oss-sec: by date
RSS Feed
About List
All Lists
Previous period
596 messages
starting Jul 01 17 and
ending Sep 30 17
Date index |
Thread index |
Author index
Saturday, 01 July
Re: accepting new members to (linux-)distros lists Mark Hatle
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Stiepan
Sunday, 02 July
systemd fails to parse user that should run service Daniel Skowroński
linux-distros list membership application - CloudLinux Igor Seletskiy
Re: accepting new members to (linux-)distros lists Solar Designer
Re: linux-distros list membership application - CloudLinux Solar Designer
RE: linux-distros list membership application - CloudLinux Bobby Broughton
Re: linux-distros list membership application - CloudLinux Igor Seletskiy
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Anthony Liguori
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists Anthony Liguori
Re: accepting new members to (linux-)distros lists Solar Designer
Monday, 03 July
Re: accepting new members to (linux-)distros lists Mark Hatle
Re: accepting new members to (linux-)distros lists gremlin
CVE-2017-10788 for DBD::mysql (Re: [oss-security] Re: MySQL - use-after-free after mysql_stmt_close()) Pali Rohár
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand
Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists John Haxby
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists John Haxby
Tuesday, 04 July
Re: linux-distros list membership application - CloudLinux Dmitry V. Levin
Re: linux-distros list membership application - CloudLinux Solar Designer
Re: linux-distros list membership application - CloudLinux Solar Designer
Re: linux-distros list membership application - CloudLinux Leonid Kanter
Re: linux-distros list membership application - CloudLinux Solar Designer
jabberd2: CVE-2017-10807: Allows to authenticate using SASL ANONYMOUS even if disabled Salvatore Bonaccorso
Re: linux-distros list membership application - CloudLinux Igor Seletskiy
Wednesday, 05 July
CVE-2017-10789: DBD::mysql - mysql_ssl=1 does not enforce encryption Pali Rohár
Re: systemd fails to parse user that should run service Pali Rohár
Re: systemd fails to parse user that should run service Marcus Meissner
CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Salvatore Bonaccorso
Re: systemd fails to parse user that should run service Casper . Dik
Re: systemd fails to parse user that should run service Ben Tasker
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Lior Kaplan
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Solar Designer
Re: systemd fails to parse user that should run service Simon McVittie
LKML thread "mm: larger stack guard gap, between vmas" partially CC'ed to linux-distros Solar Designer
Re: systemd fails to parse user that should run service Eric Blake
Re: systemd fails to parse user that should run service John Haxby
Re: systemd fails to parse user that should run service Daniel Micay
File upload vulnerability in Kindeditor <= 4.1.12 Larry W. Cashdollar
Re: systemd fails to parse user that should run service John Haxby
Re: systemd fails to parse user that should run service Daniel Micay
Re: systemd fails to parse user that should run service Simon McVittie
Re: systemd fails to parse user that should run service Pali Rohár
Re: systemd fails to parse user that should run service Alan Coopersmith
Re: systemd fails to parse user that should run service Perry E. Metzger
Re: systemd fails to parse user that should run service Perry E. Metzger
Re: systemd fails to parse user that should run service Robert Scheck
Re: systemd fails to parse user that should run service Simon McVittie
Re: systemd fails to parse user that should run service Kristian Fiskerstrand
Re: systemd fails to parse user that should run service Jeremy Stanley
Re: systemd fails to parse user that should run service Kristian Fiskerstrand
Re: systemd fails to parse user that should run service Kristian Fiskerstrand
Re: systemd fails to parse user that should run service Simon McVittie
Re: systemd fails to parse user that should run service Jeffrey Walton
Thursday, 06 July
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner
Re: systemd fails to parse user that should run service Patrick J. Volkerding
Re: systemd fails to parse user that should run service Martin Steigerwald
Re: systemd fails to parse user that should run service Ben Tasker
X.Org X Server stack overflow and information leak Marcus Meissner
Re: systemd fails to parse user that should run service Simon McVittie
Libgcrypt 1.7.8 fixes "Sliding right into disaster" RSA side-channel attack (CVE-2017-7526) Solar Designer
Re: systemd fails to parse user that should run service Leonid Isaev
Re: systemd fails to parse user that should run service Simon McVittie
Re: systemd fails to parse user that should run service Leonid Isaev
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists kseifried () redhat com
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Solar Designer
Re: systemd fails to parse user that should run service Simon McVittie
Re: systemd fails to parse user that should run service Kurt Seifried
Re: systemd fails to parse user that should run service Martin Steigerwald
Friday, 07 July
CVE-2017-10806 Qemu: usb-redirect: stack buffer overflow in debug logging P J P
