oss-sec: by date
RSS Feed
About List
All Lists
Previous period
591 messages
starting Oct 01 11 and
ending Dec 31 11
Date index |
Thread index |
Author index
Saturday, 01 October
libpurple vulnerability disclosure and fix Ethan Blanton
Re: rpm/librpm/rpm-python memory corruption pre-verification Solar Designer
Sunday, 02 October
CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group
Monday, 03 October
CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Jan Lieskovsky
KDE Security Advisory 20111003-1 published Jeff Mitchell
Security issue in OpenStack (nova) Jamie Strandboge
Request for CVE Identifier for perl code injection vulnerability in Digest->new() Ramon de C Valle
Tuesday, 04 October
CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Jan Lieskovsky
CVE Request: vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
CVE-2011-3979 being duplicate of CVE-2011-3352 Jan Lieskovsky
Request for linux-distros list membership Tyler Hicks
Re: Request for linux-distros list membership Solar Designer
Re: libpurple vulnerability disclosure and fix Josh Bressers
Re: CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities Josh Bressers
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Josh Bressers
Re: Request for CVE Identifier for perl code injection vulnerability in Digest->new() Josh Bressers
Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Josh Bressers
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala
Wednesday, 05 October
CVE Request: vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability YGN Ethical Hacker Group
CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability YGN Ethical Hacker Group
Re: CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability Tomas Hoger
CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Jan Lieskovsky
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images akuster
Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Ramon de C Valle
Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Ramon de C Valle
Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Josh Bressers
Re: Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Josh Bressers
Re: Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Josh Bressers
Thursday, 06 October
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Juliusz Chroboczek
[CVE REQUEST] VLC media player: NULL dereference in HTTP server Rémi Denis-Courmont
radvd 1.8.2 released with security fixes Solar Designer
Friday, 07 October
CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky
Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala
Re: radvd 1.8.2 released with security fixes Robert Święcki
Re: radvd 1.8.2 released with security fixes John Haxby
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Vincent Danen
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive
Saturday, 08 October
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov
CVE request: serendipity freetag plugin before 3.30 and probably others Hanno Böck
Sunday, 09 October
CVE request: CSRF and file inclusion in usebb before 1.0.12 Hanno Böck
CVE request: vanilla forums cookie theft, plugin access control Hanno Böck
CVE request: simple machines forum before 2.0.1 and 1.1.15 Hanno Böck
CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Sean Amoss
CVE requests: Tahoe-LAFS and atop Moritz Muehlenhoff
Monday, 10 October
CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images] Jan Lieskovsky
Re: CVE Request -- Multiple security issues in various versions of AWStats Petr Lautrbach
Re: CVE request: serendipity freetag plugin before 3.30 and probably others Josh Bressers
Re: CVE request: CSRF and file inclusion in usebb before 1.0.12 Josh Bressers
Re: CVE request: vanilla forums cookie theft, plugin access control Josh Bressers
Re: CVE request: simple machines forum before 2.0.1 and 1.1.15 Josh Bressers
CVE request: XSS in phorum before 5.2.18 Hanno Böck
Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Josh Bressers
CVE request: fluxbb before 1.4.7 Hanno Böck
Re: CVE requests: Tahoe-LAFS and atop Josh Bressers
CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Michael Harrison
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive
Tuesday, 11 October
Please REJECT CVE-2011-1161 Petr Matousek
Re: radvd 1.8.2 released with security fixes Reuben Hawkins
Wednesday, 12 October
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov
Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried
Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried
Thursday, 13 October
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala
Re: CVE request: fluxbb before 1.4.7 Henri Salo
Re: radvd 1.8.2 released with security fixes Solar Designer
CVE request: mplayer SAMI subtitle parsing buffer overflow Tim Sammut
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala
Friday, 14 October
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov
Re: radvd 1.8.2 released with security fixes Reuben Hawkins
Saturday, 15 October
hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer
Sunday, 16 October
Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo
Wrong MLIST link in CVE-2011-3783 Henri Salo
Re: Wrong MLIST link in CVE-2011-3783 Henri Salo
Re: Wrong MLIST link in CVE-2011-3783 Eugene Teo
Monday, 17 October
CVE request: double-free vulnerability in logsurfer Timo Warns
Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner
Re: CVE request: double-free vulnerability in logsurfer Timo Warns
CVE request: kernel/AppArmor local denial of service Marcus Meissner
