org security team
Xen Security Advisory 214 (CVE-2017-8904) - grant transfer allows PV guest to elevate privileges Xen . org security team
CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov
Multiple crashes in OpenEXR Brandon Perry
Re: Multiple crashes in OpenEXR Henri Salo
Re: Multiple crashes in OpenEXR Brandon Perry
CVE-2017-8921: directory traversal vulnerability in FlightGear Florent Rougon

Saturday, 13 May

Kernel 4.1.y might not contain patches for CVE-2016-10229 Yury German

Sunday, 14 May

Re: Kernel 4.1.y might not contain patches for CVE-2016-10229 Greg KH
Invalid writes and reads in libxml2 Marcel Böhme
CVE-2017-7495 kernel : information leak on ext4 when hardware reset. Wade Mealing

Monday, 15 May

CVE-2017-8933 libmenu-cache: socket may be blocked by another user Yao Wei
CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Yao Wei
Re: CVE-2017-8934 pcmanfm: single instance socket may be blocked by another user Guido Berhoerster

Tuesday, 16 May

NetBSD/pkgsrc membership on distros list Solar Designer
Two new security advisories for Apache CXF Fediz Colm O hEigeartaigh
Re: NetBSD/pkgsrc membership on distros list Alistair Crooks
Re: NetBSD/pkgsrc membership on distros list Solar Designer
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas
Re: NetBSD/pkgsrc membership on distros list Christos Zoulas
Re: NetBSD/pkgsrc membership on distros list Alistair Crooks
Re: NetBSD/pkgsrc membership on distros list Solar Designer
Re: Integer Overflow in rxvt Jason A. Donenfeld
Re: terminal emulators' processing of escape sequences Solar Designer
Re: terminal emulators' processing of escape sequences Robert Święcki
Re: terminal emulators' processing of escape sequences Marc Lehmann

Wednesday, 17 May

Re: terminal emulators' processing of escape sequences Jason A. Donenfeld
Re: terminal emulators' processing of escape sequences Dominique Martinet
Re: terminal emulators' processing of escape sequences Robert Święcki
CVE-2017-7493 Qemu: 9pfs: guest privilege escalation in virtfs mapped-file mode P J P
Re: terminal emulators' processing of escape sequences Solar Designer
Defense in depth patch for rxvt-unicode Jason A. Donenfeld
AW: terminal emulators' processing of escape sequences Fiedler Roman
Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor
Re: Cross-Site Request Forgery in WordPress Connection Information Summer of Pwnage
rxvt-unicode "insecure" setting [Was: terminal emulators' processing of escape sequences] Ian Zimmerman
Re: Dolibarr ERP & CRM - Multiple Issues Stefan Pietsch
Re: Dolibarr ERP & CRM - Multiple Issues Brandon Perry
Re: terminal emulators' processing of escape sequences Simon Lees
Re: terminal emulators' processing of escape sequences Robert Święcki
Re: terminal emulators' processing of escape sequences Robert Święcki
Re: Defense in depth patch for rxvt-unicode Marc Lehmann
Re: terminal emulators' processing of escape sequences Marc Lehmann

Thursday, 18 May

Re: Defense in depth patch for rxvt-unicode Jason A. Donenfeld
libytnef: CVE-2017-9058: heap-based buffer overflow in SIZECHECK (ytnef.c) Sébastien Delafond
binutils: multiple crashes Agostino Sarubbo
Re: terminal emulators' processing of escape sequences Daniel Kahn Gillmor
Deluge: CVE-2017-9031: WebUI component: directory traversal vulnerability Salvatore Bonaccorso
jUDDI Security Bulletin Alex O'Ree

Friday, 19 May

CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device P J P
Re: terminal emulators' processing of escape sequences Tavis Ormandy
Re: terminal emulators' processing of escape sequences Yui Hirasawa
[SECURITY] CVE-2017-5657: Apache Archiva CSRF vulnerability for REST endpoints Martin

Saturday, 20 May

ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Salvatore Bonaccorso
Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Ian Zimmerman
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Leo Famulari
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn

Sunday, 21 May

Re: Invalid writes and reads in libxml2 Manh Dung Nguyen

Monday, 22 May

Code Execution through a variety Java (Un-)Marshallers Moritz Bechler
Re: Multiple crashes in OpenEXR Brandon Perry
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Jodie Cunningham
How to request a CVE for open source projects Michael Catanzaro
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann
Re: How to request a CVE for open source projects Marcus Meissner
Re: How to request a CVE for open source projects Jeremy Stanley
Re: How to request a CVE for open source projects Kurt Seifried
Re: How to request a CVE for open source projects Anthony Sasadeusz
Re: How to request a CVE for open source projects Kurt H Maier
Re: How to request a CVE for open source projects Martin
Re: How to request a CVE for open source projects Kurt Seifried
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn
Re: How to request a CVE for open source projects Kurt H Maier
Re: How to request a CVE for open source projects Kurt Seifried
Re: How to request a CVE for open source projects Kurt Seifried
Re: How to request a CVE for open source projects Kurt H Maier
Re: How to request a CVE for open source projects Kurt Seifried
Re: How to request a CVE for open source projects Kurt H Maier
Re: How to request a CVE for open source projects Perry E. Metzger

Tuesday, 23 May

Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Solar Designer
imageworsener: multiple vulnerabilities Agostino Sarubbo
qpdf: three infinite loop in libqpdf Agostino Sarubbo
autotrace: multiple vulnerabilities (The autotrace nightmare) Agostino Sarubbo
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Thomas Deutschmann
[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation Sydream Labs
Re: Re: ImageMagick: CVE-2017-9098: use of uninitialized memory in RLE decoder Bob Friesenhahn
Re: How to request a CVE for open source projects Kurt Seifried
Linux lp.c Out-of-Bounds Write via Kernel Command-line (CVE-2017-1000363) Roee Hay
CVE updates: fixes in Apache Atlas 0.8-incubating Madhan Neethiraj

Wednesday, 24 May

CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Vaibhav Gumashta

Thursday, 25 May

WebKitGTK+ Security Advisory WSA-2017-0004 Carlos Alberto Lopez Perez
independent volunteers on distros list Solar Designer

Friday, 26 May

[ANNOUNCE] CVE-2017-5646: Apache Knox Impersonation Issue for WebHDFS larry mccay

Sunday, 28 May

Gajim: CVE-2016-10376: possible to remote extract plain-text from encrypted sessions Salvatore Bonaccorso

Monday, 29 May

CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass Pavel Kankovsky
Re: independent volunteers on distros list Josh Bressers

Tuesday, 30 May

Linux kernel: stack buffer overflow with controlled payload in get_options() function Ilya Matveychikov
Blind SQL Injection in Wordpress plugin eventr v1.02.2 Larry W. Cashdollar
SQL Injection in Wordpress plugin surveys v1.01.8 Larry W. Cashdollar
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Simon McVittie
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function kseifried () redhat com
Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Hanno Böck
Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux kseifried () redhat com
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Linux kernel: memory corruptions in IPv4/IPv6 TCP/SCTP/DCCP sockets Andrey Konovalov
Linux kernel: CVE-2017-9242: out-of-bounds write in __ip6_append_data Andrey Konovalov
Linux kernel: CVE-2017-9074: out-of-bounds read in ip6_fragment Andrey Konovalov
Re: CVE-2016-3083: Apache Hive SSL vulnerability bug disclosure Sergio Pena
Blind SQL Injection in Wordpress Plugin Easy Team Manager v1.3.2 Larry W. Cashdollar
CVE-2017-9310 Qemu: net: infinite loop in e1000e NIC emulation P J P

Wednesday, 31 May

CVE request form not working Peter Bex
Re: CVE request form not working Agostino Sarubbo
Re: CVE request form not working Peter Bex
I found Crash in tcpdump and radare2. Qhdwns123
Re: I found Crash in tcpdump and radare2. Hanno Böck
Re: I found Crash in tcpdump and radare2. Solar Designer
Information on recent sqlite3 issues? Moritz Muehlenhoff
Re: Information on recent sqlite3 issues? Andreas Stieger
Re: Information on recent sqlite3 issues? Agostino Sarubbo

