oss-sec: by thread
RSS Feed
About List
All Lists
Previous period
591 messages
starting Oct 01 11 and
ending Dec 31 11
Date index |
Thread index |
Author index
- libpurple vulnerability disclosure and fix Ethan Blanton (Oct 01)
- Re: libpurple vulnerability disclosure and fix Josh Bressers (Oct 04)
- Re: rpm/librpm/rpm-python memory corruption pre-verification Solar Designer (Oct 01)
- CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group (Oct 02)
- Re: CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities Josh Bressers (Oct 04)
- CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Jan Lieskovsky (Oct 03)
- Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Josh Bressers (Oct 04)
- Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Juliusz Chroboczek (Oct 06)
- Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Vincent Danen (Oct 07)
- Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)
- Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)
- Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Vincent Danen (Oct 07)
- KDE Security Advisory 20111003-1 published Jeff Mitchell (Oct 03)
- Security issue in OpenStack (nova) Jamie Strandboge (Oct 03)
- Request for CVE Identifier for perl code injection vulnerability in Digest->new() Ramon de C Valle (Oct 03)
- Re: Request for CVE Identifier for perl code injection vulnerability in Digest->new() Josh Bressers (Oct 04)
- CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Jan Lieskovsky (Oct 04)
- Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Josh Bressers (Oct 04)
- CVE Request: vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Oct 04)
- CVE-2011-3979 being duplicate of CVE-2011-3352 Jan Lieskovsky (Oct 04)
- Request for linux-distros list membership Tyler Hicks (Oct 04)
- Re: Request for linux-distros list membership Solar Designer (Oct 04)
- kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 04)
- Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images akuster (Oct 05)
- Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 07)
- CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images] Jan Lieskovsky (Oct 10)
- Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images akuster (Oct 05)
- CVE Request: vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Oct 05)
- CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability YGN Ethical Hacker Group (Oct 05)
- Re: CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability Tomas Hoger (Oct 05)
- CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Jan Lieskovsky (Oct 05)
- Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Ramon de C Valle (Oct 05)
- Re: Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Josh Bressers (Oct 05)
- Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Ramon de C Valle (Oct 05)
- Re: Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Josh Bressers (Oct 05)
- [CVE REQUEST] VLC media player: NULL dereference in HTTP server Rémi Denis-Courmont (Oct 06)
- radvd 1.8.2 released with security fixes Solar Designer (Oct 06)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
- Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Petr Lautrbach (Oct 10)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 10)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
- Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
- CVE request: serendipity freetag plugin before 3.30 and probably others Hanno Böck (Oct 08)
- Re: CVE request: serendipity freetag plugin before 3.30 and probably others Josh Bressers (Oct 10)
- CVE request: CSRF and file inclusion in usebb before 1.0.12 Hanno Böck (Oct 09)
- Re: CVE request: CSRF and file inclusion in usebb before 1.0.12 Josh Bressers (Oct 10)
- CVE request: vanilla forums cookie theft, plugin access control Hanno Böck (Oct 09)
- Re: CVE request: vanilla forums cookie theft, plugin access control Josh Bressers (Oct 10)
- CVE request: simple machines forum before 2.0.1 and 1.1.15 Hanno Böck (Oct 09)
- Re: CVE request: simple machines forum before 2.0.1 and 1.1.15 Josh Bressers (Oct 10)
- CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Sean Amoss (Oct 09)
- Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Josh Bressers (Oct 10)
- CVE requests: Tahoe-LAFS and atop Moritz Muehlenhoff (Oct 09)
- Re: CVE requests: Tahoe-LAFS and atop Josh Bressers (Oct 10)
- CVE request: XSS in phorum before 5.2.18 Hanno Böck (Oct 10)
- Re: CVE request: XSS in phorum before 5.2.18 Josh Bressers (Oct 18)
- CVE request: fluxbb before 1.4.7 Hanno Böck (Oct 10)
- Re: CVE request: fluxbb before 1.4.7 Henri Salo (Oct 13)
- Re: CVE request: fluxbb before 1.4.7 Josh Bressers (Oct 18)
- CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Michael Harrison (Oct 10)
- Please REJECT CVE-2011-1161 Petr Matousek (Oct 11)
- Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Matthias Weckbecker (Oct 18)
- Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 18)
- Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Josh Bressers (Oct 18)
- Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Matthias Weckbecker (Oct 18)
- CVE request: mplayer SAMI subtitle parsing buffer overflow Tim Sammut (Oct 13)
- Re: CVE request: mplayer SAMI subtitle parsing buffer overflow Josh Bressers (Oct 18)
- hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 15)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Josh Bressers (Oct 20)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 21)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 21)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 23)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 21)
- Re: hardlink(1) has buffer overflows, is unsafe on changing trees Josh Bressers (Oct 20)
- Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Oct 16)
- Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 05)
- Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Marcus Meissner (Nov 06)
- Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 08)
- Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Marcus Meissner (Nov 06)
- Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 05)
- Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
- Re: Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
- Re: Wrong MLIST link in CVE-2011-3783 Eugene Teo (Oct 16)
- Re: Wrong MLIST link in CVE-2011-3783 Steven M. Christey (Oct 17)
- Re: Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
- CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Josh Bressers (Oct 18)
- Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
- Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)
- CVE request: kernel/AppArmor local denial of service Marcus Meissner (Oct 17)
- Re: CVE request: kernel/AppArmor local denial of service Petr Matousek (Oct 17)
- CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck (Oct 18)
- Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers (Oct 18)
- CVE Request: pam Marc Deslauriers (Oct 18)
- Re: CVE Request: pam Josh Bressers (Oct 18)
- CVE Request: FreeBSD kernel Aurelien Jarno (Oct 19)
- Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)
- Re: CVE Request: FreeBSD kernel Moritz Muehlenhoff (Oct 20)
- Re: CVE Request: FreeBSD kernel Eitan Adler (Oct 24)
- Re: CVE Request: FreeBSD kernel Colin Percival (Oct 24)
- Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)
- CVE-request: Joomla 20111001 Core - Information Disclosure Henri Salo (Oct 18)
- Re: CVE-request: Joomla 20111001 Core - Information Disclosure Josh Bressers (Oct 18)
- Fwd: X.Org security advisory: xserver locking code issues Matthieu Herrb (Oct 18)
- MySQL executable comment execution on MySQL slave server (from 2009) Kurt Seifried (Oct 18)
- Re: MySQL executable comment execution on MySQL slave server (from 2009) Josh Bressers (Oct 18)
- CVE Request: mplayer RDT parsing integer underlow Tim Sammut (Oct 18)
- Re: CVE Request: mplayer RDT parsing integer underlow Josh Bressers (Oct 20)
- Re: CVE Request: mplayer RDT parsing integer underlow Moritz Muehlenhoff (Oct 20)
- Re: CVE Request: mplayer RDT parsing integer underlow Josh Bressers (Oct 20)
- CVE request: piwik before 1.6 Hanno Böck (Oct 19)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 27)
- Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
- <Possible follow-ups>
- Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
- Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
- CVE Request: apt Marc Deslauriers (Oct 19)
- Re: CVE Request: apt Josh Bressers (Oct 20)
- CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Vincent Danen (Oct 19)
- Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Josh Bressers (Oct 20)
- Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Hanno Böck (Oct 20)
- Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Moritz Mühlenhoff (Oct 20)
- Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Josh Bressers (Oct 20)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws cve-assign (Oct 19)
- qemu: CVE-2011-3346 Petr Matousek (Oct 20)
- PR attack against XML Encryption Florian Weimer (Oct 20)
- Re: PR attack against XML Encryption Jan Lieskovsky (Oct 20)
- Re: PR attack against XML Encryption Yves-Alexis Perez (Oct 20)
- Re: PR attack against XML Encryption Florian Weimer (Oct 21)
- CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Petr Matousek (Oct 21)
- Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Eugene Teo (Oct 24)
- kernel; CVE-2011-2942 and CVE-2011-3209 Eugene Teo (Oct 24)
- CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Reed Loden (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Robert Relyea (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Elio Maldonado (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Robert Relyea (Oct 24)
- Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Josh Bressers (Oct 25)
- CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Vincent Danen (Oct 24)
- Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Kurt Seifried (Oct 25)
- CVE request: nova Jamie Strandboge (Oct 25)
- Re: CVE request: nova Kurt Seifried (Oct 25)
- CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Petr Matousek (Oct 26)
- Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Kurt Seifried (Oct 26)
- CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Jan Lieskovsky (Oct 26)
- CVE Request: slapd off by one Sebastian Krahmer (Oct 26)
- CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
- Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
- Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Ramon de C Valle (Oct 28)
- Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Kurt Seifried (Oct 26)
- Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
- CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Steven M. Christey (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Nov 04)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 26)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
- Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
- CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Marcus Meissner (Oct 26)
- Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Vincent Danen (Nov 15)
- Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Kurt Seifried (Nov 15)
- Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Vincent Danen (Nov 15)
- CVE request: kernel: crypto: ghash: null pointer deref if no key is set Eugene Teo (Oct 27)
- Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set Huzaifa Sidhpurwala (Oct 27)
- CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Jan Lieskovsky (Oct 27)
- CVE Request: Security issue in backuppc Jamie Strandboge (Oct 27)
- CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
- CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner (Oct 28)
- CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Sean Amoss (Oct 28)
- Re: CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Yves-Alexis Perez (Oct 28)
- Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried (Oct 28)
- Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Nov 06)
- Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
- Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
- Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
- Jara 1.6 SQL injection and XSS Henri Salo (Oct 30)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Henri Salo (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
- CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)
- Re: CVE request: 3 flaws in libobby and libnet6 Armin Burgmeier (Oct 30)
- Re: CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)
- Re: CVE request: 3 flaws in libobby and libnet6 Kurt Seifried (Oct 31)
- Re: CVE request: 3 flaws in libobby and libnet6 Armin Burgmeier (Oct 30)
- CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Jan Lieskovsky (Oct 31)
- Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Kurt Seifried (Oct 31)
- CVE request: kernel: oom: fix integer overflow of points in oom_badness Eugene Teo (Oct 31)
- Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness Kurt Seifried (Oct 31)
- libcap/capsh: does not chdir after chroot Huzaifa Sidhpurwala (Nov 01)
- CVE request for Django-piston and Tastypie David Black (Nov 01)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
- Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
- Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
- Re: CVE request for Django-piston and Tastypie David Black (Nov 01)
- Re: Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 02)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
- CVE request for wireshark flaws Vincent Danen (Nov 01)
- Re: CVE request for wireshark flaws Kurt Seifried (Nov 01)
- CVE request for Calibre Jason A. Donenfeld (Nov 01)
- Re: CVE request for Calibre Jason A. Donenfeld (Nov 01)
- Re: Re: CVE request for Calibre Dan Rosenberg (Nov 03)
- Re: Re: CVE request for Calibre Kurt Seifried (Nov 03)
- Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
- Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
- Re: Re: CVE request for Calibre Steven M. Christey (Nov 04)
- Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
- Re: Re: CVE request for Calibre Kurt Seifried (Nov 06)
- Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 06)
- Re: Re: CVE request for Calibre Kurt Seifried (Nov 08)
- Re: Re: CVE request for Calibre Dan Rosenberg (Nov 03)
- Re: CVE request for Calibre Jason A. Donenfeld (Nov 01)
- kiwi shell meta char injection Thomas Biege (Nov 02)
- Re: kiwi shell meta char injection Thomas Biege (Nov 02)
- Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 10)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)
- Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
- Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
- CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Nov 03)
- Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Kurt Seifried (Nov 03)
- CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Jan Lieskovsky (Nov 03)
- CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Jan Lieskovsky (Nov 04)
- CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
- Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
- CVE request: Mahara Moritz Muehlenhoff (Nov 04)
- Re: CVE request: Mahara Kurt Seifried (Nov 04)
- /proc/$PID/sched PoC: spy-gksu Vasiliy Kulikov (Nov 05)
- caml-light insecure temporary files David Holland (Nov 06)
- Re: caml-light insecure temporary files Florian Weimer (Nov 06)
- Re: caml-light insecure temporary files Eitan Adler (Nov 06)
- Re: caml-light insecure temporary files David Holland (Nov 08)
- Re: caml-light insecure temporary files Kurt Seifried (Nov 06)
- Re: caml-light insecure temporary files Florian Weimer (Nov 06)
- CVE Request -- pam_yubico -- Authentication bypass via NULL password Jan Lieskovsky (Nov 07)
- Re: CVE Request -- pam_yubico -- Authentication bypass via NULL password Kurt Seifried (Nov 07)
- /proc/interrupts PoC: spy-interrupts Vasiliy Kulikov (Nov 07)
- Re: /proc/interrupts PoC: spy-interrupts David Hicks (Nov 08)
- CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Jan Lieskovsky (Nov 07)
- Fwd: DSA 2338-1 moodle security update Henri Salo (Nov 07)
- Re: Fwd: DSA 2338-1 moodle security update jmm (Nov 07)
- Re: Fwd: DSA 2338-1 moodle security update Kurt Seifried (Nov 13)
- Re: Fwd: DSA 2338-1 moodle security update jmm (Nov 07)
- CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Vasiliy Kulikov (Nov 08)
- Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
- Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
- Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
- CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)
- Re: CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)
- Re: Re: CVE request: Android: vold stack buffer overflow Kurt Seifried (Nov 08)
- <Possible follow-ups>
- Re: Re: CVE request: Android: vold stack buffer overflow Nick Kralevich (Nov 10)
- Re: CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)
- potential OpenPAM vulnerability Sebastian Krahmer (Nov 08)
- Re: potential OpenPAM vulnerability Kurt Seifried (Nov 08)
- CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Vincent Danen (Nov 08)
- Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Kurt Seifried (Nov 09)
- CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Jan Lieskovsky (Nov 09)
- CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Jan Lieskovsky (Nov 10)
- Re: CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Kurt Seifried (Nov 10)
- CVE Request -- kernel: nfs4_getfacl decoding kernel oops Petr Matousek (Nov 11)
- Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 11)
- Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 13)
- Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 11)
- Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 11)
- CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Petr Matousek (Nov 11)
- Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Kurt Seifried (Nov 13)
- CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Hanno Böck (Nov 13)
- Re: CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Kurt Seifried (Nov 14)
- CVE request: ResourceSpace before 4.2.2833 insufficient access check Hanno Böck (Nov 13)
- Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check Kurt Seifried (Nov 14)
- Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 14)
- Re: Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 21)
- Arch Linux Shaman issue Kurt Seifried (Nov 14)
- glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 14)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 16)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 16)
- Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)
- weird crypt-sha* in DragonFly BSD Solar Designer (Nov 14)
- Re: weird crypt-sha* in DragonFly BSD Solar Designer (Nov 15)
- OpenBSD bcrypt error return Solar Designer (Nov 14)
- Re: OpenBSD bcrypt error return Solar Designer (Nov 14)
- *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 14)
- Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 14)
- CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Jan Lieskovsky (Nov 15)
- CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information David Jorm (Nov 16)
- CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c The Fungi (Nov 16)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
- Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
- CVE Request: nginx resolver heap overflow Ben Hawkes (Nov 17)
- Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
- Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
- Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
- linux-distros list setup update Solar Designer (Nov 17)
- linux-distros Slackware membership Patrick J. Volkerding (Nov 28)
- Re: linux-distros Slackware membership Solar Designer (Nov 28)
- Re: linux-distros list setup update Solar Designer (Dec 13)
- linux-distros Slackware membership Patrick J. Volkerding (Nov 28)
- non-Linux advance notification list Solar Designer (Nov 17)
- Re: non-Linux advance notification list Tim Zingelman (Nov 18)
- Re: non-Linux advance notification list Solar Designer (Nov 26)