Re: CVE request: kernel/AppArmor local denial of service Petr Matousek
Re: Wrong MLIST link in CVE-2011-3783 Steven M. Christey
Tuesday, 18 October
CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Matthias Weckbecker
CVE Request: pam Marc Deslauriers
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried
CVE-request: Joomla 20111001 Core - Information Disclosure Henri Salo
Fwd: X.Org security advisory: xserver locking code issues Matthieu Herrb
MySQL executable comment execution on MySQL slave server (from 2009) Kurt Seifried
Re: CVE request: fluxbb before 1.4.7 Josh Bressers
Re: CVE request: XSS in phorum before 5.2.18 Josh Bressers
Re: CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Josh Bressers
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Josh Bressers
Re: CVE request: mplayer SAMI subtitle parsing buffer overflow Josh Bressers
Re: CVE request: double-free vulnerability in logsurfer Josh Bressers
Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers
Re: CVE Request: pam Josh Bressers
Re: CVE-request: Joomla 20111001 Core - Information Disclosure Josh Bressers
Re: MySQL executable comment execution on MySQL slave server (from 2009) Josh Bressers
CVE Request: mplayer RDT parsing integer underlow Tim Sammut
Wednesday, 19 October
CVE Request: FreeBSD kernel Aurelien Jarno
CVE request: piwik before 1.6 Hanno Böck
CVE Request: apt Marc Deslauriers
Re: CVE request: piwik before 1.6 Steven M. Christey
CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Vincent Danen
Re: CVE request: piwik before 1.6 Anthon Pang
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws cve-assign
Re: CVE request: piwik before 1.6 Anthon Pang
Thursday, 20 October
qemu: CVE-2011-3346 Petr Matousek
PR attack against XML Encryption Florian Weimer
Re: PR attack against XML Encryption Jan Lieskovsky
Re: PR attack against XML Encryption Yves-Alexis Perez
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Josh Bressers
Re: CVE Request: mplayer RDT parsing integer underlow Josh Bressers
Re: CVE Request: FreeBSD kernel Josh Bressers
Re: CVE Request: FreeBSD kernel Moritz Muehlenhoff
Re: CVE request: piwik before 1.6 Josh Bressers
Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez
Re: CVE Request: apt Josh Bressers
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Josh Bressers
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Hanno Böck
Re: CVE Request: mplayer RDT parsing integer underlow Moritz Muehlenhoff
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Moritz Mühlenhoff
Friday, 21 October
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala
Re: PR attack against XML Encryption Florian Weimer
CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Petr Matousek
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer
Sunday, 23 October
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala
Monday, 24 October
Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Eugene Teo
kernel; CVE-2011-2942 and CVE-2011-3209 Eugene Teo
CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Reed Loden
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Robert Relyea
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Elio Maldonado
CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Vincent Danen
Re: CVE Request: FreeBSD kernel Eitan Adler
Re: CVE Request: FreeBSD kernel Colin Percival
Tuesday, 25 October
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Josh Bressers
Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Kurt Seifried
CVE request: nova Jamie Strandboge
Re: CVE request: nova Kurt Seifried
Wednesday, 26 October
CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Petr Matousek
CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Jan Lieskovsky
Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Kurt Seifried
CVE Request: slapd off by one Sebastian Krahmer
CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner
Re: CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Kurt Seifried
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner
CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Kurt Seifried
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov
CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Marcus Meissner
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg
Thursday, 27 October
CVE request: kernel: crypto: ghash: null pointer deref if no key is set Eugene Teo
Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set Huzaifa Sidhpurwala
CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Jan Lieskovsky
Re: CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Kurt Seifried
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg
CVE Request: Security issue in backuppc Jamie Strandboge
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Steven M. Christey
Re: CVE request: piwik before 1.6 Henri Salo
Friday, 28 October
Re: CVE request: piwik before 1.6 Henri Salo
CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck
CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner
CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Sean Amoss
Re: CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Yves-Alexis Perez
Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle
Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck
Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle
Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut
Re: Request for CVE Identifier: bzexe insecure temporary file vladz
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried
Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Kurt Seifried