CVE-2017-10810 Kernel: virtio-gpu: memory leakage while creating gpu object P J P
Irssi 1.0.4: CVE-2017-10965, CVE-2017-10966. Ailin Nemui
[ANNOUNCE] [SECURITY] CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr Shalin Shekhar Mangar
Xen Security Advisory 217 (CVE-2017-10912) - page transfer may allow PV guest to elevate privilege Xen . org security team
Xen Security Advisory 219 (CVE-2017-10915) - x86: insufficient reference counts during shadow emulation Xen . org security team
Xen Security Advisory 216 (CVE-2017-10911) - blkif responses leak backend stack data Xen . org security team
Xen Security Advisory 221 (CVE-2017-10917) - NULL pointer deref in event channel poll Xen . org security team
Xen Security Advisory 220 (CVE-2017-10916) - x86: PKRU and BND* leakage between vCPU-s Xen . org security team
Xen Security Advisory 223 (CVE-2017-10919) - ARM guest disabling interrupt may crash Xen Xen . org security team
Xen Security Advisory 225 (CVE-2017-10923) - arm: vgic: Out-of-bound access when sending SGIs Xen . org security team
Xen Security Advisory 222 (CVE-2017-10918) - stale P2M mappings due to insufficient error checking Xen . org security team
Xen Security Advisory 224 (CVE-2017-10920,CVE-2017-10921,CVE-2017-10922) - grant table operations mishandle reference counts Xen . org security team
Xen Security Advisory 218 (CVE-2017-10913,CVE-2017-10914) - Races in the grant table unmap code Xen . org security team
[ANN] Apache Struts 2: possible RCE in the Struts Showcase app in the Struts 1 plugin example in the Struts 2.3.x series Lukasz Lenart
[cve-request () mitre org: Re: [scr357564] sqlite3 - fix in progress] Seth Arnold
[ANNOUNCE] Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670 Jeff Elsloo
Saturday, 08 July
Re: CVE for the TSIG issue in knot? Salvatore Bonaccorso
Re: accepting new members to (linux-)distros lists Salvatore Bonaccorso
CVE ID for JasPer 2.0.12 NULL Pointer Dereference jp2_encode (jp2_enc.c) Anthony Sasadeusz
Monday, 10 July
xar: NULL pointer dereference in xar_unserialize (archive.c) Agostino Sarubbo
xar: NULL pointer dereference in xar_get_path (util.c) Agostino Sarubbo
mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo
Re: CVE IDs needed for PHP vulnerabilites (affects 5.6.30 and 7.0.20) Marcus Meissner
PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner
Fwd: [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure Sailesh Mukil
CVE-2017-5640 Apache Impala (incubating) Information Disclosure Sailesh Mukil
Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Stanislav Malyshev
Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Kurt Seifried
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Seth Arnold
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Michal Zalewski
Re: [scr358145] pcre-8.41 - 8.41 ben
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried
Re: Re: [scr358145] pcre-8.41 - 8.41 Agostino Sarubbo
Re: Re: PHP CVE assignments: [cve-request () mitre org: Re: [scr358150] 7 PHP CVEs] Marcus Meissner
Tuesday, 11 July
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis
Jenkins plugins -- multiple vulnerabilities Daniel Beck
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Jonas Thiem
Blind SQL injection in wordpress plugin event-espresso-free v3.1.37.11.L, fixed in v3.1.37.12.L Larry W. Cashdollar
Wednesday, 12 July
CVE-2017-11171: gnome-session: Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c Matthias Gerstner
CVE-2017-7678 Apache Spark XSS web UI MHTML vulnerability Sean Owen
Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap ????????????
CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak
Thursday, 13 July
[ANN] Apache Struts 2.5.12 GA with Security Fixes Release Lukasz Lenart
CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2 William A Rowe Jr
CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest William A Rowe Jr
CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Johannes Segitz
CVE-2017-7663 - Apache OpenMeetings - XSS in chat Maxim Solodovnik
CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers Maxim Solodovnik
CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords Maxim Solodovnik
CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy Maxim Solodovnik
CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services Maxim Solodovnik
CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass Maxim Solodovnik
CVE-2017-7683 - Apache OpenMeetings - Information Disclosure Maxim Solodovnik
CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload Maxim Solodovnik
CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods Maxim Solodovnik
CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update Maxim Solodovnik
firewalld: lockdown whitelist cmdline access check is not secure Matthias Gerstner
CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation Maxim Solodovnik
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability Zach W
Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap Zach W
Friday, 14 July
CVE-2017-7506 spice: Possible buffer overflow via invalid monitor configurations Kristian Fiskerstrand
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak
Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap 598930392 () qq com
Estimate for the total number of exploitable bugs in large linux distro? Georgi Guninski
