oss-sec: by thread
RSS Feed
About List
All Lists
Previous period
256 messages
starting Apr 02 18 and
ending Jun 30 18
Date index |
Thread index |
Author index
- [CVE-2018-1295]: Possible Execution of Arbitrary Code Within Deserialization Endpoints of Apache Ignite Denis Magda (Apr 02)
- Announce: OpenSSH 7.7 released Damien Miller (Apr 02)
- CVE-2018-1002150: koji: Dist Repo call missing authorization check allowing filesystem manipulation Patrick Uiterwijk (Apr 04)
- Linux Kernel Defence Map Alexander Popov (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Re: Linux Kernel Defence Map Alexander Popov (Apr 30)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 05)
- Re: Linux Kernel Defence Map Kees Cook (Apr 05)
- Re: Linux Kernel Defence Map Alexander Popov (Apr 06)
- Re: Re: Linux Kernel Defence Map Kurt Seifried (Apr 04)
- Re: Linux Kernel Defence Map Kees Cook (Apr 04)
- WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
- Re: [webkit-security] WebKitGTK+ Security Advisory WSA-2018-0003 Michael Catanzaro (Apr 04)
- [SECURITY] CVE-2018-1284: Hive UDF series UDFXPathXXXX allow users to pass carefully crafted XML to access arbitrary files Daniel Dai (Apr 04)
- [SECURITY] CVE-2018-1282 JDBC driver is susceptible to SQL injection attack if the input parameters are not properly cleaned Daniel Dai (Apr 04)
- [SECURITY] CVE-2018-1315 'COPY FROM FTP' statement in HPL/SQL can write to arbitrary location if the FTP server is compromised Daniel Dai (Apr 04)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 05)
- <Possible follow-ups>
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Apr 16)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 04)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 05)
- Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 25)
- Re: Multiple vulnerabilities in Jenkins plugins Daniel Beck (Jun 25)
- Privsec vuln in beep / Code execution in GNU patch Hanno Böck (Apr 05)
- Re: Privsec vuln in beep / Code execution in GNU patch Sebastian Krahmer (Apr 06)
- Re: Privsec vuln in beep / Code execution in GNU patch Jakub Wilk (Apr 06)
- beep infoleak Hanno Böck (Apr 08)
- Re: beep infoleak Kash Pande (Apr 08)
- CVE-2018-2767: MySQL & MariaDB: Return of the BACKRONYM vulnerability (public disclosure) Pali Rohár (Apr 08)
- [SECURITY] CVE-2018-1308: XXE attack through Apache Solr's DIH's dataConfig request parameter Uwe Schindler (Apr 08)
- pcs: disclosure of CVE-2018-1079 and CVE-2018-1086 Cedric Buissart (Apr 09)
- Re: Terminal Control Chars Ian Zimmerman (Apr 09)
- Re: Re: Terminal Control Chars Not Real (Apr 09)
- Re: Re: Terminal Control Chars Jakub Wilk (Apr 10)
- <Possible follow-ups>
- Re: Terminal Control Chars Gordo Lowrey (Apr 10)
- Re: Terminal Control Chars Christian Brabandt (Apr 10)
- Re: Terminal Control Chars Jakub Wilk (Apr 12)
- Re: Terminal Control Chars Ian Zimmerman (Apr 12)
- Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
- Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
- Re: Re: Terminal Control Chars Russ Allbery (Apr 12)
- Re: Re: Terminal Control Chars Simon McVittie (Apr 12)
- Re: Re: Terminal Control Chars David A. Wheeler (Apr 12)
- Re: Re: Terminal Control Chars Jakub Wilk (Apr 16)
- Re: Terminal Control Chars Jakub Wilk (Apr 13)
- Re: Terminal Control Chars Jakub Wilk (Apr 10)
- Re: Re: Terminal Control Chars Not Real (Apr 09)
- CVE-2017-13220 / Android A-63527053: Linux kernel: Possible out-of-bound access in Bluetooth subsystem Vladis Dronov (Apr 10)
- CVE-2018-1097 Foreman: oVirt credentials exposed by host power API Tomer Brisker (Apr 10)
- Change to ASF httpd vulnerability XML format Mark Cox (Apr 10)
- Multiple vulnerabilities in Jenkins Daniel Beck (Apr 11)
- Arbitrary file download vulnerability in Drupal module avatar_uploader v7.x-1.0-beta8 Larry W. Cashdollar (Apr 12)
- CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function Raphael Sanchez Prudencio (Apr 12)
- Re: CVE-2018-1000168: nghttp2: Denial of service due to NULL pointer dereference. Tatsuhiro Tsujikawa (Apr 12)
