oss-sec: by date
RSS Feed
About List
All Lists
Previous period
437 messages
starting Oct 01 17 and
ending Dec 29 17
Date index |
Thread index |
Author index
Sunday, 01 October
Stored XSS vulnerability in BlogoText <= 3.7.5 chbi
Re: clamav: Out of bounds read and segfault in xar parser Eddie Chapman
Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi
Monday, 02 October
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden
Re: CVE-2017-1000252: KVM denial of service with posted interrupts on Intel systems (since Linux 4.4) Greg KH
[ANNOUNCE] CVE-2017-12620: Apache OpenNLP XXE vulnerability Joern Kottmann
CVE-2017-9807: e2openplugin-OpenWebif: Remote code execution through HTTP GET parameter manipulation John Torakis
dnsmasq: CVE-2017-14491 to CVE-2017-14496 and CVE-2017-13704 Simon Kelley
Tuesday, 03 October
Graphicsmagick: NULL Pointer Dereference in DICOM Decoder (CVE-2017-14994) Terry Chia
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
Re: Linux kernel CVEs not mentioned on oss-security Moritz Muehlenhoff
CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Xu, Meng
Re: Linux kernel CVEs not mentioned on oss-security Kurt Seifried
Re: CVE Request: FreeBSD kernel, double-fetch bug in smb_strdupin Salvatore Bonaccorso
Re: Linux kernel CVEs not mentioned on oss-security Greg KH
Re: clamav: Out of bounds read and segfault in xar parser Joel Esler
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Jan Schaumann
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Qualys Security Advisory
Re: Qualys Security Advisory - Linux PIE/stack corruption (CVE-2017-1000253) Kurt Seifried
Re: clamav: md5 collision based detection avoidance, Was: Out of bounds read and segfault in xar parser klondike
Re: Linux kernel CVEs not mentioned on oss-security Yves-Alexis Perez
Announce: OpenSSH 7.6 released Damien Miller
[SECURITY ADVISORY] curl: FTP PWD response parser out of bounds read Daniel Stenberg
Wednesday, 04 October
Re: clamav: md5 collision based detection avoidance, Was: Out of bounds read and segfault in xar parser Joel Esler
binutils: heap-based buffer overflow in parse_die (dwarf1.c) Agostino Sarubbo
binutils: NULL pointer dereference in bfd_hash_hash (hash.c) Agostino Sarubbo
binutils: NULL pointer dereference in concat_filename (dwarf2.c) Agostino Sarubbo
binutils: heap-based buffer overflow in bfd_get_debug_link_info_1 (opncls.c) Agostino Sarubbo
binutils: divide-by-zero in decode_line_info (dwarf2.c) Agostino Sarubbo
binutils: infinite loop in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo
Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi
Fwd: X server fixes for CVE-2017-13721 & CVE-2017-13723 Alan Coopersmith
Thursday, 05 October
[CVE-2017-14614] GridGain Visor GUI Console - File System Path Traversal Andrey Bazhenov
[CVE-2017-14604] .desktop vulnerability again Yves-Alexis Perez
CVE-2017-15038 Qemu: 9p: virtfs: information disclosure when reading extended attributes P J P
Saturday, 07 October
Stored XSS vulnerabilities in Flyspray chbi
Reflected XSS vulnerability in Shaarli v0.9.1 chbi
Sunday, 08 October
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 Henri S.