Re: Estimate for the total number of exploitable bugs in large linux distro? Greg KH
Re: Estimate for the total number of exploitable bugs in large linux distro? Steven Miano
Re: Estimate for the total number of exploitable bugs in large linux distro? Hanno Böck
Re: Estimate for the total number of exploitable bugs in large linux distro? Steve Grubb
Re: Estimate for the total number of exploitable bugs in large linux distro? Alan Coopersmith
Re: Estimate for the total number of exploitable bugs in large linux distro? Santiago Torres
Re: Estimate for the total number of exploitable bugs in large linux distro? Javantea
Re: accepting new members to (linux-)distros lists Solar Designer
Re: Estimate for the total number of exploitable bugs in large linux distro? Kurt Seifried
Re: Estimate for the total number of exploitable bugs in large linux distro? Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists Anthony Liguori
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists kseifried () redhat com
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Anthony Liguori
Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand
Re: accepting new members to (linux-)distros lists Kurt Seifried
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists Kurt Seifried
Re: accepting new members to (linux-)distros lists Solar Designer
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Hanno Böck
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Brandon Perry
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Seth Arnold
Sunday, 16 July
ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo
ImageMagick: CVE-2017-11352: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) Salvatore Bonaccorso
yadm: CVE-2017-11353: race condition allows access to SSH and PGP keys Salvatore Bonaccorso
CVE-2017-11343 CHICKEN Scheme: algorithmic complexity attack in hash tables Peter Bex
Monday, 17 July
CVE-2017-11334 Qemu: exec: oob access during dma operation P J P
Re: Re: Asus wireless routers Global buffer overflow and Stack buffer overflow in networkmap GbigMao
11 remote vulnerabilities (inc. 2x RCE) in FreeRADIUS packet parsers Guido Vranken
Tuesday, 18 July
graphicsmagick: use-after-free in CloseBlob (blob.c) Agostino Sarubbo
CVE-2016-6798 : Apache Sling XXE vulnerability Bertrand Delacretaz
CVE-2016-5394 : Apache Sling XSS vulnerability Bertrand Delacretaz
Re: CVE-IDs request for ASUS wiress router Remote Command/Code Execution Vulnerability varsleak
CoreOS membership to linux-distros (updated) Euan Kemp
Re: CoreOS membership to linux-distros (updated) Kees Cook
CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Hooman Ghasem Broujerdi
CVE-2017-11434 Qemu: slirp: out-of-bounds read while parsing dhcp options P J P
Wednesday, 19 July
gnome-exe-thumbnailer: CVE-2017-11421: VBScript script injection when generating thumbnails for MSI files Salvatore Bonaccorso
Re: CVE-IDs request for Apache Kafka desrialization vulnerability via runtime Salvatore Bonaccorso
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Matthew Daley
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo
Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Alan Coopersmith
Re: Devil's Ivy (CVE-2017-9765) in gSOAP 2.7 up to 2.8.47 Andreas Stieger
NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Graham Christensen
Re: Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Kurt Seifried
phamm: CVE-2017-0378: reflected XSS in login page Salvatore Bonaccorso
Thursday, 20 July
Re: CoreOS membership to linux-distros (updated) gremlin
Re: CoreOS membership to linux-distros (updated) Greg KH
Re: CoreOS membership to linux-distros (updated) Jesse Hertz
Friday, 21 July
Re: NIX-2017-0003: LDAP with useTLS option disabled TLS peer verification Franz Pletz
Re: CoreOS membership to linux-distros (updated) Stiepan
[OSSN-0078] Ceph credentials included in logs using older versions of libvirt/qemu Luke Hinds
CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine P J P
Re: CoreOS membership to linux-distros (updated) Nicolas RUFF
Re: CoreOS membership to linux-distros (updated) Solar Designer
Saturday, 22 July
pagure: private repositories accessible through ssh Stefan Bühler
Re: pagure: private repositories accessible through ssh Patrick Uiterwijk
Sunday, 23 July
Re: ATutor CVE-2017-1000002, CVE-2017-1000003, CVE-2017-1000004 Henri Salo
Monday, 24 July
tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner
CVE-2017-7541: Linux kernel: Memory corruption due to a buffer overflow in brcmf_cfg80211_mgmt_tx() Vladis Dronov
[CVE-2015-5191] local privilege escalation in Open VMware Tools VMware Security Response Center
Tuesday, 25 July
WebKitGTK+ Security Advisory WSA-2017-0006 Carlos Alberto Lopez Perez
Re: accepting new members to (linux-)distros lists John Haxby
Re: accepting new members to (linux-)distros lists Henri Salo
Re: accepting new members to (linux-)distros lists John Haxby
Re: accepting new members to (linux-)distros lists Solar Designer
Re: accepting new members to (linux-)distros lists John Haxby
Wednesday, 26 July
Four memory safety bugs in "sipcrack" package (2 CVE IDs) Dhiru Kholia
Cacti: CVE-2017-11691: Cross-site scripting vulnerability in user profile management page (auth_profile.php) Salvatore Bonaccorso