- Updated distros statistics Kristian Fiskerstrand (Apr 12)
- Re: Updated distros statistics Seth Arnold (Apr 12)
- CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 24)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Billy Brumley (Apr 19)
- Re: CVE-2018-0737 OpenSSL: RSA key generation follows several non constant time code paths Huzaifa Sidhpurwala (Apr 16)
- CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled Siddharth Sharma (Apr 18)
- CVE-2018-1172 Squid Proxy Cache Denial of Service vulnerability Amos Jeffries (Apr 18)
- [SECURITY] CVE-2018-1289: Apache Fineract SQL Injection Vulnerability by orderBy and sortOrder parameters Ed Cable (Apr 19)
- [SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters Ed Cable (Apr 19)
- [SECURITY] CVE-2018-1291: Apache Fineract SQL Injection Vulnerability - Order by injection via Order Param Ed Cable (Apr 19)
- [SECURITY] CVE-2018-1292: Apache Fineract SQL Injection Vulnerability - Injection via reportName parameter Ed Cable (Apr 19)
- CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow Vítor Silva (Apr 19)
- Re: a number of CVEs for issues in the filesystem's code in the Linux kernel Vladis Dronov (Apr 20)
- [OSSA-2018-001] Raw underlying encrypted volume access (CVE-2017-18191) Tristan Cacqueray (Apr 20)
- Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 23)
- Re: Authorization bypass in PHPLiteAdmin since 1.9.5 Karsten König (Apr 25)
- CVE-2018-1110: Knot Resolver <= 2.2.0 Improper Input Validation Petr Špaček (Apr 23)
- Multiple local root vulnerabilities involving PackageKit CVE-2018-1106 Matthias Gerstner (Apr 23)
- ktexteditor / Kate local privilege escalation Matthias Gerstner (Apr 24)
- Re: ktexteditor / Kate local privilege escalation (CVE-2018-10361) Matthias Gerstner (Apr 25)
- CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (Apr 24)
- Re: CVE-2018-1000200 (Linux): Bad memory access on oom kill of large mlocked process David Rientjes (May 14)
- Xen Security Advisory 258 - Information leak via crafted user-supplied CDROM Xen . org security team (Apr 25)
- Xen Security Advisory 259 - x86: PV guest may crash Xen with XPTI Xen . org security team (Apr 25)
- [CVE-2018-1338] DoS (Infinite Loop) Vulnerability in Apache Tika’s BPGParser Tim Allison (Apr 25)
- [CVE-2018-1339] DoS (Infinite Loop) Vulnerability in Apache Tika’s ChmParser Tim Allison (Apr 25)
- [CVE-2018-1335] Command Injection Vulnerability in Apache Tika’s tika-server module Tim Allison (Apr 25)
- [ANNOUNCE] CVE-2017-15691: Apache UIMA XML external entity expansion (XXE) attack exposure Marshall Schor (Apr 26)
- CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach (Apr 27)
- Re: CVE-XXX (quasselclient/quasselcore version 0.12.4): Heap Remote Code Execution and Null Pointer DDOS nongiach nongiach (May 01)
- Xen Security Advisory 258 (CVE-2018-10472) - Information leak via crafted user-supplied CDROM Xen . org security team (Apr 30)
- Xen Security Advisory 259 (CVE-2018-10471) - x86: PV guest may crash Xen with XPTI Xen . org security team (Apr 30)
- CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Akira Ajisaka (May 01)
- CVE-2018-1000199: ptrace() incorrect error handling leads to corruption and DoS Andy Lutomirski (May 01)
- Singularity's Linux kernel vulnerability claim Priedhorsky, Reid (May 03)
- Re: Singularity's Linux kernel vulnerability claim gremlin (May 03)
- [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 05)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger (May 14)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 15)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger (May 21)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 26)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Bryan Pendleton (May 15)
- Re: [ANNOUNCE] CVE-2018-1313: Apache Derby externally-controlled input vulnerability Tomas Hoger (May 14)
- GNU Wget Cookie Injection [CVE-2018-0494] Harry Sintonen (May 06)
- WebKitGTK+ Security Advisory WSA-2018-0004 Michael Catanzaro (May 07)
- CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart (May 07)