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Ramon de C Valle
Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried
Saturday, 29 October
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried
Sunday, 30 October
Jara 1.6 SQL injection and XSS Henri Salo
CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov
Re: CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov
Re: CVE request: 3 flaws in libobby and libnet6 Armin Burgmeier
Monday, 31 October
Re: CVE request: 3 flaws in libobby and libnet6 Kurt Seifried
Re: Jara 1.6 SQL injection and XSS Kurt Seifried
Re: Jara 1.6 SQL injection and XSS Henri Salo
Re: Jara 1.6 SQL injection and XSS Kurt Seifried
CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Jan Lieskovsky
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Kurt Seifried
CVE request: kernel: oom: fix integer overflow of points in oom_badness Eugene Teo
Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness Kurt Seifried
Tuesday, 01 November
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Henrik Nordström
libcap/capsh: does not chdir after chroot Huzaifa Sidhpurwala
CVE request for Django-piston and Tastypie David Black
Re: CVE request for Django-piston and Tastypie Kurt Seifried
CVE request for wireshark flaws Vincent Danen
Re: CVE request for Django-piston and Tastypie Vincent Danen
Re: CVE request for wireshark flaws Kurt Seifried
Re: CVE request for Django-piston and Tastypie Kurt Seifried
Re: CVE request for Django-piston and Tastypie David Black
CVE request for Calibre Jason A. Donenfeld
Re: CVE request for Calibre Jason A. Donenfeld
Wednesday, 02 November
kiwi shell meta char injection Thomas Biege
Re: kiwi shell meta char injection Thomas Biege
Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez
Re: Re: CVE request for Django-piston and Tastypie Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster
Thursday, 03 November
Re: Re: CVE request for Calibre Dan Rosenberg
CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck
CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Jan Lieskovsky
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Kurt Seifried
Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Kurt Seifried
Re: Re: CVE request for Calibre Kurt Seifried
Friday, 04 November
CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Jan Lieskovsky
CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey
Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Kurt Seifried
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer
CVE request: Mahara Moritz Muehlenhoff
Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey
Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey
Re: CVE request: Mahara Kurt Seifried
Re: Re: CVE request for Calibre Jason A. Donenfeld
Re: Re: CVE request for Calibre Jason A. Donenfeld
Re: Re: CVE request for Calibre Steven M. Christey
Re: Re: CVE request for Calibre Jason A. Donenfeld
Saturday, 05 November
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer
/proc/$PID/sched PoC: spy-gksu Vasiliy Kulikov
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo
Sunday, 06 November
Re: Request for CVE Identifier: bzexe insecure temporary file vladz
caml-light insecure temporary files David Holland
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Marcus Meissner
Re: caml-light insecure temporary files Florian Weimer
Re: Re: CVE request for Calibre Kurt Seifried
Re: caml-light insecure temporary files Kurt Seifried
Re: Re: CVE request for Calibre Jason A. Donenfeld
Re: caml-light insecure temporary files Eitan Adler
Monday, 07 November
CVE Request -- pam_yubico -- Authentication bypass via NULL password Jan Lieskovsky
Re: CVE Request -- pam_yubico -- Authentication bypass via NULL password Kurt Seifried
/proc/interrupts PoC: spy-interrupts Vasiliy Kulikov
CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Jan Lieskovsky
Re: CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Kurt Seifried
Fwd: DSA 2338-1 moodle security update Henri Salo
Re: Fwd: DSA 2338-1 moodle security update jmm
Tuesday, 08 November
CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Vasiliy Kulikov
Re: caml-light insecure temporary files David Holland
CVE request: Android: vold stack buffer overflow Dan Rosenberg
Re: CVE request: Android: vold stack buffer overflow Dan Rosenberg
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo
Re: /proc/interrupts PoC: spy-interrupts David Hicks
potential OpenPAM vulnerability Sebastian Krahmer
Re: potential OpenPAM vulnerability Kurt Seifried
Re: Re: CVE request: Android: vold stack buffer overflow Kurt Seifried
Re: Re: CVE request for Calibre Kurt Seifried
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo
CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Vincent Danen
Wednesday, 09 November
CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Jan Lieskovsky
Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Kurt Seifried
Re: CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers
Thursday, 10 November
Re: Re: CVE request: Android: vold stack buffer overflow Nick Kralevich
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster
CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Jan Lieskovsky
Re: CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Robert Ancell
Friday, 11 November
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster
Re: Re: [LightDM] Version 1.0.6 released John Haxby
CVE Request -- kernel: nfs4_getfacl decoding kernel oops Petr Matousek
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers
CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Petr Matousek
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried
Sunday, 13 November
CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Hanno Böck
CVE request: ResourceSpace before 4.2.2833 insufficient access check Hanno Böck
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Kurt Seifried
Re: Fwd: DSA 2338-1 moodle security update Kurt Seifried
Monday, 14 November
Re: CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Kurt Seifried
Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check Kurt Seifried
Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried
Arch Linux Shaman issue Kurt Seifried
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Steven M. Christey
glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
weird crypt-sha* in DragonFly BSD Solar Designer
OpenBSD bcrypt error return Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
*BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer
Re: OpenBSD bcrypt error return Solar Designer
Tuesday, 15 November
CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Jan Lieskovsky
Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Kurt Seifried
Re: weird crypt-sha* in DragonFly BSD Solar Designer
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Vincent Danen
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Kurt Seifried
Wednesday, 16 November
CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information David Jorm
CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer
Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information Kurt Seifried
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c The Fungi
Thursday, 17 November
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo
CVE Request: nginx resolver heap overflow Ben Hawkes
Re: CVE Request: nginx resolver heap overflow Kurt Seifried
Re: CVE Request: nginx resolver heap overflow Kurt Seifried
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer
linux-distros list setup update Solar Designer
non-Linux advance notification list Solar Designer
Friday, 18 November
Re: non-Linux advance notification list Tim Zingelman
CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Jan Lieskovsky
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Timo Sirainen
CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Jan Lieskovsky
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Kurt Seifried
Re: CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Kurt Seifried
Saturday, 19 November
CVE request: ejabberd before 2.1.9 Hanno Böck
Re: CVE request: ejabberd before 2.1.9 Kurt Seifried
Re: closed-list membership transition Solar Designer
Sunday, 20 November
CVE request: joomla 1.5 before 1.5.25 password change vulnerability Hanno Böck
CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Hanno Böck
CVE request: drupal before 7.5 access bypass Hanno Böck
Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability Kurt Seifried
Re: CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Kurt Seifried
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried
CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0 Eugene Teo
kernel: hfs: add sanity check for file name length Eugene Teo
Monday, 21 November
Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo
CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Jan Lieskovsky
CVE Request: openssh 5.8p2 Marcus Meissner
CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Petr Matousek
Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Kurt Seifried
Re: CVE Request: openssh 5.8p2 Kurt Seifried
Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Kurt Seifried
Fwd: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Kurt Seifried
Re: kernel: hfs: add sanity check for file name length Kurt Seifried
Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Henri Salo
CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo
Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff
Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Petr Matousek
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried
CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Henri Salo
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Kurt Seifried
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried
CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo
Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Kurt Seifried
Re: CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Kurt Seifried
Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Kurt Seifried
Re: Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Eugene Teo
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried
Tuesday, 22 November
Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo
CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Henri Salo
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Kurt Seifried
Re: Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Kurt Seifried
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Steven M. Christey
Wednesday, 23 November
CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Jan Lieskovsky
Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue] Jan Lieskovsky
CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck
CVE request: jenkins Jamie Strandboge
Re: CVE request: jenkins Kurt Seifried
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried
Re: CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Kurt Seifried
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Eugene Teo