答复: [oss-security] CVE-2017-14160: libvorbis-1.3.5 bark_noise_hybridmp() integer signedness bug 连一汉
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Michael Niedermayer
Monday, 09 October
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Reed Loden
OpenEXR : CVE-2017-14988 : DOS in Header::readfrom NOIRFATE
ImageMagick : CVE-2017-14989 : heap use-after-free in RenderFreetype NOIRFATE
CVE-2017-14991 in the Linux Kernel: local infoleak via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 Alexander Potapenko
Re: Linux kernel CVEs not mentioned on oss-security Fabian Keil
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi
Re: Stored XSS vulnerability in BlogoText <= 3.7.5 chbi
[SECURITY] CVE-2017-5637: DOS attack on wchp/wchc four letter words (4lw) Patrick Hunt
Re: Linux kernel CVEs not mentioned on oss-security Stiepan
[ANNOUNCE] Apache NiFi CVE-2017-12623 Andy LoPresto
[CVE-2017-0903] Unsafe Object Deserialization Vulnerability in RubyGems Aaron Patterson
Tuesday, 10 October
CVE-2017-1000255: Linux: powerpc: kernel memory overwrite in transactional memory handling Michael Ellerman
CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov
Re: Several Privilege Escalation issues in Kanboard <= 1.0.46 chbi
Re: Stored XSS vulnerabilities in Flyspray chbi
Re: Reflected XSS vulnerability in Shaarli v0.9.1 chbi
CVE request: Two DoS vulneribilities in libextractor Leon Zhao
Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso
Wednesday, 11 October
Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner
Multiple vulnerabilities in Jenkins Daniel Beck
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Shea Levy
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Kurt Seifried
CVE-2017-12192 kernel: NULL pointer dereference due to KEYCTL_READ on negative key Wade Mealing
CVE-2017-15268. Qemu: I/O: potential memory exhaustion via websock connection to VNC P J P
Thursday, 12 October
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Hunger
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Graham Christensen
Re: Privilege escalation with kill(-1, SIGKILL) in XNU kernel of macOS High Sierra Roman Medina-Heigl Hernandez
Xen Security Advisory 238 - DMOP map/unmap missing argument checks Xen . org security team
Xen Security Advisory 239 - hypervisor stack leak in x86 I/O intercept code Xen . org security team
Xen Security Advisory 237 - multiple MSI mapping issues on x86 Xen . org security team
Xen Security Advisory 241 - Stale TLB entry due to page type release race Xen . org security team
Xen Security Advisory 242 - page type reference leak on x86 Xen . org security team
Xen Security Advisory 243 - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team
Xen Security Advisory 244 - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team
Re: CVE request: Two DoS vulneribilities in libextractor Salvatore Bonaccorso
CVE-2017-15289 Qemu: cirrus: OOB access issue in mode4and5 write functions P J P
CVE-2017-12188 Kernel: KVM: MMU potential stack buffer overrun during page walks P J P
CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Kees Cook
Friday, 13 October
CVE-2017-12629 Solr: Code execution via entity expansion Andrej Nemec
Advisory X41-2017-010: Command Execution in Shadowsocks-libev X41 D-Sec GmbH Advisories
Advisory X41-2017-008: Multiple Vulnerabilities in Shadowsocks X41 D-Sec GmbH Advisories
Monday, 16 October
CVE-2017-15299: Linux kernel: incorrect update of uninstantiated keys can crash a kernel Vladis Dronov
wpa_supplicant/hostapd: WPA packet number reuse with replayed messages and key reinstallation Jouni Malinen
distros list downtime Solar Designer
Tuesday, 17 October
Re: Linux kernel: alsa: use-after-free in /dev/snd/seq CVE-2017-15265 Marcus Meissner
CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank
Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi
Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov
Wednesday, 18 October
MuPDF mutools Out-of-Bounds Write Vulnerability (CVE-2017-15587) amon
Xen Security Advisory 235 (CVE-2017-15596) - add-to-physmap error paths fail to release lock on ARM Xen . org security team
Xen Security Advisory 237 (CVE-2017-15590) - multiple MSI mapping issues on x86 Xen . org security team
Xen Security Advisory 241 (CVE-2017-15588) - Stale TLB entry due to page type release race Xen . org security team
Xen Security Advisory 242 (CVE-2017-15593) - page type reference leak on x86 Xen . org security team
Xen Security Advisory 239 (CVE-2017-15589) - hypervisor stack leak in x86 I/O intercept code Xen . org security team
Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team
Xen Security Advisory 244 (CVE-2017-15594) - x86: Incorrect handling of IST settings during CPU hotplug Xen . org security team
Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov
WebKitGTK+ Security Advisory WSA-2017-0008 Carlos Alberto Lopez Perez