- Re: CVE-2018-1089 389-ds-base: unauthenticated ns-slapd crash via large filter value in ldapsearch Cedric Buissart (May 07)
- Xen Security Advisory 260 (CVE-2018-8897) - x86: mishandling of debug exceptions Xen . org security team (May 08)
- Xen Security Advisory 261 - x86 vHPET interrupt injection errors Xen . org security team (May 08)
- Xen Security Advisory 262 - qemu may drive Xen into unbounded loop Xen . org security team (May 08)
- CVE-2018-8897: #DB exceptions that are deferred by MOV SS or POP SS may cause unexpected behavior Andy Lutomirski (May 08)
- CVE-2018-1087: KVM incorrectly handles #DB exceptions while deferred by MOV SS/POP SS Andy Lutomirski (May 08)
- CVE-2018-1118 linux kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() Wade Mealing (May 08)
- PowerDNS Security Advisory 2018-02 Remi Gacogne (May 09)
- Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (May 09)
- Re: Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck (Jun 13)
- CVE-2018-1000155: Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow 1.0+ handshake Kashyap Thimmaraju (May 09)
- CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Vladis Dronov (May 10)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Evgenii Shatokhin (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 25)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Kurt Seifried (May 23)
- Re: CVE-2018-1130: Linux kernel: dccp: a null pointer dereference in net/dccp/output.c:dccp_write_xmit Andrey Konovalov (May 23)
- erc20 contract KoreaShow bug Qinghao Tang (May 10)
- Xen Security Advisory 262 (CVE-2018-10981) - qemu may drive Xen into unbounded loop Xen . org security team (May 11)
- Xen Security Advisory 261 (CVE-2018-10982) - x86 vHPET interrupt injection errors Xen . org security team (May 11)
- PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Jakub Wilk (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Christian Brabandt (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Leo Gaspard (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Brian May (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer (May 15)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Matthew Fernandez (May 16)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Florian Weimer (May 22)
- Re: PGP/MIME and S/MIME mail clients vulnerabilities Yves-Alexis Perez (May 14)
- [SECURITY AVISORY] curl: FTP shutdown response buffer overflow Daniel Stenberg (May 15)
- [SECURITY AVISORY] curl: RTSP bad headers buffer over-read Daniel Stenberg (May 15)
- [SECURITY] CVE-2018-8014 Insecure defaults for CORS filter Mark Thomas (May 16)
- Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory (May 17)
- Re: Qualys Security Advisory - Procps-ng Audit Report Qualys Security Advisory (May 23)
- Apache ORC 1.5.0 and 1.4.4 Released Owen O'Malley (May 17)
- [opendaylight-security-note]: SDNInterfaceapp SQL injection Luke Hinds (May 18)
- ISC has disclosed two vulnerabilities in BIND 9.12 (CVE-2018-5736, CVE-2018-5737) ISC Security Officer (May 18)
- Reptile: a LKM rootkit written for evil purposes nullbyte (May 20)
- [CVE-2018-10094] Dolibarr SQL Injection vulnerability Sysdream Labs (May 20)
- [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability Sysdream Labs (May 20)
- Dolibarr XSS Injection vulnerability Sysdream Labs (May 20)
- [SECURITY] CVE-2018-8010: XXE vulnerability due to Apache Solr configset upload Uwe Schindler (May 21)
- [CVE-2018-8012] Apache ZooKeeper Quorum Peer mutual authentication Patrick Hunt (May 21)
- [ANNOUNCE] CVE Announcement for Apache NiFi 1.0.0 - 1.5.0 Andy LoPresto (May 22)
- [CVE-2018-8013] Apache Batik information disclosure vulnerability Simon Steiner (May 23)
- MachForm Multiple Vulnerabilities CVE-2018-6409/CVE-2018-6410/CVE-2018-6411 Amine Taouirsa (May 30)
- CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Pete Batard (May 31)
- Re: CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Solar Designer (May 31)
- Re: CVE request: rufus Pete Batard (May 31)
- Re: CVE request: rufus Stefan Kanthak (Jun 01)