Thursday, 27 July
CVE-2017-11671: GCC generates incorrect code for RDRAND/RDSEED intrinsics Florian Weimer
Sunday, 30 July
Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak sohu0106
Linux kernel: driver/video/fbdev/aty/atyfb_base.c: atyfb_ioctl() stack infoleak sohu0106
Monday, 31 July
Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak John Haxby
Re: Linux kernel: net/irda/af_irda.c: irda_getsockopt() stack infoleak Solar Designer
Potential security bugs in "eapmd5pass" software (3 CVE IDs) Dhiru Kholia
Re: CoreOS membership to linux-distros (updated) Solar Designer
Tuesday, 01 August
Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad
Re: Advisory: XSS issues in MantisBT (CVE-2017-12061, CVE-2017-12062) Damien Regad
Syslog forwarding with IP spoofing Александр Носарев
Re: Syslog forwarding with IP spoofing Solar Designer
Re: Syslog forwarding with IP spoofing Mikhail Utin
Re: Syslog forwarding with IP spoofing Kurt Seifried
CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty Stefan Bodewig
Re: CoreOS membership to linux-distros (updated) akuster
Re: CoreOS membership to linux-distros (updated) Solar Designer
Re: Syslog forwarding with IP spoofing Sean Cassidy
Wednesday, 02 August
Re: CoreOS membership to linux-distros (updated) Johannes Segitz
Re: MySQL - use-after-free after mysql_stmt_close() Tomas Hoger
Re: CoreOS membership to linux-distros (updated) Solar Designer
CVE-2017-11742 - Expat 2.2.{1,2} LoadLibrary DLL hijacking vulnerability on Windows Sebastian Pipping
Thursday, 03 August
Re: MySQL - use-after-free after mysql_stmt_close() Pali Rohár
[CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() John Haxby
Friday, 04 August
Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov
Re: Reporting and disclosing Linux kernel vulnerabilities Kurt Seifried
Re: Reporting and disclosing Linux kernel vulnerabilities Solar Designer
Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH
Re: Reporting and disclosing Linux kernel vulnerabilities Greg KH
CVE-2017-12419: Arbitrary File Read in MantisBT install.php script Damien Regad
Saturday, 05 August
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Brad Spengler
Sunday, 06 August
Cve issue discussion ne xo
Monday, 07 August
Re: Cve issue discussion Agostino Sarubbo
RE: Cve issue discussion ne xo
Re: Cve issue discussion Glenn Randers-Pehrson
Re: Cve issue discussion Marcus Meissner
Re: Cve issue discussion Glenn Randers-Pehrson
Re: Cve issue discussion Bob Friesenhahn
Re: Cve issue discussion John Haxby
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Vladis Dronov
Re: Cve issue discussion Glenn Randers-Pehrson
Jenkins plugins -- multiple vulnerabilities Daniel Beck
Re: Cve issue discussion Jesse Hertz
Re: Cve issue discussion Glenn Randers-Pehrson
Tuesday, 08 August
Jenkins SAML Plugin 1.0.2 and earlier stored secrets unencrypted Daniel Beck
[SECURITY ADVISORY] curl: URL globbing out of bounds read Daniel Stenberg
[SECURITY ADVISORY] curl: TFTP sends more than buffer size Daniel Stenberg
[SECURITY ADVISORY] curl: FILE buffer read out of bounds Daniel Stenberg
Wednesday, 09 August
CVE-2017-12425: Varnish HTTP Cache 4.0.1 to 5.1.2 DoS vulnerability Evy Bongers
RE: Cve issue discussion ne xo
Re: Cve issue discussion Glenn Randers-Pehrson
Re: Cve issue discussion Jesse Hertz
[CVE-2017-9799] Apache Storm Possible Code Execution As A Different User P. Taylor Goetz
Thursday, 10 August
CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller
CVE-2017-12762: buffer overflow in ISDN linux driver Annie Cherkaev
[SECURITY][ANNOUNCE] Apache Subversion 1.9.7 released Daniel Shahaf
[ANN] Apache Struts: S2-049 Security Bulletin update Lukasz Lenart
Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov
Re: [CVE-2017-7533] kernel: inotify: a race between inotify_handle_event() and sys_rename() Solar Designer
Linux kernel: CVE-2017-1000111: heap out-of-bounds in AF_PACKET sockets Willem de Bruijn
CVS and ssh command injection (see CVE-2017-1000117, etc.) Hank Leininger
Friday, 11 August
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Andreas Stieger
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Salvatore Bonaccorso
Re: [SECURITY ADVISORY] curl: FILE buffer read out of bounds Yiteng Zhang
Saturday, 12 August
Re: Berkeley DB reads DB_CONFIG from cwd Ritwik Ghoshal
Sunday, 13 August
Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Andrey Konovalov
Re: Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Solar Designer
Monday, 14 August
[CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. 连一汉
CVE-2017-9802: Apache Sling XSS vulnerability Robert Munteanu
UnRAR: directory traversal + memory safety bugs Jakub Wilk
Tuesday, 15 August
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team
Xen Security Advisory 227 (CVE-2017-12137) - x86: PV privilege escalation via map_grant_ref Xen . org security team
Xen Security Advisory 228 (CVE-2017-12136) - grant_table: Race conditions with maptrack free list handling Xen . org security team
Xen Security Advisory 229 (CVE-2017-12134) - linux: Fix Xen block IO merge-ability calculation Xen . org security team
Xen Security Advisory 230 - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team
Xen Security Advisory 230 (CVE-2017-12855) - grant_table: possibly premature clearing of GTF_writing / GTF_reading Xen . org security team