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck
Thursday, 24 November
Please REJECT CVE-2011-4112 Petr Matousek
Re: Please REJECT CVE-2011-4112 Tavis Ormandy
Re: Re: Please REJECT CVE-2011-4112 Petr Matousek
CVE request -- kernel: kvm: device assignment DoS Petr Matousek
Re: CVE request -- kernel: kvm: device assignment DoS Kurt Seifried
Friday, 25 November
CVE Request: colord sql injections Ludwig Nussel
Re: CVE Request: colord sql injections Jan Lieskovsky
Re: CVE Request: colord sql injections Ludwig Nussel
Re: CVE Request: colord sql injections Kurt Seifried
CVE Request -- yaws -- Directory traversal flaw Jan Lieskovsky
Re: CVE Request -- yaws -- Directory traversal flaw Rob Keith
Re: CVE Request -- yaws -- Directory traversal flaw Kurt Seifried
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried
Saturday, 26 November
Re: non-Linux advance notification list Solar Designer
Re: non-Linux advance notification list Joost Hoogendoorn
Re: non-Linux advance notification list Solar Designer
Sunday, 27 November
CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Colin Watson
Re: non-Linux advance notification list Michael Harrison
Re: non-Linux advance notification list Solar Designer
Re: non-Linux advance notification list Solar Designer
Monday, 28 November
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky
Re: non-Linux advance notification list Michael Harrison
Re: non-Linux advance notification list Alex Legler
linux-distros Slackware membership Patrick J. Volkerding
Re: CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Kurt Seifried
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Kurt Seifried
Re: linux-distros Slackware membership Solar Designer
CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts Kurt Seifried
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried
Fwd: Bug script install slackware Raphael Bastos
Re: Fwd: Bug script install slackware Kurt Seifried
Re: Fwd: Bug script install slackware Solar Designer
Tuesday, 29 November
CVE request: mediawiki before 1.17.1 Hanno Böck
Re: Fwd: Bug script install slackware Patrick J. Volkerding
CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Stefan Bühler
Re: Fwd: Bug script install slackware Raphael Bastos
Re: Fwd: Bug script install slackware Raphael Bastos
Re: Fwd: Bug script install slackware Solar Designer
Re: CVE request: mediawiki before 1.17.1 Kurt Seifried
Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Kurt Seifried
Wednesday, 30 November
CVE id request: ffmpeg Nico Golde
CVE request: Proc::ProcessTable perl module Moritz Muehlenhoff
Re: CVE request: Proc::ProcessTable perl module Kurt Seifried
Re: CVE id request: ffmpeg Kurt Seifried
Re: CVE id request: ffmpeg Kurt Seifried
XSSer v1.6 -beta- aka "Grey Swarm!" released. psy
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Solar Designer
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Kurt Seifried
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Henri Salo
Thursday, 01 December
CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo
CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys Billy Brumley
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried
RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Secunia Research
DOM based XSS in the JBoss AS 7 administration console - CVE-2011-3606 David Jorm
CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609 David Jorm
Saturday, 03 December
CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix
Sunday, 04 December
CVE Request: ffmpeg Marc Deslauriers
Re: CVE Request: ffmpeg Kurt Seifried
Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Hanno Böck
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried
Monday, 05 December
CVE request: glibc: timezone integer overflow Matthias Weckbecker
Re: CVE Request: ffmpeg Marc Deslauriers
Tuesday, 06 December
C|Net Download.Com is now bundling Nmap with malware! Henri Salo
CVE request: acpid Moritz Muehlenhoff
Re: CVE request: acpid Kurt Seifried
acpid - possible issue in socket handling Kurt Seifried
Re: CVE Request: ffmpeg Kurt Seifried
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried
Wednesday, 07 December
Disputing CVE-2011-4122 Jeff Mitchell
Re: Disputing CVE-2011-4122 Kurt Seifried
Re: CVE request: glibc: timezone integer overflow Kurt Seifried
CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Vincent Danen
Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Kurt Seifried
Thursday, 08 December
CVE-request WordPress pretty-link plugin 1.5.2 XSS Henri Salo
Re: Disputing CVE-2011-4122 Jeff Mitchell
CVE Request -- kernel: send(m)msg: user pointer dereferences Petr Matousek
Re: CVE Request -- kernel: send(m)msg: user pointer dereferences Kurt Seifried
Re: CVE-request WordPress pretty-link plugin 1.5.2 XSS Kurt Seifried
Re: Disputing CVE-2011-4122 Kurt Seifried
Re: Disputing CVE-2011-4122 Jeff Mitchell
Re: Disputing CVE-2011-4122 Kurt Seifried
Re: Disputing CVE-2011-4122 Jeff Mitchell
Re: non-Linux advance notification list Solar Designer
Friday, 09 December
CVE Request: icu out of bounds access Ludwig Nussel
CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Jan Lieskovsky
Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Kurt Seifried
Re: CVE Request: icu out of bounds access Kurt Seifried
CVE request: Pidgin crash Mark Doliner
Re: CVE request: Pidgin crash Kurt Seifried
Saturday, 10 December
cve request: bat_socket_read memory corruption Paul
Re: cve request: bat_socket_read memory corruption Kurt Seifried