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 chbi
[RCESEC-2017-001][CVE-2017-14955] Check_mk v1.2.8p25 save_users() Race Condition leading to Sensitive Information Disclosure Julien Ahrens
Thursday, 19 October
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson
Re: Stored XSS vulnerability in ILIAS <= 5.2.8 and <= 5.1.20 Dollar Strike
[ANNOUNCE] [SECURITY] CVE-2017-12629: Several critical vulnerabilities discovered in Apache Solr (XXE & RCE) Shalin Shekhar Mangar
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold
CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker
Re: CVE request: musl libc 1.1.16 and earlier dns buffer overflow Rich Felker
Announce: Apache James 3.0.1 security release Tellier Benoit
Friday, 20 October
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson
[CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder 连一汉
Re: [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder Ludovic Courtès
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Ben Tasker
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Seth Arnold
Saturday, 21 October
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Bastian Blank
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Solar Designer
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Simon McVittie
CVE-2017-15670, CVE-2017-15671 glibc: Buffer overflow and memory leak in glob with GLOB_TILDE Eddie Chapman
Re: CVE-2017-8805: Unsafe symlinks not filtered in Debian mirror script ftpsync Robert Watson
LAME 3.100 released with security fixes Henri Salo
Sunday, 22 October
Netlink XFRM socket subsystem NULL pointer dereference Noam Rathaus
Re: Netlink XFRM socket subsystem NULL pointer dereference Marius Bakke
Re: Netlink XFRM socket subsystem NULL pointer dereference Solar Designer
Irssi 1.0.5: CVE-2017-15228, CVE-2017-15227, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723 Ailin Nemui
[SECURITY ADVISORY] curl: IMAP FETCH response out of bounds read Daniel Stenberg
Monday, 23 October
Multiple vulnerabilities in Jenkins plugins Daniel Beck
[KIS-2017-02] Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability Egidio Romano
Tuesday, 24 October
Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Juan Diego
Re: Hash thief on Windows shared folder with SCF files. ADV170014 NTLM SSO Solar Designer
Xen Security Advisory 236 (CVE-2017-15597) - pin count / page reference race in grant table code Xen . org security team
Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters Solar Designer
Wednesday, 25 October
[ oss-security ] CVE-2016-10517: CSRF in redis < 3.2.7 Thomas Calderon
Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890
Thursday, 26 October
CVE-2016-6809: Java code execution for serialized objects embedded in MATLAB files parsed by Apache Solr using Tika Shalin Shekhar Mangar
Friday, 27 October
Two vulnerabilities patched in GNU Wget: CVE-2017-13089, CVE-2017-13090 NCSC-FI Vulnerability Co-ordination
Re: Advisory X41-2017-010: Command Execution in Shadowsocks-libev Salvatore Bonaccorso
binutils: NULL pointer dereference in concat_filename (dwarf2.c) (INCOMPLETE FIX FOR CVE-2017-15023) Agostino Sarubbo
binutils: invalid memory read in find_abstract_instance_name (dwarf2.c) Agostino Sarubbo
Sunday, 29 October
Drupal backup_migrate information leak (was Fw: Database mishandling at defectivebydesign.org) Hanno Böck
Monday, 30 October
Magento: Leaking of config file local.xml Hanno Böck
Re: Magento: Leaking of config file local.xml Michael Orlitzky
CVE-2017-14752, CVE-2017-15273: Stored XSS vulnerability in Mahara <= 15.04.14, <= 16.04.8, <= 16.10.5, <= 17.04.3 chbi
Quagga: CVE-2017-16227: BGP session termination due to rather long AS paths in update messages Salvatore Bonaccorso
Tuesday, 31 October
Fw: Security risk of vim swap files Hanno Böck
Re: Fw: Security risk of vim swap files Solar Designer
Re: Fw: Security risk of vim swap files Apostolis Hardalias
Re: Fw: Security risk of vim swap files Stefan Bühler
Re: Fw: Security risk of vim swap files Jakub Wilk
Re: Fw: Security risk of vim swap files Solar Designer
Re: Fw: Security risk of vim swap files Solar Designer
Re: Fw: Security risk of vim swap files Jason Cooper
Re: Fw: Security risk of vim swap files Adam Shannon
Re: Security risk of vim swap files Simon Waters (Surevine)
Re: Fw: Security risk of vim swap files Gordo Lowrey
Re: Fw: Security risk of vim swap files Tim
Re: Fw: Security risk of vim swap files Kurt H Maier
Re: Fw: Security risk of vim swap files Tim
Re: Fw: Security risk of vim swap files Kurt Seifried
Re: Fw: Security risk of vim swap files Steffen Nurpmeso
[CVE-2017-12625] Apache Hive information disclosure vulnerability for column masking Jesus Camacho Rodriguez
Wednesday, 01 November
Re: Fw: Security risk of vim swap files Leonid Isaev
Re: Fw: Security risk of vim swap files Jan Pokorný
CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks ????