CVE-2017-12850, CVE-2017-12851: Privilege Escalation in Kanboard <= v1.0.45 chbi
Re: [CVE-2017-9608] null-point-exception happened when ffmpeg using dnxhd decoder to parsing a crafted mv file. Henri Salo
Wednesday, 16 August
Insecure DNS dependency in many Kerberos deployments Florian Weimer
imagemagick: use-after-free in DestroyImage (image.c) Agostino Sarubbo
imagemagick: heap-based buffer overflow in .omp_outlined..32 (enhance.c) Agostino Sarubbo
Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor
CVE-2017-12882, CVE-2017-12881: Stored XSS and CSRF on Spring Batch Admin before 1.3.0 Wen Bin Kong
Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding Tobias Mueller
CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky
Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor
Re: Insecure DNS dependency in many Kerberos deployments Daniel Kahn Gillmor
CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings Doran Moppert
Thursday, 17 August
Re: Insecure DNS dependency in many Kerberos deployments Russ Allbery
[OpenStack OSSN 0080] Aodh can be used to launder Keystone trusts Luke Hinds
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team
CVE-2017-11746: tenshi privilege escalation via PID file manipulation Michael Orlitzky
libfpx: divide-by-zero in CDirVector::GetTable (dirfunc.hxx) Agostino Sarubbo
libfpx: NULL pointer dereference in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo
libfpx: NULL pointer dereference in PFileFlashPixView::GetGlobalInfoProperty (f_fpxvw.cpp) Agostino Sarubbo
libfpx: NULL pointer dereference in wchar.c Agostino Sarubbo
libfpx: NULL pointer dereference in CDirectory::GetDirEntry (dir.cxx) Agostino Sarubbo
libfpx: heap-based buffer overflow in OLEStream::WriteVT_LPSTR (olestrm.cpp) Agostino Sarubbo
libfpx: double-free in DfFromLB (docfile.cxx) Agostino Sarubbo
Friday, 18 August
Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner
Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner
graphicsmagick: use-after-free in ReadWMFImage (wmf.c) Agostino Sarubbo
graphicsmagick: invalid memory read in SetImageColorCallBack (image.c) Agostino Sarubbo
graphicsmagick: heap-based buffer overflow in ReadSUNImage (sun.c) Agostino Sarubbo
Re: Re: ***UNCHECKED*** [oss-security] UnRAR: directory traversal + memory safety bugs Marcus Meissner
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky
cacti: CVE-2017-12927: XSS vulnerability in spikekill.php via method parameter Salvatore Bonaccorso
Sunday, 20 August
unrar-free/unrar-gpl: directory traversal and other issues Hanno Böck
Re: CVS and ssh command injection (see CVE-2017-1000117, etc.) Hanno Böck
openjpeg: memory allocation failure in opj_aligned_alloc_n (opj_malloc.c) Agostino Sarubbo
Monday, 21 August
CVE-2017-12809 Qemu: ide: flushing of empty CDROM drives leads to NULL dereference P J P
libmirage: NULL pointer dereference in mirage_stream_get_filename (stream.c) Agostino Sarubbo
Re: tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner
PowerDNS Security Advisories for dnsdist 2017-01 and 2017-02 Remi Gacogne
Re: tcmu-runner: multiple vulnerabilities in tcmu-runner daemon allowing local DoS, information leak and a memory leak Matthias Gerstner
Tuesday, 22 August
Re: CVE Request: Multiple security issues in OpenJPEG Alan Coopersmith
Wednesday, 23 August
CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() Vladis Dronov
Re: CVE Request: Multiple security issues in OpenJPEG Vladis Dronov
Authenticated Blind SQL Injection vulnerability in Wordpress plugin rk-responsive-contact-form v1.0 Larry W. Cashdollar
Xen Security Advisory 235 - add-to-physmap error paths fail to release lock on ARM Xen . org security team
Re: Jenkins plugins -- multiple vulnerabilities Daniel Beck
CVE-2017-13649: UnrealIRCd privilege escalation via PID file manipulation Michael Orlitzky
RE: CVE Request: Multiple security issues inOpenJPEG(Internet mail) 刘科
Thursday, 24 August
Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov
Re: Linux kernel: fixed bug in net/core/flow_dissector.c Seth Arnold
Friday, 25 August
RE: CVE Request: Multiple security issues in OpenJPEG 刘科
Blind SQL Injection in Wordpress plugin wordpress-gallery-transformation v1.0 Larry W. Cashdollar
WebKitGTK+ Security Advisory WSA-2017-0007 Carlos Alberto Lopez Perez
Sunday, 27 August
CVE-2017-13709: Incorrect access control in FlightGear Florent Rougon
Monday, 28 August
Re: Integer overflow in bttv driver Greg KH
openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo
openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo
openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo
graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo
Tuesday, 29 August
Re: Linux kernel: fixed bug in net/core/flow_dissector.c Alexander Popov
Xen Security Advisory 226 (CVE-2017-12135) - multiple problems with transitive grants Xen . org security team
A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo
Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo
Re: A bunch of duplicate CVEs requested for?? bho.. Bob Friesenhahn
CVE-2017-13711 Qemu: Slirp: use-after-free when sending response P J P
Re: A bunch of duplicate CVEs requested for?? bho.. Kurt Seifried
Re: A bunch of duplicate CVEs requested for?? bho.. Henri S.