Thursday, 01 June

CVE-2017-9334 CHICKEN Scheme: denial of service due to invalid pointer dereference Peter Bex
CVE-2017-9330 Qemu: usb: ohci: infinite loop due to incorrect return value P J P
Re: Information on recent sqlite3 issues? Johannes Segitz
Re: Information on recent sqlite3 issues? Kurt Seifried
Re: Information on recent sqlite3 issues? Moritz Muehlenhoff
Re: Information on recent sqlite3 issues? Nicholas Luedtke
unresponsive distros Solar Designer
Re: unresponsive distros Liguori, Anthony
Re: unresponsive distros Solar Designer
Re: unresponsive distros Liguori, Anthony
Re: unresponsive distros Liguori, Anthony
Re: unresponsive distros Solar Designer
Re: unresponsive distros Solar Designer
CVE-2017-7669: Apache Hadoop privilege escalation Varun Vasudev

Friday, 02 June

CVE-2017-7505: User scoped in organization with permissions for user management can manage administrators that are not assigned to any organization on Foreman 1.5+ Marek Hulán
What happens in order to get CVE numbers Qhdwns123
Re: What happens in order to get CVE numbers Qhdwns123
Re: What happens in order to get CVE numbers kseifried () redhat com
Unauthenticated Stored XSS Vulnerability in Wordpress plugin gift-certificate-creator v1.0 Larry W. Cashdollar
Arbitrary terminal access via sudo on Linux Todd C. Miller
Re: Arbitrary terminal access via sudo on Linux Kurt Seifried
Re: Arbitrary terminal access via sudo on Linux Todd C. Miller
Re: What happens in order to get CVE numbers Leo Famulari
Re: What happens in order to get CVE numbers Kurt Seifried

Saturday, 03 June

Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer
TIOCSTI not going away Solar Designer
Re: TIOCSTI not going away Karel Zak
Re: TIOCSTI not going away Lizzie Dixon

Sunday, 04 June

Re: Information on recent sqlite3 issues? Moritz Muehlenhoff

Monday, 05 June

CVE-2017-9373 Qemu: ide: ahci host memory leakage during hotunplug P J P
CVE-2017-9375 Qemu: usb: xhci infinite recursive call via xhci_kick_ep P J P
Re: Information on recent sqlite3 issues? Salvatore Bonaccorso

Tuesday, 06 June

Crypto++ and invalid read in decompressor class Jeffrey Walton
CVE-2017-9374 Qemu: usb: ehci host memory leakage during hotunplug P J P
FYI: Irssi Security Advisory 2017/06 Ailin Nemui
CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass (erratum) Pavel Kankovsky
Re: Arbitrary terminal access via sudo on Linux Qualys Security Advisory

Wednesday, 07 June

two heap overflows in raptor Hanno Böck
Re: CVE-2017-9468, CVE-2017-9469: Irssi Security Advisory 2017/06 Ailin Nemui
ytnef: heap-based buffer overflow in PrintTNEF (ytnefprint/main.c) Agostino Sarubbo
ytnef: NULL pointer dereference in MAPIPrint (ytnef.c) Agostino Sarubbo
ytnef: heap-based-buffer overflow in SwapWord (ytnef.c) Agostino Sarubbo
ytnef: heap-based buffer overflow in SwapDWord (ytnef.c) Agostino Sarubbo
ytnef: memory allocation failure in TNEFFillMapi (ytnef.c) Agostino Sarubbo
ytnef: heap-based buffer overflow in DecompressRTF (ytnef.c) Agostino Sarubbo
CVE update - fixed in Apache Ranger 0.7.1 Velmurugan Periasamy
CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command P J P

Thursday, 08 June

Re: [FD] libcroco multiple vulnerabilities Alan Coopersmith
Vixie/ISC Cron group crontab to root escalation Solar Designer
How long does DWF usually take to issue cve? Qhdwns123
Is not memory allocation failure a bug? Qhdwns123
Re: Is not memory allocation failure a bug? Marcus Meissner
Re: How long does DWF usually take to issue cve? Kurt Seifried
Re: Is not memory allocation failure a bug? Bob Friesenhahn
Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson
Re: Is not memory allocation failure a bug? Kurt Seifried
MySQL - use-after-free after mysql_stmt_close() Pali Rohár
Re: Vixie/ISC Cron group crontab to root escalation Ian Zimmerman