Re: Fw: Security risk of vim swap files Simon McVittie
Re: Fw: Security risk of vim swap files Tim
Re: Fw: Security risk of vim swap files Jakub Wilk
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Bob Friesenhahn
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Agostino Sarubbo
Re: Fw: Security risk of vim swap files Z5T1
Re: Fw: Security risk of vim swap files Jeffrey Walton
Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks Solar Designer
Re: Fw: Security risk of vim swap files Kurt Seifried
Re: Re: Fw: Security risk of vim swap files Michael Orlitzky
Re: Fw: Security risk of vim swap files Jakub Wilk
Re: Fw: Security risk of vim swap files Solar Designer
[CVE-2016-4437] Apache Aurora information disclosure vulnerability Bill Farner
Re: Re: Fw: Security risk of vim swap files Florent Rougon
Re: Fw: Security risk of vim swap files Leonid Isaev
CVE-2017-15095: further deserialisation attacks against jackson-databind (follow-up to CVE-2017-7525) Doran Moppert
CVE-2017-12193 Linux kernel: Null pointer dereference due to incorrect node-splitting in assoc_array implementation Wade Mealing
Thursday, 02 November
Linux Security Summit 2017 Summary James Morris
tftpd-hpa - insecure chroot() gremlin
Re: Fw: Security risk of vim swap files Christian Brabandt
Many issues in "module" / "track" music decoders... Lionel Debroux
Re: Re: Fw: Security risk of vim swap files Kurt Seifried
Friday, 03 November
Re: tftpd-hpa - insecure chroot() Dmitry V. Levin
Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
[CVE-2017-15672]: ffmpeg: read out of bounds of buffer when it parsing an craft mp4 file. 连一汉
Re: Security risk of server side text editing in general and vim.tiny specifically Jakub Wilk
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer
Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
Re: Re: Fw: Security risk of vim swap files Jakub Wilk
Re: Re: Fw: Security risk of vim swap files Scott Court
Re: Security risk of server side text editing in general and vim.tiny specifically Ian Zimmerman
Re: Re: Fw: Security risk of vim swap files Nick Bowler
Re: Fw: Security risk of vim swap files Christian Brabandt
Re: Fw: Security risk of vim swap files Christian Brabandt
nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Hanno Böck
Re: nvi crash recovery Jakub Wilk
Re: nvi crash recovery (was Re: [oss-security] Re: Security risk of server side text editing in general and vim.tiny specifically) Daniel Micay
Re: Re: Security risk of server side text editing in general and vim.tiny specifically Christos Zoulas
Saturday, 04 November
Re: nvi crash recovery Jakub Wilk
Sunday, 05 November
Re: Security risk of server side text editing in general and vim.tiny specifically Leonid Isaev
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890
Foreman 1.2+ stored XSS in fact charts Tomer Brisker
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() Solar Designer
Re: Fw: Security risk of vim swap files Christian Brabandt
Re: Fw: Security risk of vim swap files Solar Designer
Re: Fw: Security risk of vim swap files Jakub Wilk
Re: Fw: Security risk of vim swap files Scott Court
Re: Fw: Security risk of vim swap files Kurt Seifried
Monday, 06 November
Re: Security risk of vim swap files Ian Zimmerman
Re: Fw: Security risk of vim swap files Christian Brabandt
Re: Fw: Security risk of vim swap files Christian Brabandt
AW: Re: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
CVE-2017-15306: Linux kernel: KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM Michael Ellerman
Re: Fw: Security risk of vim swap files Michael Orlitzky
Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov
Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Florian Weimer