ConnMan #ConnManDo Vulnerability Daisuke Noguchi[NRIセキュア 野口]
Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. cve-request
Re: A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo
Re: Re: [scr379303] A bunch of duplicate CVEs requested for?? bho.. Agostino Sarubbo
RE: CVE Request: Multiple security issues in OpenJPEG 刘科
Wednesday, 30 August
RE: CVE Request: Multiple security issues in OpenJPEG 刘科
CVE-2017-13672 Qemu: vga: OOB read access during display update P J P
CVE-2017-13673 Qemu: vga: reachable assert failure during during display update P J P
A recommendation for maintainers of BIND packages (re: DNSSEC validation) ISC Security Officer
RubyGems flaws Kurt Seifried
Re: RubyGems flaws Marcus Meissner
mbed TLS: CVE-2017-14032: Bypass of authentication of peer possible when the authentication mode is configured as 'optional' Salvatore Bonaccorso
CVE-2017-13777: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩
CVE-2017-13776: GraphicsMagick 1.3.26 Denial of Service issue in ReadXBMImage() in coders/xbm.c 孙浩
CVE-2017-13775: GraphicsMagick 1.3.26 Denial of Service issue in ReadJNXImage() in coders/jnx.c 孙浩
Thursday, 31 August
CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire
Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Salvatore Bonaccorso
Re: CVE request: incorrect URL parsing in async-http-client <= 2.0.35 Nicolas Grégoire
Friday, 01 September
Re: Reporting and disclosing Linux kernel vulnerabilities Andrey Konovalov
Re: openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c) Agostino Sarubbo
Re: openjpeg: invalid memory write in tgatoimage (convert.c) Agostino Sarubbo
Re: openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c) Agostino Sarubbo
Re: graphicsmagick: memory allocation failure in MagickRealloc (memory.c) Agostino Sarubbo
graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo
Re: graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403) Agostino Sarubbo
CVE-2017-14106 kernel: net/ipv4: divide by 0 in __tcp_select_window() Vasily Averin
Saturday, 02 September
libzip: memory allocation failure in _zip_cdir_grow (zip_dirent.c) Agostino Sarubbo
libzip: use-after-free in _zip_buffer_free (zip_buffer.c) Agostino Sarubbo
Sunday, 03 September
CVE-2017-14102: MIMEDefang privilege escalation via PID file manipulation Michael Orlitzky
Re: unrar-free/unrar-gpl: directory traversal and other issues Salvatore Bonaccorso
Monday, 04 September
Re: CVE-2017-1000083: evince: Command injection vulnerability in CBT handler Marcus Meissner
Tuesday, 05 September
[ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart
Re: [ANN] Apache Struts 2.5.13 GA with Security Fixes Release Lukasz Lenart
CVE-2017-1000249: file: stack based buffer overflow Thomas Jarosch
Django security releases issued: 1.11.5 and 1.10.8 Tim Graham
Wednesday, 06 September
openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c) Agostino Sarubbo
openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) Agostino Sarubbo
openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152) Agostino Sarubbo
graphicsmagick: memory allocation failure in MagickMalloc (memory.c) Agostino Sarubbo
libarchive: heap-based buffer overflow in xml_data (archive_read_support_format_xar.c) Agostino Sarubbo
Re: openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c) (INCOMPLETE FIX FOR CVE-2017-14152) Agostino Sarubbo
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor
Thursday, 07 September
[ANN] Apache Struts 2.3.34 General Availability with Security Fixes Release Lukasz Lenart
CVE-2017-14167 Qemu: i386: multiboot OOB access while loading guest kernel image P J P
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie
aacplusenc: NULL pointer dereference in DeleteBitBuffer (bitbuffer.c) Agostino Sarubbo
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor
Tcpdump 4.9.2 Leo Famulari
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Daniel Kahn Gillmor
Friday, 08 September
Re: Tcpdump 4.9.2 Raphael Geissert
Re: Tcpdump 4.9.2 Peter Korsgaard
Re: Tcpdump 4.9.2 Jerry Lundström
CVE-2017-12612 Unsafe deserialization in Apache Spark launcher API Sean Owen
Arch Linux and tcpdump 4.9.2 Denis Ovsienko
Sunday, 10 September
Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update Salvatore Bonaccorso
Monday, 11 September
GNU Emacs 25.2 enriched text remote code execution Paul Eggert
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Michael Orlitzky
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation Simon McVittie
Re: CVE-2017-12847: nagios-core privilege escalation via PID file manipulation kseifried () redhat com
CVE-2017-14159: OpenLDAP privilege escalation via PID file manipulation Michael Orlitzky
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso
Tuesday, 12 September
Re: CVE-2017-13673 Qemu: vga: reachable assert failure during during display update P J P
Xen Security Advisory 231 (CVE-2017-14316) - Missing NUMA node parameter verification Xen . org security team
Xen Security Advisory 232 (CVE-2017-14318) - Missing check for grant table Xen . org security team
Xen Security Advisory 233 (CVE-2017-14317) - cxenstored: Race in domain cleanup Xen . org security team
Xen Security Advisory 234 (CVE-2017-14319) - insufficient grant unmapping checks for x86 PV guests Xen . org security team
Re: GNU Emacs 25.2 enriched text remote code execution Florian Weimer
Shibboleth plugin for WordPress: CVE-2017-14313: XSS vulnerability due to improper use of add_query_arg() Salvatore Bonaccorso