Friday, 09 June

Security bug report read-protected Qhdwns123
Re: Security bug report read-protected Johannes Bauer
Re: Security bug report read-protected Andreas Stieger
Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas
Re: Vixie/ISC Cron group crontab to root escalation Solar Designer
Re: Vixie/ISC Cron group crontab to root escalation Christos Zoulas
Re: Vixie/ISC Cron group crontab to root escalation Salvatore Bonaccorso

Saturday, 10 June

Berkeley DB reads DB_CONFIG from cwd Jakub Wilk

Sunday, 11 June

[ANNOUNCE] Apache NiFi CVE-2017-7667 and CVE-2017-7665 Matt Gilman

Monday, 12 June

CVE-2017-9524 Qemu: nbd: segmentation fault due to client non-negotiation P J P
Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko
Re: Vixie/ISC Cron group crontab to root escalation Casper . Dik
Re: Vixie/ISC Cron group crontab to root escalation Alan Coopersmith
Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár

Tuesday, 13 June

Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman
Re: Vixie/ISC Cron group crontab to root escalation Jakub Wilk
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Adam Maris
OpenJDK: java(1): untrusted search path Jakub Wilk
Re: Vixie/ISC Cron group crontab to root escalation Florian Weimer
Re: Vixie/ISC Cron group crontab to root escalation Fiedler Roman
Re: OpenJDK: java(1): untrusted search path Stiepan
Re: Linux kernel: drm/vmwgfx: 4 byte read of uninitialised kernel memory in vmw_gb_surface_define_ioctl() Murray McAllister
[SECURITY ADVISORY] curl: URL file scheme drive letter buffer overflow Daniel Stenberg

Wednesday, 14 June

Re: Qualys Security Advisory - CVE-2017-1000367 in Sudo's get_process_ttyname() for Linux Qualys Security Advisory
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer
BIND9 CVE-2017-3140 & CVE-2017-3141 ISC Security Officer

Thursday, 15 June

Re: Re: MySQL - use-after-free after mysql_stmt_close() Adam Maris
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt Seifried
Re: Berkeley DB reads DB_CONFIG from cwd Solar Designer
Re: Re: MySQL - use-after-free after mysql_stmt_close() Kurt H Maier
Re: Re: MySQL - use-after-free after mysql_stmt_close() Feng Cao
Re: Re: MySQL - use-after-free after mysql_stmt_close() kseifried () redhat com
Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal
Re: Re: MySQL - use-after-free after mysql_stmt_close() Seth Arnold
CVE request: sthttpd remote heap buffer overflow Alexandre Rebert
Re: Re: MySQL - use-after-free after mysql_stmt_close() Brian May
Do I have to inform someone about CVE? Qhdwns123
Re: Do I have to inform someone about CVE? Solar Designer
Re: Do I have to inform someone about CVE? Kurt Seifried
two vulns in uClibc-0.9.33.2 fefe
Re: two vulns in uClibc-0.9.33.2 Andrej Nemec
Re: CVE request: sthttpd remote heap buffer overflow Andrej Nemec

Friday, 16 June

Re: two vulns in uClibc-0.9.33.2 Zach W
Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard
Re: two vulns in uClibc-0.9.33.2 Seth Arnold
Re: two vulns in uClibc-0.9.33.2 Kurt Seifried
Re: two vulns in uClibc-0.9.33.2 Michal Zalewski
Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn

Saturday, 17 June

Re: two vulns in uClibc-0.9.33.2 Florian Weimer
Re: two vulns in uClibc-0.9.33.2 Michal Zalewski
Re: two vulns in uClibc-0.9.33.2 Simon McVittie
Re: two vulns in uClibc-0.9.33.2 Jakub Wilk
Expat 2.2.1 security fixes Sebastian Pipping

Monday, 19 June

Qualys Security Advisory - The Stack Clash Qualys Security Advisory
Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com
Re: Qualys Security Advisory - The Stack Clash Daniel Micay
Re: Qualys Security Advisory - The Stack Clash Marcus Meissner
CVE-2017-7659: mod_http2 null pointer dereference Jim Jagielski
Re: Qualys Security Advisor -- The Stack Clash Jeff Law
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law
CVE-2017-7679: Apache httpd 2.x mod_mime buffer overread Jacob Champion
CVE-2017-7668: Apache httpd 2.x ap_find_token buffer overread Jacob Champion
CVE-2017-3169: Apache httpd 2.x mod_ssl null pointer dereference Jacob Champion
CVE-2017-3167: Apache httpd 2.x ap_get_basic_auth_pw authentication bypass Jacob Champion
[SECURITY ADVISORY] c-ares NAPTR parser out of bounds access Daniel Stenberg
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay

Tuesday, 20 June

CVE-request: heap-buffer-overflow in jasper xiaoqixue_1
CVE-request: heap-buffer-overflow in jasper xiaoqixue_1
Xen Security Advisory 217 - page transfer may allow PV guest to elevate privilege Xen . org security team
Xen Security Advisory 221 - NULL pointer deref in event channel poll Xen . org security team
Xen Security Advisory 225 - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team
Xen Security Advisory 222 - stale P2M mappings due to insufficient error checking Xen . org security team
Xen Security Advisory 219 - x86: insufficient reference counts during shadow emulation Xen . org security team
Xen Security Advisory 220 - x86: PKRU and BND* leakage between vCPU-s Xen . org security team
Xen Security Advisory 224 - grant table operations mishandle reference counts Xen . org security team
Xen Security Advisory 223 - ARM guest disabling interrupt may crash Xen Xen . org security team
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team
Xen Security Advisory 218 - Races in the grant table unmap code Xen . org security team
Xen Security Advisory 216 - blkif responses leak backend stack data Xen . org security team
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer Alexander Potapenko
Re: two vulns in uClibc-0.9.33.2 fefe

Wednesday, 21 June

Re: Qualys Security Advisory - The Stack Clash Agostino Sarubbo
Re: CVE-request: heap-buffer-overflow in jasper Emilio Pozuelo Monfort
Re:Re: [oss-security] CVE-request: heap-buffer-overflow in jasper xiaoqixue_1
4 remote vulnerabilities in OpenVPN Guido Vranken
Re: 4 remote vulnerabilities in OpenVPN Solar Designer
Re: 4 remote vulnerabilities in OpenVPN Guido Vranken
Re: Qualys Security Advisory - The Stack Clash Josh Bressers
CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann
Re: Qualys Security Advisory - The Stack Clash Brad Spengler
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: Qualys Security Advisory - The Stack Clash Stuart Henderson
Re: Qualys Security Advisory - The Stack Clash kseifried () redhat com
Re: Qualys Security Advisory - The Stack Clash Jeff Law
Re: Qualys Security Advisory - The Stack Clash Daniel Micay
Re: Re: Qualys Security Advisor -- The Stack Clash Jeff Law
WebKitGTK+ Security Advisory WSA-2017-0005 Carlos Alberto Lopez Perez
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory
Re: Qualys Security Advisory - The Stack Clash Brad Spengler
Re: Qualys Security Advisory - The Stack Clash PaX Team
Re: Qualys Security Advisory - The Stack Clash nospam
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory
Re: Qualys Security Advisory - The Stack Clash Jeff Law
Re: Re: Qualys Security Advisory - The Stack Clash Franz Pletz
Re: Qualys Security Advisory - The Stack Clash Jeff Law
Re: Re: Qualys Security Advisor -- The Stack Clash Daniel Micay
Re: Qualys Security Advisory - The Stack Clash Daniel Micay

Thursday, 22 June

Re: Qualys Security Advisory - The Stack Clash Florian Weimer
Re: Qualys Security Advisory - The Stack Clash Mike O'Connor
Re: Information on recent sqlite3 issues? Johannes Segitz
stackguard fix in Red Hat and Ubuntu kernels Solar Designer
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann
Re: stackguard fix in Red Hat and Ubuntu kernels Greg KH
Re: stackguard fix in Red Hat and Ubuntu kernels Vasily Averin
Re: stackguard fix in Red Hat and Ubuntu kernels Marcus Meissner
Re: stackguard fix in Red Hat and Ubuntu kernels Eduardo Valentin
CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie
Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Florian Weimer

Friday, 23 June

Re: CVE-2017-9780: Flatpak: privilege escalation via setuid/world-writable file permissions Simon McVittie
Re: Qualys Security Advisory - The Stack Clash Jeff Law
Re: Qualys Security Advisory - The Stack Clash Kurt Seifried
CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation P J P
CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy
Re: CVE-2017-9772: OCaml release 4.04.2 Anil Madhavapeddy
charset.alias in pkexec/glib/gnulib (was: glibc locale issues) Jakub Wilk
Re: Re: Qualys Security Advisor -- The Stack Clash Szabolcs Nagy
Remotely exploitable crash in dhcpcd Jason A. Donenfeld
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari
Re: CVE-2017-9772: OCaml release 4.04.2 Leo Famulari
Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb
More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds

Saturday, 24 June

CVE for the TSIG issue in knot? Yves-Alexis Perez
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler
Re: CVE for the TSIG issue in knot? Ondřej Surý
Re: CVE for the TSIG issue in knot? Solar Designer
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Solar Designer
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Shawn
distros list archive Solar Designer
Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Linus Torvalds
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Brad Spengler

Sunday, 25 June

CVE-2017-9669 and CVE-2017-9671: Exploitable buffer overflows in apk (Alpine's package manager) Ariel Zelivansky
Re: Qualys Security Advisory - The Stack Clash Solar Designer
Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Andy Lutomirski

Monday, 26 June

Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Greg KH
CVE-2017-7482 Linux kernel: krb5 ticket decode len check. Wade Mealing
Re: Can someone explain all the CONFIG_VMAP_STACK CVEs lately? Brad Spengler
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Mansour Moufid
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Kurt Seifried
RE: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method Christey, Steven M.
civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Solar Designer
Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kurt Seifried
OpenVPN fuzzers released Guido Vranken
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth Kurt Seifried
re: two vulns in uClibc-0.9.33.2 fefe

Tuesday, 27 June

Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team
Re: Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit meth PaX Team
Re: civilized discussion (Re: More CONFIG_VMAP_STACK vulnerabilities, refcount_t UAF, and an ignored Secure Boot bypass / rootkit method) Kyle R
CVE-2017-8797 Linux kernel: nfsd: remote DoS Ari Kauppi
malicious hypervisor threat was ignored but it is real Mikhail Utin
Re: malicious hypervisor threat was ignored but it is real Solar Designer
CVE-2017-9445: Out-of-bounds write in systemd-resolved with crafted TCP payload Chris Coulson
CoreOS membership to linux-distros Euan Kemp
Re: CoreOS membership to linux-distros Kurt Seifried
Re: CoreOS membership to linux-distros Euan Kemp
[CVE-2017-7686] Apache Ignite Information Disclosure Denis Magda
Re: CoreOS membership to linux-distros Sven Dowideit

Wednesday, 28 June

Re: CoreOS membership to linux-distros Dominique Martinet
lame: multiple vulnerabilities Agostino Sarubbo
lame: global-buffer-overflow in II_step_one (layer2.c) Agostino Sarubbo
lame: global-buffer-overflow in III_i_stereo (layer3.c) Agostino Sarubbo
lame: heap-based buffer overflow in fill_buffer_resample (util.c) Agostino Sarubbo
lame: stack-based buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo
lame: stack-based buffer overflow in III_dequantize_sample (layer3.c) Agostino Sarubbo
lame: multiple left shift Agostino Sarubbo
lame: two UBSAN crashes Agostino Sarubbo
Re: CoreOS membership to linux-distros Sven Dowideit
Re: lame: multiple vulnerabilities Dr. Thomas Orgis
Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory
Re: lame: multiple vulnerabilities Hanno Böck
Re: lame: multiple vulnerabilities Agostino Sarubbo
accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Simon McVittie
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Sven Dowideit

Thursday, 29 June

CVE-2017-10664 Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort P J P
rkhunter: [CVE-2017-7480] Potential RCE after MiTM due to clear text download without signature Michael Scherer
Re: CVE request: sthttpd remote heap buffer overflow Thomas Deutschmann
Re: TIOCSTI not going away Solar Designer
Re: TIOCSTI not going away Nick Kralevich
Re: TIOCSTI not going away Todd C. Miller
Re: TIOCSTI not going away Christos Zoulas
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger

Friday, 30 June

exiv2: multiple memory safety issues Hanno Böck
ISC announces two BIND vulnerabilities ISC Security Officer
Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez
Re: ISC announces two BIND vulnerabilities Solar Designer
Re: ISC announces two BIND vulnerabilities Yves-Alexis Perez
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Seth Arnold
Re: accepting new members to (linux-)distros lists Solar Designer

Previous period

Next period