[go: up one dir, main page]

oss-sec: by date

269 messages starting Jul 02 23 and ending Sep 30 23
Date index | Thread index | Author index


Sunday, 02 July

CVE-2023-3439: Linux MCTP use-after-free in mctp_sendmsg Lin Ma
CVE-2023-35797: Apache Airflow Hive Provider Beeline RCE with Principal Elad Kalif

Monday, 03 July

Django: CVE-2023-36053: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator Mariusz Felisiak

Tuesday, 04 July

CVE-2023-34150: Apache Any23: Possible excessive allocation of resources reading input. Arnout Engelen

Wednesday, 05 July

StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Ruihan Li
CVE-2023-31248 - Linux kernel nf_tables UAF when using nft_chain_lookup_byid Thadeu Lima de Souza Cascardo
CVE-2023-35001 - Linux kernel nf_tables nft_byteorder_eval OOB read/write Thadeu Lima de Souza Cascardo

Thursday, 06 July

CVE-2023-33008: Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale Jean-Louis Monteiro
[kubernetes] CVE-2023-2727: Bypassing policies imposed by the ImagePolicyWebhook admission plugin Rita Zhang
[kubernetes] CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin Rita Zhang <rita.z.zhang () gmail com> Rita Zhang
CVE-2023-36460: mastodon: Arbitrary file creation through media attachments Jan Schaumann
CVE-2023-36459: mastodon: XSS through oEmbed preview cards Jan Schaumann
CVE-2023-28853: mastodon: Blind LDAP injection in login Jan Schaumann
CVE-2023-36461: mastodon: Denial of Service through slow HTTP responses Jan Schaumann

Friday, 07 July

manjaro pamac vulnerability Tavis Ormandy
CVE-2023-34442: Apache Camel JIRA: Temporary file information disclosure in Camel-Jira Andrea Cosentino
CVE-2023-35887: Apache MINA SSHD: Information disclosure bugs with RootedFilesystem Guillaume Nodet
Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Solar Designer

Sunday, 09 July

Re: manjaro pamac vulnerability Barnabás Pőcze

Monday, 10 July

CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brahma Reddy Battula
CVE-2022-45855: Apache Ambari: Allows authenticated metrics consumers to perform RCE Brahma Reddy Battula
Re: CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Brandon Perry

Tuesday, 11 July

CVE-2023-35908: Apache Airflow: Access to DAGs without relevant permission Ephraim Anierobi
CVE-2023-22887: Apache Airflow path traversal by authenticated user Ephraim Anierobi
CVE-2022-46651: Apache Airflow: Security vulnerability on AirFlow Connections Ephraim Anierobi
CVE-2023-36543: Apache Airflow: ReDoS via dags function Ephraim Anierobi
CVE-2023-22888: Apache Airflow: Scheduler remote DoS Ephraim Anierobi
Re: CVE-2022-42009: Apache Ambari: A malicious authenticated user can remotely execute arbitrary code in the context of the application. Solar Designer
CVE-2023-30428: Apache Pulsar Broker: Incorrect Authorization Validation for Rest Producer Dave Fisher
CVE-2023-30429: Apache Pulsar: Incorrect Authorization for Function Worker when using mTLS Authentication through Pulsar Proxy Dave Fisher
CVE-2023-31007: Apache Pulsar: Broker does not always disconnect client when authentication data expires Dave Fisher
CVE-2023-37579: Apache Pulsar Function Worker: Incorrect Authorization for Function Worker Can Leak Sink/Source Credentials Dave Fisher
CVE-2023-32200: Apache Jena: Exposure of execution in script engine expressions. Andy Seaborne

Wednesday, 12 July

CVE-2023-37582: Apache RocketMQ: Possible remote code execution when using the update configuration function Rongtong Jin
Multiple vulnerabilities in Jenkins plugins Daniel Beck
CVE-2023-37415: Apache Airflow Apache Hive Provider: Improper Input Validation in Hive Provider with proxy_user Elad Kalif

Thursday, 13 July

Re: RCE in acme.sh < 3.0.6 Jan Schaumann

Friday, 14 July

Xen Security Notice 1 v1 - winpvdrvbuild.xenproject.org potentially compromised Xen . org security team
Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Solar Designer