- Re: Re: CVE request: rufus Henri Salo (Jun 01)
- Re: Re: CVE request: rufus Lionel Debroux (Jun 01)
- Re: CVE request: rufus Stefan Kanthak (May 31)
- Re: CVE request: rufus Pete Batard (May 31)
- [CVE-2018-10847] prosody: insufficient stream header validation Matthew Wild (May 31)
- [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda (Jun 01)
- RE: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Rai, Harendra (Jun 05)
- Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Tomas Hoger (Jun 06)
- Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda (Jun 06)
- Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Andrey Gura (Jun 07)
- Re: [CVE-2014-0114]: Apache Ignite is vulnerable to existing CVE-2014-0114 Denis Magda (Jun 06)
- CVE-2018-10058 and CVE-2018-10057 - cgminer <=4.10.0 and bfgminer <=5.5.0 remote management api post-auth buffer overflow and path traversal oststrom (public) (Jun 03)
- [CVE-2018-1332] Apache Storm user impersonation vulnerability P. Taylor Goetz (Jun 05)
- [CVE-2018-8008] Apache Storm arbitrary file write vulnerability P. Taylor Goetz (Jun 05)
- CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams P J P (Jun 06)
- Secunia Research: Linux Kernel USB over IP Multiple Denial of Service Vulnerabilities Secunia Research (Jun 07)
- Perl: CVE-2018-12015: Archive::Tar: directory traversal vulnerability Salvatore Bonaccorso (Jun 07)
- CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jun 08)
- Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov (Jun 22)
- Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Alexander Potapenko (Jun 26)
- Re: CVE-2018-1000204: Linux kernel 3.18 to 4.16 infoleak due to incorrect handling of SG_IO ioctl Vladis Dronov (Jun 22)
- CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 08)
- Re: CVE-2018-12020 in GnuPG Marcus Brinkmann (Jun 09)
- Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 10)
- Re: Re : Re: [oss-security] CVE-2018-12020 in GnuPG Yves-Alexis Perez (Jun 10)
- Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 13)
- Re: Re : Re: [oss-security] Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stephen Farrell (Jun 13)
- Re : Re: [oss-security] CVE-2018-12020 in GnuPG Stiepan (Jun 10)
- Re: CVE-2018-12020 in GnuPG Marcus Brinkmann (Jun 09)
- Buffer Overflow in pppd EAP-TLS implementation Luciano Bello (Jun 11)
- Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Todd C. Miller (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 13)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 14)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Georgi Guninski (Jun 15)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jordan Glover (Jun 12)
- Re: Are `su user' and/or `sudo -u user sh' considered dangerous? Jakub Wilk (Jun 12)
- ISC has announced CVE-2018-5738, a defect in some versions of BIND ISC Security Officer (Jun 12)
- [SECURITY] CVE-2017-15695 Apache Geode remote code execution vulnerability Anthony Baker (Jun 12)
- Intel FP security issue Loganaden Velvindron (Jun 13)
- Re: Intel FP security issue Loganaden Velvindron (Jun 13)
- Re: Re: Intel FP security issue Marcus Meissner (Jun 15)
- <Possible follow-ups>
- Re: Re: Intel FP security issue Liguori, Anthony (Jun 15)
- Re: Intel FP security issue Solar Designer (Jun 15)
- Re: Intel FP security issue Anthony Liguori (Jun 15)
- Re: Intel FP security issue Solar Designer (Jun 15)
- Re: Intel FP security issue Loganaden Velvindron (Jun 13)
- Third Party Code Signing Vulnerability in Squirrel & Sparkle Lets Secure (Jun 13)
- CVE-2018-12020, CVE-2018-12019 in GnuPG, Enigmails, GPGTools, python-gnupg Marcus Brinkmann (Jun 13)
- Xen Security Advisory 267 (CVE-2018-3665) - Speculative register leakage from lazy FPU context switching Xen . org security team (Jun 13)
- WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005 Michael Catanzaro (Jun 14)
- CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 16)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Marcus Brinkmann (Jun 15)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jason A. Donenfeld (Jun 14)