Re: tftpd-hpa - insecure chroot() gremlin
Re: Security risk of vim swap files Solar Designer
Re: Fw: Security risk of vim swap files Solar Designer
Re: [CVE-2017-15186]: ffmpeg: Double free when ffmpeg parsing an craft AVI file to MKV file using ffvhuff decoder Salvatore Bonaccorso
Re: Security risk of vim swap files Jakub Wilk
Re: Fw: Security risk of vim swap files Seth Arnold
Tuesday, 07 November
Re: Re: CVE-2017-5123 Linux kernel v4.13 waitid() not calling access_ok() up201407890
Re: Security risk of vim swap files Matthias Luft
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams John Haxby
Net::Ping::External command injections Matthias Weckbecker
Re: Net::Ping::External command injections Charlie Brady
Re: Net::Ping::External command injections Simon McVittie
CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH
Re: Fw: Security risk of vim swap files Jakub Wilk
Re: Net::Ping::External command injections Salvatore Bonaccorso
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H
Wednesday, 08 November
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov
[SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka
Multiple vulnerabilities in Jenkins Daniel Beck
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Solar Designer
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Jonas 'Sortie' Termansen
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Eric Blake
Re: Race condition between UDP bind(2) and connect(2) delivers wrong datagrams Bob Friesenhahn
Back in Time: CVE-2017-16667: shell injection in notify-send Salvatore Bonaccorso
Re: [CVE-2017-14604] .desktop vulnerability again Michael Orlitzky
nvi denial of service coypu
Thursday, 09 November
Re: [CVE-2017-14604] .desktop vulnerability again Robert Watson
Re: nvi denial of service Jakub Wilk
Re: [CVE-2017-14604] .desktop vulnerability again Simon McVittie
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler
Friday, 10 November
WebKitGTK+ Security Advisory WSA-2017-0009 Carlos Alberto Lopez Perez
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stiepan
Saturday, 11 November
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Amos Jeffries
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Stuart Gathman
Monday, 13 November
Re: Security risk of server side text editing in general and vim.tiny specifically Solar Designer
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Vladis Dronov
AW: Security risk of server side text editing in general and vim.tiny specifically Fiedler Roman
(linux-)distros list use statistics Solar Designer
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH
Re: (linux-)distros list use statistics Anthony Liguori
Re: (linux-)distros list use statistics Kristian Fiskerstrand
Re: (linux-)distros list use statistics Solar Designer
Re: (linux-)distros list use statistics Kristian Fiskerstrand
Re: (linux-)distros list use statistics Kristian Fiskerstrand
Re: (linux-)distros list use statistics Kristian Fiskerstrand
Re: (linux-)distros list use statistics Solar Designer
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver David A. Wheeler
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Greg KH
Tuesday, 14 November
New security advisory CVE-2017-12624 released for Apache CXF Colm O hEigeartaigh
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Brad Spengler
[OSSA-2017-005] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) Tristan Cacqueray
Apache CouchDB CVE-2017-12635 and CVE-2017-12636 Joan Touzet
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Eddie Chapman
Re: CVE-2017-15102: Linux kernel: usb: NULL-deref due to a race condition in [legousbtower] driver Maier, Kurt H
Wednesday, 15 November
CVE-2017-15115: Linux kernel: sctp: use-after-free in sctp_cmp_addr_exact() Vladis Dronov