Saturday, 15 July

OpenSSL Security Advisory Tomas Mraz
CVE-2023-26512: Apache EventMesh RabbitMQ-Connector plugin allows RCE through deserialization of untrusted data Xue Weiming

Tuesday, 18 July

curl: fopen race condition: CVE-2023-32001 Daniel Stenberg

Wednesday, 19 July

Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner
CVE-2023-28754: ShardingSphere-Agent: Deserialization vulnerability in ShardingSphere Agent Weijie Wu
OpenSSL Security Advisory Tomas Mraz
Re: OpenSSL Security Advisory Sandipan Roy
Re: OpenSSL Security Advisory Jeffrey Walton
Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Tamás Koczka
Announce: OpenSSH 9.3p2 released Damien Miller
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent Qualys Security Advisory

Thursday, 20 July

Re: CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent Ramon de C Valle
Re: Announce: OpenSSH 9.3p2 released Demi Marie Obenour
Re: Announce: OpenSSH 9.3p2 released Sevan Janiyan
Re: Announce: OpenSSH 9.3p2 released Matthew Fernandez

Friday, 21 July

Re: Announce: OpenSSH 9.3p2 released Marcus Meissner
Re: Announce: OpenSSH 9.3p2 released Demi Marie Obenour
Re: Announce: OpenSSH 9.3p2 released Sevan Janiyan
Re: Announce: OpenSSH 9.3p2 released Qualys Security Advisory
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0006 Carlos Alberto Lopez Perez

Monday, 24 July

CVE-2023-20593: A use-after-free in AMD Zen2 Processors Tavis Ormandy
Xen Security Advisory 433 v1 - x86/AMD: Zenbleed Xen . org security team
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Marc Deslauriers
CVE-2023-34478: Apache Shiro before 1.12.0, or 2.0.0-alpha-3, may be susceptible to a path traversal attack when used together with APIs or other web frameworks that route requests based on non-normalized requests. Brian Demers

Tuesday, 25 July

Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jonathan Gray
CVE-2023-34189: Apache InLong: General user can delete and update process Charles Zhang
CVE-2023-34434: Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param Charles Zhang
CVE-2023-35088: Apache InLong: SQL injection in audit endpoint Charles Zhang
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Solar Designer
Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Marcus Meissner
CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE Julian Reschke
Re: Our learnings from 42 Linux kernel exploits, we are limiting io_uring Solar Designer
CVE-2023-38435: Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin Carsten Ziegeler
CVE-2023-38647: Apache Helix: Deserialization vulnerability in Helix workflow and REST Junkai Xue
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Eddie Chapman
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Matthias Schmidt
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Demi Marie Obenour
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Lucas Rolff
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors Jeffrey Walton
Re: CVE-2023-20593: A use-after-free in AMD Zen2 Processors alice

Wednesday, 26 July

Xen Security Advisory 433 v2 (CVE-2023-20593) - x86/AMD: Zenbleed Xen . org security team
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck

Thursday, 27 July

CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith

Friday, 28 July

Re: StackRot (CVE-2023-3269): Linux kernel privilege escalation vulnerability Ruihan Li

Saturday, 29 July

CVE-2023-36542: Apache NiFi: Potential Code Injection with Properties Referencing Remote Resources David Handermann

Monday, 31 July

OpenSSL Security Advisory Matt Caswell
Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Xen . org security team

Tuesday, 01 August

Xen Security Advisory 436 v1 (CVE-2023-34320) - arm: Guests can trigger a deadlock on Cortex-A77 Xen . org security team

Wednesday, 02 August

WebKitGTK and WPE WebKit Security Advisory WSA-2023-0007 Carlos Alberto Lopez Perez

Thursday, 03 August

Mozilla VPN: CVE-2023-4104: Privileged vpndaemon on Linux wrongly and incompletely implements Polkit authentication Matthias Gerstner
CVE-2023-38497: Cargo does not respect umask when extracting packages Pietro Albini

Friday, 04 August

CVE-2023-39508: Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges Jarek Potiuk

Saturday, 05 August

CVE-2023-37581: Apache Roller: XSS vulnerability for site with untrusted users Dave

Monday, 07 August

Foswiki-2.1.8 has been released Michael Daum

Tuesday, 08 August

Fwd: Node.js security updates for all active release lines, August 2023 Rafael Silva
Re: Fwd: Node.js security updates for all active release lines, August 2023 Solar Designer
Xen Security Advisory 432 v2 (CVE-2023-34319) - Linux: buffer overrun in netback due to unusual packet Xen . org security team
Xen Security Advisory 434 v1 (CVE-2023-20569) - x86/AMD: Speculative Return Stack Overflow Xen . org security team
Xen Security Advisory 435 v1 (CVE-2022-40982) - x86/Intel: Gather Data Sampling Xen . org security team
Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Solar Designer
Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Andrew Cooper
Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Demi Marie Obenour

Wednesday, 09 August

Node.js security updates for August Ken Moffat
CVE-2023-3772: Linux kernel: xfrm_update_ae_params NULL pointer dereference Lin Ma

Thursday, 10 August

Fwd: Node.js security updates for all active release lines, August 2023 Rafael Silva
Re: CVE-2023-3772: Linux kernel: xfrm_update_ae_params NULL pointer dereference Seth Arnold

Friday, 11 August

CVE-2023-39553: Apache Airflow Drill Provider Arbitrary File Read Vulnerability Elad Kalif

Tuesday, 15 August

Podman: API service listening on TCP can be used from websites Dennis Dast

Wednesday, 16 August

Re: CVE-2023-37581: Apache Roller: XSS vulnerability for site with untrusted users Srivani Reddy
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: Multiple vulnerabilities in Jenkins plugins Demi Marie Obenour
Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Solar Designer
Re: Xen Security Advisory 433 v3 (CVE-2023-20593) - x86/AMD: Zenbleed Andrew Cooper

Thursday, 17 August

CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Elad Kalif
Re: CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC Seth Arnold

Friday, 18 August

CVE-2023-40037: Apache NiFi: Incomplete Validation of JDBC and JNDI Connection URLs David Handermann

Sunday, 20 August

CVE-2022-46751: Apache Ivy: XML External Entity vulnerability in Apache Ivy Stefan Bodewig

Tuesday, 22 August

openSUSE-welcome: local privilege escalation when choosing XFCE desktop layout (CVE-2023-32184) Matthias Gerstner
[CVE-2022-44729] Apache Batik information disclosure vulnerability Simon Steiner
[CVE-2022-44730] Apache Batik information disclosure vulnerability Simon Steiner
Re: [CVE-2022-44729] Apache Batik information disclosure vulnerability Nbxiglk
Re: [CVE-2022-44730] Apache Batik information disclosure vulnerability Moritz Bechler

Wednesday, 23 August

CVE-2023-40273: Session fixation in Apache Airflow web interface Ephraim Anierobi
CVE-2023-39441: Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation Ephraim Anierobi
[kubernetes] CVE-2023-3676: Insufficient input sanitization on Windows nodes leads to privilege escalation Rita Zhang
CVE-2023-37379: Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature Ephraim Anierobi
[kubernetes] CVE-2023-3955: Insufficient input sanitization on Windows nodes leads to privilege escalation Rita Zhang
[kubernetes] CVE-2023-3893: Insufficient input sanitization on kubernetes-csi-proxy leads to privilege escalation Rita Zhang

Friday, 25 August

Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Donald Buczek
CVE-2023-27604: Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability Elad Kalif
CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE Elad Kalif
linux-distros list policy and Linux kernel, again Solar Designer
Re: linux-distros list policy and Linux kernel, again Seth Arnold

Saturday, 26 August

Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour
Re: linux-distros list policy and Linux kernel, again Solar Designer

Sunday, 27 August

Re: linux-distros list policy and Linux kernel, again Eduardo' Vela" <Nava>
Re: Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Alan Coopersmith
Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour
Re: linux-distros list policy and Linux kernel, again Eduardo' Vela" <Nava>
Re: linux-distros list policy and Linux kernel, again Willy Tarreau

Monday, 28 August

Re: linux-distros list policy and Linux kernel, again Demi Marie Obenour
Re: linux-distros list policy and Linux kernel, again Solar Designer
Re: linux-distros list policy and Linux kernel, again Jeremy Stanley
Re: linux-distros list policy and Linux kernel, again Willy Tarreau

Tuesday, 29 August

Re: Re: [MAINTAINERS SUMMIT] Handling of embargoed security issues -- security@korg vs. linux-distros@ Miroslav Benes

Wednesday, 30 August

Re: linux-distros list policy and Linux kernel, again Solar Designer

Thursday, 31 August

[Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900) VMware Security Response Center

Friday, 01 September

Replacement of Allan McRae on linux-distros for Arch Linux Levente Polyak
Re: Replacement of Allan McRae on linux-distros for Arch Linux Solar Designer

Saturday, 02 September

CVE-2023-41180: Apache NiFi MiNiFi C++: Incorrect Certificate Validation in InvokeHTTP for MiNiFi C++ Marton Szasz

Monday, 04 September

Django: CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri() Mariusz Felisiak
Re: linux-distros list policy and Linux kernel, again Willy Tarreau

Tuesday, 05 September

CVE-2023-40743: Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService Arnout Engelen
Xen Security Advisory 437 v2 (CVE-2023-34321) - arm32: The cache may not be properly cleaned/invalidated Xen . org security team

Wednesday, 06 September

CVE-2023-36387: Apache Superset: Improper API permission for low privilege users Daniel Gaspar
CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF Daniel Gaspar
CVE-2023-27523: Apache Superset: Improper data permission validation on Jinja templated queries Daniel Gaspar
CVE-2023-27526: Apache Superset: Improper Authorization check on import charts Daniel Gaspar
CVE-2023-39264: Apache Superset: Stack traces enabled by default Daniel Gaspar
CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections Daniel Gaspar
CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution Daniel Gaspar
CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization Daniel Gaspar
Multiple vulnerabilities in Jenkins plugins Daniel Beck
Re: CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters Alan Coopersmith

Friday, 08 September

OpenSSL Security Advisory Tomas Mraz
croc: multiple issues in file sharing utility Matthias Gerstner
Re: OpenSSL Security Advisory Alex Gaynor
Re: linux-distros list policy and Linux kernel, again Solar Designer
CVE-2023-4809: FreeBSD pf bypass when using IPv6 Enrico Bassetti
Re: CVE-2023-4809: FreeBSD pf bypass when using IPv6 Alexander Bluhm
Re: CVE-2023-4809: FreeBSD pf bypass when using IPv6 Demi Marie Obenour

Saturday, 09 September

mutt 2.2.12 security update Tavis Ormandy

Monday, 11 September

WebKitGTK and WPE WebKit Security Advisory WSA-2023-0008 Carlos Alberto Lopez Perez

Tuesday, 12 September

CVE-2023-40712: Apache Airflow: Secrets can be unmasked in the "Rendered Template" Ephraim Anierobi
CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control Vulnerability Ephraim Anierobi
CVE-2023-38039 curl: HTTP headers eat all memory Daniel Stenberg

Wednesday, 13 September

[SECURITY] CVE-2023-41081 Apache Tomcat Connectors (mod_jk) Information Disclosure Mark Thomas
CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file Gary D. Gregory
illumos (or at least danmcd) membership in the distros list Dan McDonald
Re: illumos (or at least danmcd) membership in the distros list Katherine Mcmillan

Thursday, 14 September

Re: illumos (or at least danmcd) membership in the distros list Bob Friesenhahn
Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
CVE-2023-41267: Apache HDFS Provider error message suggested installation of incorrect pip package Elad Kalif
Re: illumos (or at least danmcd) membership in the distros list Demi Marie Obenour
Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
Re: illumos (or at least danmcd) membership in the distros list Solar Designer
Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
Re: illumos (or at least danmcd) membership in the distros list Alan Coopersmith
Re: illumos (or at least danmcd) membership in the distros list Jean Luc Picard

Friday, 15 September

Re: illumos (or at least danmcd) membership in the distros list Solar Designer

Monday, 18 September

Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
Possible AMD Zen2 CVE Steve Thompson
[CVE-2023-42752] integer overflow in Linux kernel leading to exploitable memory access Kyle Zeng

Tuesday, 19 September

Re: Possible AMD Zen2 CVE Mathias Krause
RE: [External] : [oss-security] Possible AMD Zen2 CVE Casper Dik
[CVE-2023-41834] Apache Flink Stateful Functions allowed HTTP header injection due to Improper Neutralization of CRLF Sequences Martijn Visser

Wednesday, 20 September

Xen Security Advisory 438 v2 (CVE-2023-34322) - top-level shadow reference dropped too early for 64-bit PV guests Xen . org security team
ISC has disclosed two vulnerabilities in BIND 9 (CVE-2023-3341, CVE-2023-4236) Michał Kępień
CVE-2023-4504 cups, libppd: Postscript parsing heap-based buffer overflow Zdenek Dohnal
Re: CVE-2023-4504 cups, libppd: Postscript parsing heap-based buffer overflow Solar Designer
Multiple vulnerabilities in Jenkins and Jenkins plugins Daniel Beck

Thursday, 21 September

MOV{H,L}PS instructions can fail on Genoa (Zen 4) Tavis Ormandy
Advisory X41-2023-001: Two Vulnerabilities in OPNsense X41 D-Sec GmbH Advisories
Supply Chain Issues in PyPI Stian Kristoffersen
CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer
Re: croc: multiple issues in file sharing utility Salvatore Bonaccorso
Re: linux-distros list policy and Linux kernel, again Solar Designer
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Hanno Böck

Friday, 22 September

Plone security advisory 2023/09/21 Maurits van Rees
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Marc Deslauriers
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Rodrigo Freire
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Vincent Rabaud
Re: illumos (or at least danmcd) membership in the distros list Solar Designer
[CVE-2023-42753] Array Indexing error in Linux kernel Kyle Zeng
Re: illumos (or at least danmcd) membership in the distros list Solar Designer

Monday, 25 September

CVE-2023-4527: glibc: Stack read overflow in getaddrinfo in no-aaaa mode Solar Designer
Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Xen . org security team
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer
Xen Security Advisory 439 v2 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Xen . org security team
Re: illumos (or at least danmcd) membership in the distros list Alan Coopersmith
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer
Re: illumos (or at least danmcd) membership in the distros list Solar Designer
Re: illumos (or at least danmcd) membership in the distros list Dan McDonald
Re: illumos (or at least danmcd) membership in the distros list Solar Designer
[CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng

Tuesday, 26 September

Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Salvatore Bonaccorso
Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH
Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Kyle Zeng
Re: [CVE-2023-42755] Linux kernel wild pointer access <= v6.2 Greg KH
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper
Re: mutt 2.2.12 security update Thadeu Lima de Souza Cascardo
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Solar Designer
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Solar Designer
Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Andrew Cooper
CVE-2023-43040 Ceph: Improperly verified POST keys. Sage [They / Them] McTaggart
Re: administrative tasks (was: illumos (or at least danmcd) membership in the distros list) Alan Coopersmith

Wednesday, 27 September

Re: Xen Security Advisory 439 v1 (CVE-2023-20588) - x86/AMD: Divide speculative information leak Demi Marie Obenour
[CVE-2023-42756] Linux kernel race condition in netfilter Kyle Zeng

Thursday, 28 September

Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Salvatore Bonaccorso
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Jeffrey Walton
WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 Carlos Alberto Lopez Perez
Re: CVE-2023-4863: libwebp: Heap buffer overflow in WebP Codec Emilio Pozuelo Monfort
CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour
CVE-2023-41081: Apache Tomcat Connectors: Unexpected use of first declared worker in mod_jk for unmapped request [CORRECTION] Christopher Schultz

Friday, 29 September

Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky
Multiple Exim4 Zero Days Markus Gschwendt
Re: Multiple Exim4 Zero Days Alex Gaynor
Exim4 MTA CVEs assigned from ZDI Heiko Schlittermann
CVE-2023-39410: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK Ryan Skraba
Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour
Re: Exim4 MTA CVEs assigned from ZDI Solar Designer
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Jeffrey Walton
RE: Exim4 MTA CVEs assigned from ZDI zdi () trendmicro com
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Travis Finkenauer
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Shawn Webb
3 buffer overflows in gstreamer's gst-plugins-bad before 1.22.6 Alan Coopersmith
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky

Saturday, 30 September

Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Dominique Martinet
Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Demi Marie Obenour
Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Steffen Nurpmeso
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith
Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Michael Orlitzky