- Re: CVE-2018-12356 Breaking signature verification in pass (Simple Password Store) Jakub Wilk (Jun 14)
- CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
- Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Alan Coopersmith (Jun 15)
- Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Anthony Liguori (Jun 15)
- Re: CVE-2018-3665 Lazy FPU Context Switching Information Leak Alan Coopersmith (Jun 15)
- Fun with DBM-type databases... Lionel Debroux (Jun 17)
- cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner (Jun 18)
- Re: cantata: cantata-mounter D-Bus service local privilege escalation and other security issues Matthias Gerstner (Jun 19)
- [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages exceed maximum size limit Alex Rudyy (Jun 18)
- [CVE-2018-3760] Path Traversal in Sprockets Rafael Mendonça França (Jun 19)
- CVE-2018-12558: DOS in perl module Email::Address Pali Rohár (Jun 19)
- Intel hyper-threading security issues Loganaden Velvindron (Jun 19)
- Re: Intel hyper-threading security issues Georgi Guninski (Jun 20)
- Re: Intel hyper-threading security issues Stuart Henderson (Jun 21)
- Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
- Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
- Re: Intel hyper-threading security issues Sven Schwedas (Jun 21)
- Re: Intel hyper-threading security issues Solar Designer (Jun 21)
- Re: Intel hyper-threading security issues Michael Ellerman (Jun 22)
- Re: Intel hyper-threading security issues Solar Designer (Jun 22)
- Re: Intel hyper-threading security issues Seth Arnold (Jun 22)
- Re: Intel hyper-threading security issues Peter Kjellström (Jun 23)
- Re: Intel hyper-threading security issues Lukas Odzioba (Jun 21)
- Re: Intel hyper-threading security issues Georgi Guninski (Jun 21)
- Re: Intel hyper-threading security issues Gordon Tetlow (Jun 21)
- Re: Intel hyper-threading security issues Stuart Henderson (Jun 21)
- Re: Intel hyper-threading security issues Georgi Guninski (Jun 25)
- Re: Intel hyper-threading security issues Georgi Guninski (Jun 20)
- CVE-2018-10841 glusterfs: access trusted peer group via remote-host command Siddharth Sharma (Jun 20)
- CVE-2018-8025 on Apache HBase Josh Elser (Jun 22)
- Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 zrlw (Jun 25)
- Re: Libc Realpath Buffer Underflow CVE-2018-1000001 expolit source code for SuSE 12 SP2 Marcus Meissner (Jun 25)
- CVE-2018-8016 on Apache Cassandra Nate McCall (Jun 25)
- [ CVE-2018-1306 ] Apache Portals Pluto information disclosure vulnerability Martin Scott Nicklous (Jun 26)
- CVE-2018-10857 and CVE-2018-10859: git-annex private data exposure Joey Hess (Jun 26)
- CVE-2018-1273 fixed in Metron 0.5.0 James Sirota (Jun 26)
- CVE for PyYAML RCE-factory API Alex Gaynor (Jun 26)
- Re: CVE for PyYAML RCE-factory API Seth Arnold (Jun 26)
- Re: CVE for PyYAML RCE-factory API Alex Gaynor (Jun 27)
- Re: CVE for PyYAML RCE-factory API Seth Arnold (Jun 26)
- rclone data exflitration / unauthorized API use oss-security-list (Jun 27)
- Re: rclone data exflitration / unauthorized API use Solar Designer (Jun 27)
- squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
- Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
- Re: squirrelmail XSS issues in bug tracker since 2016 Hanno Böck (Jun 27)
- KVM L1 guest escape - CVE-2018-12904 Marcus Meissner (Jun 27)
- Xen Security Advisory 264 (CVE-2018-12891) - preemption checks bypassed in x86 PV MM handling Xen . org security team (Jun 27)
- Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest Xen . org security team (Jun 27)
- Xen Security Advisory 266 (CVE-2018-12892) - libxl fails to honour readonly flag on HVM emulated SCSI disks Xen . org security team (Jun 27)
- Apache CXF 3.2.6 and 3.1.16 are released Colm O hEigeartaigh (Jun 28)
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)
- <Possible follow-ups>
- [CVE-2018-8036] DoS (OOM) Vulnerability in Apache PDFBox's AFMParser Andreas Lehmkuehler (Jun 29)
- BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive) Georgi Guninski (Jun 30)