Wednesday, 13 September
CVE-2017-14340: Linux kernel: xfs: unprivileged user kernel oops Dave Chinner
CVE-2017-12153 Linux kernel: nl80211: null pointer dereference in nl80211_set_rekey_data() Vladis Dronov
Re: Tcpdump 4.9.2 akuster
Linux BlueBorne vulnerabilities Armis Security
tcpdump 4.9.2 is fully available Denis Ovsienko
Thursday, 14 September
mp3gain: stack-based buffer overflow in filterYule (gain_analysis.c) Agostino Sarubbo
mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo
mp3gain: stack-based buffer overflow in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo
mp3gain: global buffer overflow in III_dequantize_sample (mpglibDBL/layer3.c) Agostino Sarubbo
mp3gain: stack-based buffer overflow in dct36 (mpglibDBL/layer3.c) Agostino Sarubbo
mp3gain: invalid memory write in copy_mp (mpglibDBL/interface.c) Agostino Sarubbo
mp3gain: global buffer overflow in III_i_stereo (mpglibDBL/layer3.c) Agostino Sarubbo
mp3gain: memcpy-param-overlap in set_pointer (mpglibDBL/common.c) Agostino Sarubbo
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Simon McVittie
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Dr. Thomas Orgis
Re: mp3gain: NULL pointer dereference in sync_buffer (mpglibDBL/interface.c) Agostino Sarubbo
Re: Linux BlueBorne vulnerabilities Petr Matousek
Re: Linux BlueBorne vulnerabilities Solar Designer
Re: Re: Linux kernel: CVE-2017-1000112: Exploitable memory corruption due to UFO to non-UFO path switch Thomas Jarosch
Re: tcpdump 4.9.2 is fully available Solar Designer
Re: tcpdump 4.9.2 is fully available Levente Polyak
Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso
Re: Linux BlueBorne vulnerabilities Armis Security
Re: Linux BlueBorne vulnerabilities Solar Designer
Friday, 15 September
Re: Linux BlueBorne vulnerabilities Ben Seri
Re: Linux BlueBorne vulnerabilities Solar Designer
Re: Linux BlueBorne vulnerabilities Ben Seri
CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Jan H. Schönherr
Saturday, 16 September
Podbeuter podcast fetcher: remote code execution Alexander Batischev
Re: Podbeuter podcast fetcher: remote code execution Solar Designer
Sunday, 17 September
[OSSN-0081] sha512_crypt is insufficient for password hashing Luke Hinds
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer
Re: Podbeuter podcast fetcher: remote code execution Alexander Batischev
Re: Podbeuter podcast fetcher: remote code execution Solar Designer
Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried
Re: Podbeuter podcast fetcher: remote code execution Solar Designer
CVE-2017-14312: Nagios core root privilege escalation via insecure permissions Michael Orlitzky
Re: Podbeuter podcast fetcher: remote code execution Kurt Seifried
Monday, 18 September
CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov
Optionsbleed bug in Apache HTTPD Hanno Böck
Re: CVE-2017-14497: Linux kernel: packet: buffer overflow in tpacket_rcv() Vladis Dronov
[CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello
CVE-2017-9803: Security vulnerability in kerberos delegation token functionality Shalin Shekhar Mangar
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jordan Glover
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Jeremy Stanley
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Nicholas Prowse
Tuesday, 19 September
[SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload Mark Thomas
[SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure Mark Thomas
Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Luciano Bello
Wednesday, 20 September
CVE-2017-14609 Kannel privilege escalation via PID file manipulation Michael Orlitzky
Thursday, 21 September
CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Solar Designer
CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch
Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch
Re: CVE request: code execution in Horde_Image 2.0.0 to 2.5.1 Thomas Jarosch
CVE-2017-14681: P3Scan privilege escalation via PID file manipulation Michael Orlitzky
bladeenc: global buffer overflow in iteration_loop (loop.c) Agostino Sarubbo
Friday, 22 September
graphicsmagick: assertion failure in pixel_cache.c Agostino Sarubbo
bento4: heap-based buffer overflow in AP4_BitStream::ReadBytes (Ap4BitStream.cpp) Agostino Sarubbo
bento4: NULL pointer dereference in AP4_Atom::SetType (Ap4Atom.h) Agostino Sarubbo
bento4: NULL pointer dereference in AP4_AtomSampleTable::GetSample (Ap4AtomSampleTable.cpp) Agostino Sarubbo
bento4: NULL pointer dereference in AP4_DataAtom::~AP4_DataAtom (Ap4MetaData.cpp) Agostino Sarubbo
bento4: NULL pointer dereference in AP4_StdcFileByteStream::ReadPartial (Ap4StdCFileByteStream.cpp) Agostino Sarubbo
bento4: heap-based buffer overflow in AP4_HdlrAtom::AP4_HdlrAtom (Ap4HdlrAtom.cpp) Agostino Sarubbo
bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h) Agostino Sarubbo
bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp) Agostino Sarubbo
bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Agostino Sarubbo
bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp) Agostino Sarubbo
CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Vladis Dronov
Re: [CVE-2017-14266] tcprewrite Heap-Based Buffer Overflow Salvatore Bonaccorso
Saturday, 23 September
Why send bugs embargoed to distros? Hanno Böck
Re: Why send bugs embargoed to distros? Levente Polyak
Re: Why send bugs embargoed to distros? Simon McVittie
Re: Why send bugs embargoed to distros? Anthony Liguori
Re: Why send bugs embargoed to distros? Marc Deslauriers
Re: Why send bugs embargoed to distros? Kurt H Maier
Re: Why send bugs embargoed to distros? Till Dörges
Re: Why send bugs embargoed to distros? Marcus Meissner
Sunday, 24 September
Re: Why send bugs embargoed to distros? Ludovic Courtès
Re: tcpdump 4.9.2 is fully available Leo Famulari
Re: Why send bugs embargoed to distros? Igor Seletskiy
Monday, 25 September
Re: Why send bugs embargoed to distros? John Haxby
Re: CVE-2017-14489: Linux kernel: scsi: nlmsg is not properly parsed in iscsi_if_rx() Vladis Dronov
Foreman 1.1+ stored XSS in organizations/locations assignment to hosts Marek Hulán
wordpress <= 4.8.1 SQLi Slavco Mihajloski
Re: Why send bugs embargoed to distros? Cliff Perry
Re: Why send bugs embargoed to distros? Leo Famulari
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Salvatore Bonaccorso
Linux kernel CVEs not mentioned on oss-security Priedhorsky, Reid
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried
CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register P J P
Re: Linux kernel CVEs not mentioned on oss-security Simon McVittie
Tuesday, 26 September
Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff
binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Agostino Sarubbo
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
Advisory: Git cvsserver OS Command Injection joernchen
ImageMagick : CVE-2017-14741 : Infinite loop in ReadCAPTIONImage NOIRFATE
Re: Linux kernel CVEs not mentioned on oss-security Nicholas Luedtke
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
CVE-2017-7687: Libprocess might crash when decoding a malformed request. Alex R
CVE-2017-9790: Libprocess might crash when decoding an HTTP request with absent path. Alex R
Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory
Re: Linux kernel CVEs not mentioned on oss-security Priedhorsky, Reid
Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried
Re: Linux kernel CVEs not mentioned on oss-security Agostino Sarubbo
Re: Linux kernel CVEs not mentioned on oss-security Bob Friesenhahn
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried
Wednesday, 27 September
Re: Linux kernel CVEs not mentioned on oss-security Marcus Meissner
Re: Linux kernel CVEs not mentioned on oss-security Muhammed Mustapha Abiola
Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Efraim Flashner
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
[SECURITY] CVE-2017-12621 Apache Commons Jelly connects to URL with custom doctype definitions. Rob Tompkins
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer
Re: Linux kernel CVEs not mentioned on oss-security Solar Designer
Vulnerability in Wordpress Plugin backwpup v3.4.1 possible brute forcing of backup file download Larry W. Cashdollar
Re: Linux BlueBorne vulnerabilities Solar Designer
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Solar Designer
Re: [OSSN-0081] sha512_crypt is insufficient for password hashing Solar Designer
Re: CVE-2017-9772: OCaml release 4.04.2 Emilio Pozuelo Monfort
Thursday, 28 September
Re: Linux kernel CVEs not mentioned on oss-security Salvatore Bonaccorso
OpenVPN CVE-2017-12166: remote buffer overflow Guido Vranken
Joomla extension Easy Joomla Backup v3.2.4 database backup exposure Larry W. Cashdollar
Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure David Jardin
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
Re: Advisory: Git cvsserver OS Command Injection Salvatore Bonaccorso
Re: Joomla extension Easy Joomla Backup v3.2.4 database backup exposure Larry W. Cashdollar
Xen Security Advisory 245 - ARM: Some memory not scrubbed at boot Xen . org security team
The Internet Bug Bounty: Data Processing (hackerone.com) Henri Salo
Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3 chbi
Stored XSS vulnerability in eGroupware Community Edition <= 16.1.20170703 chbi
CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi
Re: CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi
Re: Linux kernel CVEs not mentioned on oss-security Brad Spengler
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Guido Vranken
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden
Friday, 29 September
[CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape Sysdream Labs
[CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation Sysdream Labs
clamav: Out of bounds read and segfault in xar parser Hanno Böck
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Hanno Böck
[CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated) Sysdream Labs
[CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated) Sysdream Labs
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Kurt Seifried
Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) Agostino Sarubbo
[SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability Anthony Baker
[SECURITY] CVE-2017-9794 Apache Geode gfsh query vulnerability Anthony Baker
Re: Stored XSS vulnerability in eGroupware Community Edition <= 16.1.20170703 chbi
Re: Stored XSS vulnerability in Tine 2.0 Community Edition <= 2017.08.3 chbi
Re: CSRF vulnerability in Tiki <= 17.0, 16.2, 15.4 LTS and 12.11 LTS chbi
Saturday, 30 September
binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c) Agostino Sarubbo
binutils: heap-based buffer overflow in read_1_byte (dwarf2.c) Agostino Sarubbo
binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c) Agostino Sarubbo
Re: CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug Guido Günther