[SECURITY] New security advisory CVE-2017-12634 released for Apache Camel Andrea Cosentino
[SECURITY] New security advisory CVE-2017-12633 released for Apache Camel Andrea Cosentino
Xen Security Advisory 243 (CVE-2017-15592) - x86: Incorrect handling of self-linear shadow mappings with translated guests Xen . org security team
collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso
Re: collectd: CVE-2017-16820: snmp-plugin: double free of request PDU Salvatore Bonaccorso
CVE-2017-16834: pnp4nagios root privilege escalation via insecure permissions Michael Orlitzky
Thursday, 16 November
Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck
CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P
Friday, 17 November
Re: Security risk of server side text editing ... Bram Moolenaar
phusion passenger CVE-2017-1000384 Kurt Seifried
Re: phusion passenger CVE-2017-1000384 John Lightsey
Re: phusion passenger CVE-2017-1000384 Jakub Wilk
Re: phusion passenger CVE-2017-1000384 John Lightsey
Re: phusion passenger CVE-2017-1000384 Dave Horsfall
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins Daniel Beck
Re: Reflected Cross-Site Scripting Vulnerability in Jenkins Delivery Pipeline Plugin Daniel Beck
Sunday, 19 November
CVE-2017-16882: Icinga core root privilege escalation via insecure permissions Michael Orlitzky
Monday, 20 November
Re: distros list archive Solar Designer
Tuesday, 21 November
Re: Fw: Security risk of vim swap files Matthias Weckbecker
Re: phusion passenger CVE-2017-1000384 Tomas Hoger
Re: phusion passenger CVE-2017-1000384 John Lightsey
Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken
Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine Ian Zimmerman
Re: Re: CVE-2017-16845 Qemu: ps2: information leakage via post_load routine P J P
Wednesday, 22 November
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Peter Bex
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Guido Vranken
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Michal Zalewski
Re: Go programming language invalid modular exponentiation result (Exp() in math/big pkg) Chad Dougherty
Clickjacking vulnerability in CSRF error page pfSense Securify B.V.
Re: Security risk of server side text editing ... Solar Designer
Re: Re: Security risk of server side text editing ... Kurt Seifried
Thursday, 23 November
xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in session manager Salvatore Bonaccorso
Re: exiv2: multiple memory safety issues Raphael Hertzog
Re: exiv2: multiple memory safety issues Antoine Beaupré
OpenDayLight: Password change doesn't result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406) Luke Hinds
Friday, 24 November
New Linux kernel XFRM privilege escalation Marcus Meissner
Re: New Linux kernel XFRM privilege escalation Greg KH
Re: New Linux kernel XFRM privilege escalation Marcus Meissner
Re: RCE in Exim reported Phil Pennock
RCE in Exim reported Phil Pennock
Saturday, 25 November
Re: RCE in Exim reported Phil Pennock
Sunday, 26 November
Re: RCE in Exim reported Leo Famulari
Re: RCE in Exim reported Heiko Schlittermann
Monday, 27 November
PowerDNS Security Advisories 2017-03, 2017-04, 2017-05, 2017-06 and 2017-07 Remi Gacogne
Re: Re: Security risk of server side text editing ... Scott Court
Information Leak in mincore() in the Linux Kernel CVE-2017-16994 Marcus Meissner
Re: Security risk of server side text editing ... Solar Designer
Re: Re: Security risk of server side text editing ... Simon McVittie
Tuesday, 28 November
Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking Xen . org security team
Xen Security Advisory 247 - Missing p2m error checking in PoD code Xen . org security team
Re: Security risk of server side text editing ... Bram Moolenaar
Re: Re: Security risk of server side text editing ... Bram Moolenaar
Re: Re: Security risk of server side text editing ... Leonid Isaev
CVE-2017-16612 libXcursor: heap overflows when parsing malicious files Matthieu Herrb
CVE-2017-16611 libXfont Open files with O_NOFOLLOW Matthieu Herrb
CVE-2017-15118 Qemu: stack buffer overflow in NBD server triggered via long export name P J P
CVE-2017-15119 Qemu: DoS via large option request P J P
CVE-2017-16943 CVE-2017-16944 (Was:RCE in Exim reported) Heiko Schlittermann
Friday, 01 December
[ANN] Apache Struts 2.5.14.1 GA with Security Fixes Release Lukasz Lenart
Re: Re: Security risk of server side text editing ... Scott Court
Re: libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c) Salvatore Bonaccorso
Sunday, 03 December
ZKTime Web Software 2.0.1.12280 CVE-2017-17057 Cross Site Scripting Himanshu Mehta
Monday, 04 December
CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 P J P
CVE-2017-16930 - Claymore's Dual Ethereum Miner unauth stack buffer overflow in remote management interface oststrom (public)
CVE-2017-8824 linux: use-after-free in DCCP code Mohamed Ghannam
CVE-2017-17381 Qemu: virtio: divide by zero exception while updating rings P J P
Tuesday, 05 December
Jenkins stored cross-site scripting vulnerability Daniel Beck
[OSSA 2017-005.1] Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ERRATA Tristan Cacqueray
[OSSA-2017-006] Nova FilterScheduler doubles resource allocations during rebuild with new image (CVE-2017-17051) Jeremy Stanley
Wednesday, 06 December
Xen Security Advisory 238 (CVE-2017-15591) - DMOP map/unmap missing argument checks Xen . org security team
Jenkins EC2 Plugin 1.37 and earlier arbitrary shell command execution Daniel Beck
Info Leak in the Linux Kernel via Bluetooth Armis Security
Re: Info Leak in the Linux Kernel via Bluetooth Adam Maris
Recommendations GnuPG-2 replacement halfdog
Thursday, 07 December
CVE Request -- Arbitrary command execution in mercurial repo with a git submodule feer james
signed integer overflow in common_timer_get on linux 4.15.0-rc1 at zhou
Re: Recommendations GnuPG-2 replacement oss-security
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH
Re: Recommendations GnuPG-2 replacement Jeremy Stanley
Re: Recommendations GnuPG-2 replacement Solar Designer
Re: Recommendations GnuPG-2 replacement Peter Bex
Re: Recommendations GnuPG-2 replacement Blibbet
Re: Recommendations GnuPG-2 replacement Solar Designer
Re: Recommendations GnuPG-2 replacement Marcus Brinkmann
Friday, 08 December
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Dan Carpenter
Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Greg KH
Re: Re: Recommendations GnuPG-2 replacement Ludovic Courtès
Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann
Re: Re: signed integer overflow in common_timer_get on linux 4.15.0-rc1 Daniel Micay
Sunday, 10 December
Re: Recommendations GnuPG-2 replacement Phil Pennock
Re: Re: Recommendations GnuPG-2 replacement Jeffrey Walton
Re: Re: Recommendations GnuPG-2 replacement Marcus Brinkmann
[CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability Isuru Udana
Re: CVE Request -- Arbitrary command execution in mercurial repo with a git submodule Salvatore Bonaccorso
GraphicsMagick 1.3.27 is available Bob Friesenhahn
Re: Re: Recommendations GnuPG-2 replacement Phil Pennock
Monday, 11 December
PowerDNS Security Advisory 2017-08 Remi Gacogne
Re: PowerDNS Security Advisory 2017-08 Remi Gacogne
Jenkins Script Security Plugin 1.36 and earlier arbitrary file read vulnerability Daniel Beck
Qualys Security Advisory - Buffer overflow in glibc's ld.so Qualys Security Advisory
Tuesday, 12 December