- Re: non-Linux advance notification list Joost Hoogendoorn (Nov 26)
- Re: non-Linux advance notification list Solar Designer (Nov 26)
- Re: non-Linux advance notification list Michael Harrison (Nov 27)
- Re: non-Linux advance notification list Solar Designer (Nov 27)
- Re: non-Linux advance notification list Solar Designer (Nov 27)
- Re: non-Linux advance notification list Michael Harrison (Nov 28)
- Re: non-Linux advance notification list Alex Legler (Nov 28)
- Re: non-Linux advance notification list Solar Designer (Dec 08)
- Re: non-Linux advance notification list Solar Designer (Nov 26)
- Re: non-Linux advance notification list Tim Zingelman (Nov 18)
- CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Jan Lieskovsky (Nov 18)
- CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Jan Lieskovsky (Nov 18)
- CVE request: ejabberd before 2.1.9 Hanno Böck (Nov 19)
- Re: CVE request: ejabberd before 2.1.9 Kurt Seifried (Nov 19)
- Re: closed-list membership transition Solar Designer (Nov 19)
- CVE request: joomla 1.5 before 1.5.25 password change vulnerability Hanno Böck (Nov 20)
- Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability Kurt Seifried (Nov 20)
- CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Hanno Böck (Nov 20)
- Re: CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Kurt Seifried (Nov 20)
- CVE request: drupal before 7.5 access bypass Hanno Böck (Nov 20)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 20)
- Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
- Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 20)
- CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0 Eugene Teo (Nov 20)
- kernel: hfs: add sanity check for file name length Eugene Teo (Nov 20)
- Re: kernel: hfs: add sanity check for file name length Kurt Seifried (Nov 21)
- Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
- Fwd: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Kurt Seifried (Nov 21)
- CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Jan Lieskovsky (Nov 21)
- Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Kurt Seifried (Nov 21)
- CVE Request: openssh 5.8p2 Marcus Meissner (Nov 21)
- Re: CVE Request: openssh 5.8p2 Kurt Seifried (Nov 21)
- CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Petr Matousek (Nov 21)
- Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Kurt Seifried (Nov 21)
- Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Henri Salo (Nov 21)
- CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Steven M. Christey (Nov 22)
- Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue] Jan Lieskovsky (Nov 23)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
- Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
- CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Petr Matousek (Nov 21)
- Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
- Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Eugene Teo (Nov 21)
- Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
- Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
- CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Henri Salo (Nov 21)
- Re: CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Kurt Seifried (Nov 21)
- CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo (Nov 21)
- Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Kurt Seifried (Nov 21)
- Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo (Nov 22)
- CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Henri Salo (Nov 22)
- CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Jan Lieskovsky (Nov 23)
- CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
- Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 23)
- Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
- Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 25)
- Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
- Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 23)
- CVE request: jenkins Jamie Strandboge (Nov 23)
- Re: CVE request: jenkins Kurt Seifried (Nov 23)
- CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Eugene Teo (Nov 23)
- Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
- Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)
- Re: Re: Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
- Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)
- CVE request -- kernel: kvm: device assignment DoS Petr Matousek (Nov 24)
- Re: CVE request -- kernel: kvm: device assignment DoS Kurt Seifried (Nov 24)
- CVE Request: colord sql injections Ludwig Nussel (Nov 25)
- Re: CVE Request: colord sql injections Jan Lieskovsky (Nov 25)
- Re: CVE Request: colord sql injections Ludwig Nussel (Nov 25)
- Re: CVE Request: colord sql injections Kurt Seifried (Nov 25)
- Re: CVE Request: colord sql injections Jan Lieskovsky (Nov 25)
- CVE Request -- yaws -- Directory traversal flaw Jan Lieskovsky (Nov 25)
- Re: CVE Request -- yaws -- Directory traversal flaw Rob Keith (Nov 25)
- Re: CVE Request -- yaws -- Directory traversal flaw Kurt Seifried (Nov 25)
- CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky (Nov 27)
- CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky (Nov 28)
- CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts Kurt Seifried (Nov 28)
- CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm (Nov 28)
- Fwd: Bug script install slackware Raphael Bastos (Nov 28)
- Re: Fwd: Bug script install slackware Kurt Seifried (Nov 28)
- Re: Fwd: Bug script install slackware Solar Designer (Nov 28)
- Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)
- Re: Fwd: Bug script install slackware Patrick J. Volkerding (Nov 29)
- Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)
- Re: Fwd: Bug script install slackware Solar Designer (Nov 29)
- Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)
- CVE request: mediawiki before 1.17.1 Hanno Böck (Nov 29)
- Re: CVE request: mediawiki before 1.17.1 Kurt Seifried (Nov 29)
- CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Stefan Bühler (Nov 29)
- Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Kurt Seifried (Nov 29)
- CVE id request: ffmpeg Nico Golde (Nov 30)
- Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
- Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
- Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
- CVE request: Proc::ProcessTable perl module Moritz Muehlenhoff (Nov 30)
- Re: CVE request: Proc::ProcessTable perl module Kurt Seifried (Nov 30)
- XSSer v1.6 -beta- aka "Grey Swarm!" released. psy (Nov 30)
- Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Solar Designer (Nov 30)
- Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Kurt Seifried (Nov 30)
- Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Henri Salo (Nov 30)
- Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Kurt Seifried (Nov 30)
- Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Solar Designer (Nov 30)
- CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
- <Possible follow-ups>
- RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Secunia Research (Dec 01)
- CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys Billy Brumley (Dec 01)
- DOM based XSS in the JBoss AS 7 administration console - CVE-2011-3606 David Jorm (Dec 01)
- CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609 David Jorm (Dec 01)
- CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)
- Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)
- CVE Request: ffmpeg Marc Deslauriers (Dec 04)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 06)
- Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)
- Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
- CVE request: glibc: timezone integer overflow Matthias Weckbecker (Dec 05)
- Re: CVE request: glibc: timezone integer overflow Kurt Seifried (Dec 07)
- C|Net Download.Com is now bundling Nmap with malware! Henri Salo (Dec 06)
- CVE request: acpid Moritz Muehlenhoff (Dec 06)
- Re: CVE request: acpid Kurt Seifried (Dec 06)
- acpid - possible issue in socket handling Kurt Seifried (Dec 06)
- Disputing CVE-2011-4122 Jeff Mitchell (Dec 07)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Solar Designer (Dec 23)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 26)
- Re: Disputing CVE-2011-4122 Solar Designer (Dec 27)
- Re: Disputing CVE-2011-4122 Sebastian Krahmer (Dec 28)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 26)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
- CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Vincent Danen (Dec 07)
- Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Kurt Seifried (Dec 07)
- CVE-request WordPress pretty-link plugin 1.5.2 XSS Henri Salo (Dec 08)
- Re: CVE-request WordPress pretty-link plugin 1.5.2 XSS Kurt Seifried (Dec 08)
- CVE Request -- kernel: send(m)msg: user pointer dereferences Petr Matousek (Dec 08)
- Re: CVE Request -- kernel: send(m)msg: user pointer dereferences Kurt Seifried (Dec 08)
- CVE Request: icu out of bounds access Ludwig Nussel (Dec 09)
- Re: CVE Request: icu out of bounds access Kurt Seifried (Dec 09)
- CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Jan Lieskovsky (Dec 09)
- Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Kurt Seifried (Dec 09)
- CVE request: Pidgin crash Mark Doliner (Dec 09)
- Re: CVE request: Pidgin crash Kurt Seifried (Dec 09)
- cve request: bat_socket_read memory corruption Paul (Dec 10)
- Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 10)
- Re: cve request: bat_socket_read memory corruption Paul (Dec 10)
- <Possible follow-ups>
- Fwd: Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 11)
- Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 10)
- CVE request: rocksndiamonds world-writable working/config directory Vincent Danen (Dec 12)
- Re: CVE request: rocksndiamonds world-writable working/config directory Kurt Seifried (Dec 12)
- CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Vincent Danen (Dec 12)
- OpenIPMI: IPMI event daemon creates PID file with world writeable permissions Huzaifa Sidhpurwala (Dec 12)
- CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Eugene Teo (Dec 15)
- CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz (Dec 15)
- Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried (Dec 15)
- Security issue in icecast Jamie Strandboge (Dec 15)
- RE: [Icecast-dev] Security issue in icecast Thomas.Rucker (Dec 15)
- Re: RE: [Icecast-dev] Security issue in icecast Jamie Strandboge (Dec 15)
- Re: Security issue in icecast Kurt Seifried (Dec 15)
- RE: [Icecast-dev] Security issue in icecast Thomas.Rucker (Dec 15)
- TYPO3 typo3-core-sa-2011-004 Kurt Seifried (Dec 16)
- CVE request: zabbix persistent XSS flaw Vincent Danen (Dec 16)
- Re: CVE request: zabbix persistent XSS flaw Kurt Seifried (Dec 16)
- CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Henri Salo (Dec 18)
- Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Kurt Seifried (Dec 19)
- CVE for HTML-Template-Pro 0.9506 XSS Kurt Seifried (Dec 18)
- CVE id request: python-virtualenv Nico Golde (Dec 19)
- Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
- Re: CVE id request: python-virtualenv Nico Golde (Dec 19)
- Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
- Re: CVE id request: python-virtualenv Nico Golde (Dec 19)
- Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
- CVE assignment from previous years Tim Sammut (Dec 19)
- Re: CVE assignment from previous years Kurt Seifried (Dec 19)
- Re: CVE assignment from previous years Steven M. Christey (Dec 20)
- Re: CVE assignment from previous years Kurt Seifried (Dec 20)
- Re: CVE assignment from previous years Steven M. Christey (Dec 20)
- Re: CVE assignment from previous years Kurt Seifried (Dec 19)
- CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl Kurt Seifried (Dec 19)
- plib ulSetError() buffer overflow - CVE-2011-4620 Kurt Seifried (Dec 21)
- CVE Request -- kernel: tight loop and no preemption can cause system stall Petr Matousek (Dec 21)
- Re: CVE Request -- kernel: tight loop and no preemption can cause system stall Kurt Seifried (Dec 21)
- kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
- Re: kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
- Re: kernel: kvm: pit timer with no irqchip crashes the system Kurt Seifried (Dec 21)
- Re: kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
- CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky (Dec 22)
- Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl Petr Matousek (Dec 22)
- CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Henri Salo (Dec 22)
- Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Kurt Seifried (Dec 23)
- CVE request: simplesamlphp / Typo3 Moritz Muehlenhoff (Dec 23)
- Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
- Re: CVE request: simplesamlphp / Typo3 Moritz Mühlenhoff (Dec 23)
- Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
- Re: CVE request: simplesamlphp / Typo3 Moritz Mühlenhoff (Dec 23)
- Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
- CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Henri Salo (Dec 24)
- Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Kurt Seifried (Dec 24)
- CVE-request for three 2009 Joomla issues Henri Salo (Dec 24)
- Re: CVE-request for three 2009 Joomla issues Kurt Seifried (Dec 25)
- CVE Request for Apache ActiveMQ DoS David Jorm (Dec 24)
- Re: CVE Request for Apache ActiveMQ DoS Kurt Seifried (Dec 25)
- CVE-request for three 2009 Joomla issues (second part) Henri Salo (Dec 25)
- Re: CVE-request for three 2009 Joomla issues (second part) Kurt Seifried (Dec 25)
- CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Henri Salo (Dec 25)
- Re: CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Kurt Seifried (Dec 25)
- CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 25)
- Re: CVE-2011-4862 is not BSD-specific Kurt Seifried (Dec 25)
- Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 25)
- Re: CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 26)
- Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 26)
- Re: CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 26)
- Re: closed-list Kurt Seifried (Dec 27)
- Re: closed-list Solar Designer (Dec 29)
- Re: CVE request: kernel: multiple issues in ROSE Kurt Seifried (Dec 27)
- [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 28)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm (Dec 29)
- Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger (Dec 30)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
- Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 31)
- More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
- Re: Closed list Solar Designer (Dec 29)
- CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo (Dec 30)
- Re: CVE-request: Elxis CMS two XSS-vulnerabilities Kurt Seifried (Dec 31)
- mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)
- Re: mpack 1.6 allows eavesdropping on mails sent by other users Kurt Seifried (Dec 31)
- Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)
- Re: mpack 1.6 allows eavesdropping on mails sent by other users Kurt Seifried (Dec 31)