Re: cve request: bat_socket_read memory corruption Paul
Sunday, 11 December
Fwd: Re: cve request: bat_socket_read memory corruption Kurt Seifried
Monday, 12 December
CVE request: rocksndiamonds world-writable working/config directory Vincent Danen
Re: CVE request: rocksndiamonds world-writable working/config directory Kurt Seifried
CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Vincent Danen
Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Kurt Seifried
OpenIPMI: IPMI event daemon creates PID file with world writeable permissions Huzaifa Sidhpurwala
Tuesday, 13 December
Re: linux-distros list setup update Solar Designer
Thursday, 15 December
CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Eugene Teo
Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Kurt Seifried
CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz
Security issue in icecast Jamie Strandboge
RE: [Icecast-dev] Security issue in icecast Thomas.Rucker
Re: RE: [Icecast-dev] Security issue in icecast Jamie Strandboge
Re: Security issue in icecast Kurt Seifried
Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried
Friday, 16 December
TYPO3 typo3-core-sa-2011-004 Kurt Seifried
CVE request: zabbix persistent XSS flaw Vincent Danen
Re: CVE request: zabbix persistent XSS flaw Kurt Seifried
Sunday, 18 December
CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Henri Salo
CVE for HTML-Template-Pro 0.9506 XSS Kurt Seifried
Monday, 19 December
CVE id request: python-virtualenv Nico Golde
Re: CVE id request: python-virtualenv Kurt Seifried
Re: CVE id request: python-virtualenv Nico Golde
Re: CVE id request: python-virtualenv Kurt Seifried
Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Kurt Seifried
CVE assignment from previous years Tim Sammut
CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl Kurt Seifried
Re: CVE assignment from previous years Kurt Seifried
Tuesday, 20 December
Re: CVE assignment from previous years Steven M. Christey
Re: CVE assignment from previous years Kurt Seifried
Wednesday, 21 December
plib ulSetError() buffer overflow - CVE-2011-4620 Kurt Seifried
CVE Request -- kernel: tight loop and no preemption can cause system stall Petr Matousek
kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek
Re: kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek
Re: CVE Request -- kernel: tight loop and no preemption can cause system stall Kurt Seifried
Re: kernel: kvm: pit timer with no irqchip crashes the system Kurt Seifried
Thursday, 22 December
CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kurt Seifried
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kyle Creyts
Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff
CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl Petr Matousek
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky
CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Henri Salo
Friday, 23 December
CVE request: simplesamlphp / Typo3 Moritz Muehlenhoff
Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Kurt Seifried
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried
Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert
Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer
Re: CVE request: simplesamlphp / Typo3 Moritz Mühlenhoff
Re: Disputing CVE-2011-4122 Solar Designer
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried
Saturday, 24 December
CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Henri Salo
Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Kurt Seifried
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo
CVE-request for three 2009 Joomla issues Henri Salo
CVE Request for Apache ActiveMQ DoS David Jorm
Sunday, 25 December
CVE-request for three 2009 Joomla issues (second part) Henri Salo
CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Henri Salo
CVE-2011-4862 is not BSD-specific Florian Weimer
Re: CVE Request for Apache ActiveMQ DoS Kurt Seifried
Re: CVE-request for three 2009 Joomla issues Kurt Seifried
Re: CVE-request for three 2009 Joomla issues (second part) Kurt Seifried
Re: CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Kurt Seifried
Re: CVE-2011-4862 is not BSD-specific Kurt Seifried
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala
Monday, 26 December
Re: CVE-2011-4862 is not BSD-specific Florian Weimer
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala
Re: Disputing CVE-2011-4122 Jeff Mitchell
Tuesday, 27 December
Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov
Re: Disputing CVE-2011-4122 Solar Designer
Re: closed-list Kurt Seifried
Re: CVE request: kernel: multiple issues in ROSE Kurt Seifried
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried
Wednesday, 28 December
Re: Disputing CVE-2011-4122 Sebastian Krahmer
[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani
Thursday, 29 December
More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried
Re: closed-list Solar Designer
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer
Re: Closed list Solar Designer
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Andrea Barisani
Friday, 30 December
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger
CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck
Re: More CVEs? (was Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) cve-assign
Saturday, 31 December
mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping
Re: CVE-request: Elxis CMS two XSS-vulnerabilities Kurt Seifried
Re: mpack 1.6 allows eavesdropping on mails sent by other users Kurt Seifried
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer