oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

264 messages starting Jun 25 09 and ending Apr 08 09
Date index | Thread index | Author index

Alan Boudreault

Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Alan Boudreault (Jun 25)

Alex Legler

CVE request: mpg123 Signedness Vulnerability Alex Legler (Apr 11)

Andrea Barisani

[oCERT-2009-004] AjaxTerm session id collision Andrea Barisani (May 11)

Andreas Jellinghaus

OpenSC 0.11.8 released with security update Andreas Jellinghaus (May 08)

Christian Hoffmann

Re: php mb_ereg_replace() Christian Hoffmann (May 13)
Re: php mb_ereg_replace() Christian Hoffmann (May 13)
Re: CVE request: PHP 5.2.9 Christian Hoffmann (Apr 14)

dann frazier

Re: Linux kernels and security issues? dann frazier (May 22)
Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
Re: CVE request? buffer overflow in CIFS in 2.6.* dann frazier (Apr 29)
Re: ptrace race CVE ID? dann frazier (May 15)

Eugene Teo

Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (May 13)
Re: CVE request: kernel: splice local denial of service Eugene Teo (Jun 02)
CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 20)
CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo (Apr 08)
CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service Eugene Teo (Jun 02)
Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 25)
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 29)
CVE-2009-1389 kernel: r8169: fix crash when large packets are received Eugene Teo (Jun 09)
Re: CVE Request: XEN local denial of service Eugene Teo (May 22)
CVE-2009-1184 selinux: skipped node/port send checks in the compat_net=1 case Eugene Teo (May 03)
CVE-2009-1192 kernel: agp: zero pages before sending to userspace Eugene Teo (Apr 21)
Re: CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo (May 19)
CVE request: kernel: missing capabilities in fs_mask Eugene Teo (Apr 22)
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 20)
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo (Apr 22)
CVE request: kernel: sparc64: Fix crash with /proc/iomem Eugene Teo (Jun 03)
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 22)
CVE Request: kernel: kvm: failure to validate cr3 after KVM_SET_SREGS Eugene Teo (Jun 29)
CVE request: kernel: ptrace_attach: fix the usage of ->cred_exec_mutex Eugene Teo (May 03)
CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Eugene Teo (May 13)
CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Eugene Teo (Apr 06)
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 06)
CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo (Apr 16)
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 21)
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo (Apr 17)
Re: CVE request? buffer overflow in CIFS in 2.6.* Eugene Teo (Apr 25)
CVE request: kernel: NFS: Fix an Oops in encode_lookup() Eugene Teo (Apr 05)
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Eugene Teo (Apr 23)
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Eugene Teo (Apr 20)
CVE request: kernel: cifs: fix unicode string area word alignment in session setup Eugene Teo (Apr 19)

Eygene Ryabinkin

Re: CVE id request: slim Eygene Ryabinkin (May 21)
Re: CVE request: "billion laughs" attack against Apache APR Eygene Ryabinkin (Jun 06)

Florian Weimer

Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 04)
CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
Re: CVE request (sort of): Quagga BGP crasher Florian Weimer (May 01)
Predictable Math.random() in browsers Florian Weimer (Jun 09)

Greg KH

Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Greg KH (Apr 29)

Hanno Böck

Re: CVE request: phpmyadmin < 3.1.3.2 Hanno Böck (Apr 16)
CVE request: coppermine <= 1.4.22 Hanno Böck (May 20)
CVE request: phpmyadmin < 3.1.3.2 Hanno Böck (Apr 16)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Hanno Böck (Apr 09)
CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Hanno Böck (Apr 13)
CVE request: silverstripe - two sql injections Hanno Böck (Apr 13)
Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck (May 12)
Linux kernels and security issues? Hanno Böck (May 21)
CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Hanno Böck (May 12)
Re: clamav CVE ids? Hanno Böck (Jun 17)

Henri Salo

CVE Request for cacti Henri Salo (May 14)
Re: CVE Request for cacti Henri Salo (May 18)

Jamie Strandboge

CVE Request for libsndfile Jamie Strandboge (May 14)
Re: CVE request: apt Jamie Strandboge (Apr 17)
CVE request: apt Jamie Strandboge (Apr 08)
CVE Request: clamav-milter on Ubuntu Jamie Strandboge (May 01)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Jamie Strandboge (Apr 07)

Jan Lieskovsky

CVE Request -- libmodplug Jan Lieskovsky (Apr 21)
Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 29)
CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Jan Lieskovsky (Jun 29)
CVE Request -- Eggdrop Jan Lieskovsky (May 15)
Re: CVE Request -- libmodplug Jan Lieskovsky (Apr 27)
Re: CVE request -- ghostscript Jan Lieskovsky (Apr 02)
CVE Request - Ghostscript -- Multiple NULL ptr dereference flaws in JBIG2 decoder proved by PoC for CVE-2009-0658 Jan Lieskovsky (Jun 02)
CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Jan Lieskovsky (May 12)
CVE request -- ghostscript Jan Lieskovsky (Apr 01)
CVE request -- bibtex, pam_ssh Jan Lieskovsky (Apr 01)
CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Jan Lieskovsky (May 28)
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Jan Lieskovsky (Apr 01)
Re: (Sort of urgent) CVE request -- ghostscript Jan Lieskovsky (Apr 08)
CVE assignment notification (pam_krb5 CVE-2009-1384) Jan Lieskovsky (May 27)
CVE assignment notification -- CVE-2009-1889 Pidgin: DoS (OOM, crash) via specially-crafted ICQWebMessage Jan Lieskovsky (Jun 30)

Jeff Layton

Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Jeff Layton (May 14)

Joe Orton

Re: CVE request: "billion laughs" attack against Apache APR Joe Orton (Jun 11)
CVE request: "billion laughs" attack against Apache APR Joe Orton (Jun 03)

Jon Oberheide

Re: CVE request: kernel: splice local denial of service Jon Oberheide (May 30)
Re: CVE request (sort of): Quagga BGP crasher Jon Oberheide (May 01)

Josh Bressers

Re: oss-security CNA Josh Bressers (Apr 27)
CVE Request (xine-lib) Josh Bressers (Apr 06)
CVE Request (gstreamer-plugins-good) Josh Bressers (Jun 04)
CVE Request (evolution) Josh Bressers (May 12)
CVE Request (irssi) Josh Bressers (May 29)
CVE Request (apr-util) Josh Bressers (Jun 05)

Kees Cook

libtiff buffer underflow in LZWDecodeCompat Kees Cook (Jun 21)

Marcus Meissner

Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner (Apr 22)
CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 04)
CVE Request: XEN local denial of service Marcus Meissner (May 14)
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner (Apr 23)
Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (May 15)
clamav CVE ids? Marcus Meissner (Jun 17)
utmp reliability? Marcus Meissner (May 14)
CVE request: transmission <1.61 CSRF Marcus Meissner (May 20)
CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Marcus Meissner (Jun 03)
CVE Request: ModSecurity / apache2 mod_security 2.5.9 Marcus Meissner (Jun 03)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Marcus Meissner (Apr 09)
CVE request: kernel: splice local denial of service Marcus Meissner (May 29)
Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 07)
Re: CVE request? buffer overflow in CIFS in 2.6.* Marcus Meissner (Apr 21)
Re: Linux kernels and security issues? Marcus Meissner (May 22)
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Marcus Meissner (Apr 23)

Mark J Cox

Re: CVE request? buffer overflow in CIFS in 2.6.* Mark J Cox (Apr 27)
Two OpenSSL DTLS remote DoS Mark J Cox (May 18)
Re: Two OpenSSL DTLS remote DoS Mark J Cox (May 18)

Michael K. Johnson

ptrace race CVE ID? Michael K. Johnson (May 15)
Re: ptrace race CVE ID? Michael K. Johnson (May 15)

Michael S. Gilbert

Re: libpng-1.2.37 fixes a security issue Michael S. Gilbert (Jun 19)

Miklos Szeredi

Re: CVE request: kernel: splice local denial of service Miklos Szeredi (Jun 02)

Moritz Muehlenhoff

Re: Linux kernels and security issues? Moritz Muehlenhoff (May 22)

Nico Golde

CVE id request: nsd Nico Golde (May 19)
CVE id request: dokuwiki Nico Golde (Jun 04)
Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
CVE id rquest: xfig insecure tmp files Nico Golde (Apr 01)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde (Apr 07)
Re: xfig-3.2.5 diff (CVE-2009-1962) Nico Golde (Jun 12)
incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Nico Golde (Apr 07)
CVE id request: strongswan Nico Golde (Jun 21)
CVE id request: slim Nico Golde (May 18)
CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)
CVE id request: compface Nico Golde (Jun 29)
CVE id request: drupal Nico Golde (May 28)
CVE id request: amule Nico Golde (Apr 21)
CVE id request: nagios Nico Golde (Jun 29)
CVE-2009-0161 dupe of CVE-2009-0642 Nico Golde (May 25)
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)

Oden Eriksson

Re: php mb_ereg_replace() Oden Eriksson (May 13)

Patrick J. Volkerding

libpng-1.2.37 fixes a security issue Patrick J. Volkerding (Jun 19)

Raphael Geissert

CVE-2008-5619 update Raphael Geissert (Apr 25)

Robert Buchholz

Re: CVE request -- ghostscript Robert Buchholz (Apr 02)
Re: CVE Request for cacti Robert Buchholz (May 18)
Re: CVE Request for libsndfile Robert Buchholz (May 25)

Sebastian Krahmer

xfig-3.2.5 diff (CVE-2009-1962) Sebastian Krahmer (Jun 08)
php mb_ereg_replace() Sebastian Krahmer (May 13)

security curmudgeon

Re: CVE request -- Linux kernel irda driver buffer security curmudgeon (Apr 03)
VDBs (was Re: [oss-security] CVE request: kernel: missing capabilities in fs_mask) security curmudgeon (Apr 25)

Stefan Behte

CVE request: Wireshark Stefan Behte (May 29)

Stefan Fritsch

CVE request for old Apache 2.2 issue Stefan Fritsch (Jun 15)

Steffen Joeris

CVE request: moin Steffen Joeris (May 06)
CVE id request: coccinelle Steffen Joeris (May 06)

Steven French

Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French (Apr 07)
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven French (Apr 29)

Steven M. Christey

Re: CVE request: transmission <1.61 CSRF Steven M. Christey (May 21)
Re: CVE id request: strongswan Steven M. Christey (Jun 24)
Re: CVE request -- bibtex, pam_ssh Steven M. Christey (Apr 08)
Re: CVE request: Wireshark Steven M. Christey (May 29)
Re: Old cscope buffer overflow Steven M. Christey (May 06)
Re: CVE request: kernel: 'kill sig -1' must only apply to caller's PID namespace Steven M. Christey (Apr 17)
Re: CVE Request -- kdebase4 (konqueror) -- Incomplete SSL Certificate support in KDE4 Steven M. Christey (May 21)
Re: CVE request: kernel: NFS: Fix an Oops in encode_lookup() Steven M. Christey (Apr 17)
Re: CVE id request: slim Steven M. Christey (May 21)
Re: CVE request: PHP 5.2.9 Steven M. Christey (Apr 24)
Re: ptrace race CVE ID? Steven M. Christey (May 15)
Re: CVE Request (irssi) Steven M. Christey (Jun 06)
Re: CVE request: kernel: missing capabilities in fs_mask Steven M. Christey (Apr 24)
Re: oss-security CNA Steven M. Christey (May 06)
Re: CVE request: ctorrent Steven M. Christey (May 21)
Re: CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (Apr 24)
Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.* Steven M. Christey (May 14)
Re: CVE id request: coccinelle Steven M. Christey (May 21)
Re: CVE request: kernel: problem with NFS v4 client handling of MAY_EXEC in nfs_permission Steven M. Christey (May 21)
Re: CVE id request: nsd Steven M. Christey (May 21)
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Steven M. Christey (Apr 24)
Re: CVE id request: drupal Steven M. Christey (Jun 06)
Re: CVE request: "billion laughs" attack against Apache APR Steven M. Christey (Jun 06)
Re: CVE request: kernel: sparc64: Fix crash with /proc/iomem Steven M. Christey (Jun 06)
Re: (Sort of urgent) CVE request -- ghostscript Steven M. Christey (Apr 08)
Re: php mb_ereg_replace() Steven M. Christey (May 13)
Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 15)
Re: CVE request: PHP 5.2.9 Steven M. Christey (Apr 08)
Re: CVE request: file security issue Steven M. Christey (May 06)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey (Apr 08)
Re: CVE Request: XEN local denial of service Steven M. Christey (May 21)
Re: CVE Request: ModSecurity / apache2 mod_security 2.5.9 Steven M. Christey (Jun 03)
Re: Old cscope buffer overflow Steven M. Christey (May 06)
Re: CVE Request: clamav-milter on Ubuntu Steven M. Christey (May 21)
Re: CVE Request -- libmodplug Steven M. Christey (May 21)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Steven M. Christey (Apr 23)
Re: CVE Request (gstreamer-plugins-good) Steven M. Christey (Jun 06)
Re: CVE Request for cacti Steven M. Christey (May 21)
Re: CVE-2009-0161 dupe of CVE-2009-0642 Steven M. Christey (May 26)
Re: CVE request: two denial of service bugs in strongswan Steven M. Christey (Jun 06)
FreeType malformed compressed data issue Steven M. Christey (Apr 16)
Re: ipsec-tools 0.7.2 Steven M. Christey (May 06)
Re: Re: Some fun with tcp_wrappers Steven M. Christey (Apr 24)
Re: CVE request: apt Steven M. Christey (Apr 21)
Re: CVE Request for libsndfile Steven M. Christey (May 26)
Re: CVE id request: slim Steven M. Christey (May 22)
Re: CVE Request: Wireshark DoS Steven M. Christey (Apr 01)
Re: CVE request: kernel: exit_notify: kill the wrong capable(CAP_KILL) check Steven M. Christey (Apr 17)
Re: CVE Request -- libmodplug Steven M. Christey (May 21)
Re: CVE Request (xine-lib) Steven M. Christey (Apr 08)
Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Steven M. Christey (Jun 06)
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Steven M. Christey (May 06)
Re: CVE Request (apr-util) Steven M. Christey (Jun 06)
Re: CVE Request -- Eggdrop Steven M. Christey (May 29)
Re: CVE request: moin Steven M. Christey (May 21)
Re: CVE id request: dokuwiki Steven M. Christey (Jun 06)
Re: CVE request: mpg123 Signedness Vulnerability Steven M. Christey (Apr 24)
Re: CVE request (sort of): Quagga BGP crasher Steven M. Christey (May 06)
Re: CVE Request (evolution) Steven M. Christey (May 21)
Re: CVE request: kernel: splice local denial of service Steven M. Christey (Jun 06)
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Steven M. Christey (Jun 03)
Re: CVE id rquest: xfig insecure tmp files Steven M. Christey (Jun 06)

Tavis Ormandy

Re: clamav CVE ids? Tavis Ormandy (Jun 17)
Re: FreeType malformed compressed data issue Tavis Ormandy (Apr 16)

Thomas Biege

CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Thomas Biege (Apr 07)
Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage() Thomas Biege (Jun 08)
CVE request: two denial of service bugs in strongswan Thomas Biege (Jun 02)

Tomas Hoger

Re: CVE request: Squirrelmail < 1.4.18 XSS, session fixation, server-side code execution Tomas Hoger (May 12)
Re: CVE request: jhead Tomas Hoger (Apr 01)
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger (Jun 12)
Re: CVE request: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow Tomas Hoger (Apr 13)
Re: CVE id request: compface Tomas Hoger (Jun 29)
Re: ipsec-tools 0.7.2 Tomas Hoger (May 04)
CVE request: PHP 5.2.9 Tomas Hoger (Apr 01)
Old cscope buffer overflow Tomas Hoger (May 05)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
nagios: remote code execution Tomas Hoger (Jun 29)
Mutt 1.5.19 SSL chain verification flaw Tomas Hoger (Jun 10)
Re: xfig-3.2.5 diff (CVE-2009-1962) Tomas Hoger (Jun 10)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)
Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive Tomas Hoger (Apr 09)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 16)
Some fun with tcp_wrappers Tomas Hoger (Apr 15)
Re: CVE request: PHP 5.2.9 Tomas Hoger (Apr 09)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 28)
Git daemon infinite loop Tomas Hoger (Jun 12)
Re: ipsec-tools 0.7.2 Tomas Hoger (May 12)
Re: Old cscope buffer overflow Tomas Hoger (May 06)
Re: CVE Request: PDF XSS in ModSecurity / apache2 mod_security 2.5.8 Tomas Hoger (Jun 03)
Re: Two OpenSSL DTLS remote DoS Tomas Hoger (Jun 02)
Re: CVE request -- zsh, XFree86-xfs/xorg-x11-xfs, screen Tomas Hoger (Apr 02)
ipsec-tools 0.7.2 Tomas Hoger (Apr 29)
Re: Re: Some fun with tcp_wrappers Tomas Hoger (Apr 15)

Vincent Danen

Re: libtiff buffer underflow in LZWDecodeCompat Vincent Danen (Jun 23)
CVE-2008-5519: mod_jk session information leak vulnerability Vincent Danen (Apr 08)
CVE-2009-1191: mod_proxy_ajp information disclosure vulnerability Vincent Danen (Apr 23)
CVE-2009-1189: invalid fix for CVE-2008-3834 (dbus) Vincent Danen (Apr 16)
Solaris/OpenSolaris xscreensaver issue (CVE-2009-1276) Vincent Danen (Apr 09)
CVE request: file security issue Vincent Danen (May 01)
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Vincent Danen (May 05)
CVE request: ctorrent Vincent Danen (May 20)

Wietse Venema

Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)
Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 16)
Re: Re: Some fun with tcp_wrappers Wietse Venema (Apr 15)

Will Drewry

[oCERT-2009-001] Pango integer overflow in heap allocation size calculations Will Drewry (May 07)
[oCERT-2009-006] Android improper package verification when using shared uids Will Drewry (May 22)

Willy Tarreau

Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau (Jun 07)
Re: Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau (Apr 23)
Re: CVE-2009-1265 kernel: af_rose/x25: Sanity check the maximum user frame size Willy Tarreau (Apr 08)

Previous period

Next period