[ANN] [APACHE STRUTS] Security Bulletin S2-055: impact increased to High (related to CVE-2017-7525 - JSON Jackson library) Lukasz Lenart
Xen Security Advisory 249 - broken x86 shadow mode refcount overflow check Xen . org security team
Xen Security Advisory 250 - improper x86 shadow mode refcount error handling Xen . org security team
Xen Security Advisory 248 - x86 PV guests may gain access to internally used pages Xen . org security team
Xen Security Advisory 251 - improper bug check in x86 log-dirty handling Xen . org security team
ROBOT attack (WolfSSL, Bouncy Castle, Erlang) Hanno Böck
Re: Linux kernel: multiple vulnerabilities in the USB subsystem Andrey Konovalov
Wednesday, 13 December
[SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability Nazeer Shaik
Bugs in iscsiuio Qualys Security Advisory
Multiple vulnerabilities in Jenkins Daniel Beck
Thursday, 14 December
CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen
Friday, 15 December
Re: CVE-2017-17670: vlc: type conversion vulnerability Stiepan
Re: Recommendations GnuPG-2 replacement halfdog
Re: Recommendations GnuPG-2 replacement halfdog
Re: CVE-2017-17670: vlc: type conversion vulnerability Hans Jerry Illikainen
CVE-2017-17712 net/ipv4/raw.c: raw_sendmsg() race condition Mohamed Ghannam
Sunday, 17 December
Re: Recommendations GnuPG-2 replacement halfdog
Re: The Internet Bug Bounty: Data Processing (hackerone.com) Qhdwns123
Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert
Portus, missing LDAP server authentication Raphael Geissert
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Stefano Brivio
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Brian Fox
Re: Sonatype Nexus Repository Manager 2.x weak password encryption Raphael Geissert
Re: Portus, missing LDAP server authentication Kiall Mac Innes
Gitlab, LDAP integration vulnerable to MITM attack Raphael Geissert
Net::LDAP ruby gem, missing certificate validation Raphael Geissert
Re: [security] Re: [oss-security] Sonatype Nexus Repository Manager 2.x weak password encryption Brian Fox
Re: Portus, missing LDAP server authentication Marcus Meissner
Monday, 18 December
[SECURITY] CVE-2017-12630 Apache Drill XSS vulnerability Arina Ielchiieva
overly broad IPC details sharing on Linux Kernel? Marcus Meissner
Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor
CVE-2017-15700 - Apache Sling Authentication Service vulnerability Antonio Sanso
Re: Recommendations GnuPG-2 replacement halfdog
Re: Recommendations GnuPG-2 replacement Daniel Kahn Gillmor
Re: Recommendations GnuPG-2 replacement Leonid Isaev
Re: Recommendations GnuPG-2 replacement halfdog
Tuesday, 19 December
CVE-2017-17741 kernel: kvm: stack-based out-of-bounds read via vmcall instruction P J P
Re: Recommendations GnuPG-2 replacement Leonid Isaev
CVE-2017-15124 Qemu: memory exhaustion through framebuffer update request message in VNC server P J P
GIMP parser bugs (FLIMP and more) Hanno Böck
WebKitGTK+ Security Advisory WSA-2017-0010 Carlos Alberto Lopez Perez
Re: GIMP parser bugs (FLIMP and more) Salvatore Bonaccorso
Thursday, 21 December
[GitLab, Inc.] Update: Gitlab, LDAP integration vulnerable to MITM attack Kwang (GitLab Support)
Linux >=4.9: eBPF memory corruption bugs Jann Horn
Friday, 22 December
Re: Recommendations GnuPG-2 replacement Solar Designer
Re: Recommendations GnuPG-2 replacement Dhiru Kholia
Saturday, 23 December
Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso
Sunday, 24 December
Re: Linux >=4.9: eBPF memory corruption bugs Salvatore Bonaccorso
Monday, 25 December
Gain Access to SSH Group via ssh-agent and OpenSSL halfdog
Thursday, 28 December
Path traversal flaws in awstats 7.6 and earlier. John Lightsey
Friday, 29 December
Re: Path traversal flaws in awstats 7.6 and earlier. John Lightsey