oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

591 messages starting Jul 01 12 and ending Sep 30 12
Date index | Thread index | Author index

Sunday, 01 July

Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 mancha

Monday, 02 July

CVE #'s for WordPress 3.4.1 release Kurt Seifried

Tuesday, 03 July

CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner
[OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) Thierry Carrez
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Timo Warns

Wednesday, 04 July

CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Petr Matousek
Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP Kurt Seifried
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried

Thursday, 05 July

Three CVE requests: at-spi2-atk, as31, naxsi Moritz Muehlenhoff

Friday, 06 July

CVE request: VLC / Asterisk Moritz Muehlenhoff
Re: CVE request: VLC / Asterisk Kurt Seifried
Re: Three CVE requests: at-spi2-atk, as31, naxsi Kurt Seifried
Re: CVE request: Asterisk Kurt Seifried
Re: CVE request: Asterisk cve-assign
Re: CVE request: Asterisk Matthew Jordan
CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage Kurt Seifried
Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage Kurt Seifried
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Marcus Meissner
CVE Request: XSS in a Mono System.web error page Marcus Meissner
Re: CVE Request: XSS in a Mono System.web error page Kurt Seifried

Saturday, 07 July

Re: CVE #'s for WordPress 3.4.1 release Kurt Seifried

Monday, 09 July

CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky
CVE-2012-3881 RTG and RTG2: 95.php/rtg.php/view.php SQL injection cve-assign
Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Jan Lieskovsky
CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Henri Salo
Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Kurt Seifried
Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling Kurt Seifried

Tuesday, 10 July

ecryptfs headsup Sebastian Krahmer
libdbus hardening Sebastian Krahmer
Re: libdbus hardening Florian Weimer
Re: libdbus hardening Solar Designer
Re: libdbus hardening Florian Weimer
Re: libdbus hardening yersinia
Re: libdbus hardening Solar Designer
Re: ecryptfs headsup Kurt Seifried
Re: libdbus hardening Sebastian Krahmer
Re: libdbus hardening Sebastian Krahmer
Re: ecryptfs headsup Sebastian Krahmer
Re: libdbus hardening Solar Designer
Re: ecryptfs headsup Marcus Meissner
Re: libdbus hardening Sebastian Krahmer
Re: libdbus hardening Solar Designer
Re: libdbus hardening Simon McVittie
Re: ecryptfs headsup Dan Rosenberg
Openjpeg: heap-buffer overflow when processing JPEG2000 image files Huzaifa Sidhpurwala
Re: ecryptfs headsup Tyler Hicks
Re: ecryptfs headsup Tyler Hicks

Wednesday, 11 July

Re: libdbus hardening Sebastian Krahmer
CVE request: glibc formatted printing vulnerabilities Stefan Cornelius
CVE-request: plow buffer overflow vulnerability Henri Salo
Re: libdbus hardening Florian Weimer
Re: libdbus hardening Solar Designer
Re: ecryptfs headsup Dustin Kirkland
Re: libdbus hardening yersinia
CVE Request: Overflow fix in bash 4.2 patch 33 Marcus Meissner
Re: CVE Request for Drupal contributed modules Greg Knaddison
[OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371) Thierry Carrez
Re: Fwd: New Security Vulnerabilities in Puppet Kurt Seifried
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Kurt Seifried
Re: CVE-request: plow buffer overflow vulnerability Kurt Seifried
Re: CVE request: glibc formatted printing vulnerabilities Kurt Seifried
Re: ecryptfs headsup Kurt Seifried
Re: Re: ecryptfs headsup Tyler Hicks
Re: CVE request: glibc formatted printing vulnerabilities Kees Cook
Re: Re: Fwd: New Security Vulnerabilities in Puppet Kurt Seifried
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Henri Salo
Re: Re: ecryptfs headsup Kurt Seifried
Re: Re: ecryptfs headsup Tyler Hicks
Re: CVE request: glibc formatted printing vulnerabilities Stefan Cornelius

Thursday, 12 July

Re: CVE Request: Overflow fix in bash 4.2 patch 33 Marcus Meissner
Re: CVE Request: Overflow fix in bash 4.2 patch 33 Kurt Seifried
Re: Re: CVE Request -- dnsmasq: When being run by libvirt open DNS proxy (reachable out-of the virtual network set for the particular guest domain too) is created Kurt Seifried
GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS cve-assign
[dan () coneharvesters com: [Libexif-devel] libexif project security advisory July 12, 2012] Marcus Meissner

Friday, 13 July

CVE Request: KDE Pim Marc Deslauriers
Re: CVE Request: KDE Pim Kurt Seifried
Re: Re: ecryptfs headsup Dustin Kirkland
Re: Re: ecryptfs headsup Jason A. Donenfeld

Saturday, 14 July

Re: Re: ecryptfs headsup Jason A. Donenfeld

Monday, 16 July

Re: Re: ecryptfs headsup Sebastian Krahmer
Re: Re: ecryptfs headsup Justin Ossevoort
Re: CVE Request: KDE Pim Vincent Danen
CVE id request: libjs-swfupload Nico Golde
Re: CVE id request: libjs-swfupload Kurt Seifried
Re: CVE id request: libjs-swfupload Nico Golde
Moodle security notifications public Michael de Raadt
Re: CVE id request: libjs-swfupload Kurt Seifried
libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images Huzaifa Sidhpurwala

Tuesday, 17 July

Re: CVE Request: KDE Pim laurent Montel
Re: CVE id request: libjs-swfupload Nico Golde
Re: libdbus hardening Solar Designer
Re: libdbus hardening Florian Weimer
Re: CVE Request: KDE Pim David Faure
Re: CVE Request: KDE Pim Tomas Hoger
Re: CVE Request: KDE Pim Vincent Danen
Re: CVE Request: KDE Pim Kurt Seifried
Re: CVE id request: libjs-swfupload Kurt Seifried
Re: CVE id request: libjs-swfupload Nico Golde
Re: CVE Request: KDE Pim David Faure
Re: CVE id request: libjs-swfupload Kurt Seifried

Wednesday, 18 July

tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala

Thursday, 19 July

CVE Request: quota: incorrect use of tcp_wrappers Huzaifa Sidhpurwala
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Henri Salo
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Huzaifa Sidhpurwala
Re: CVE Request: quota: incorrect use of tcp_wrappers Kurt Seifried
CVE-2012-4024 and CVE-2012-4025: Squashfs overflows cve-assign

Friday, 20 July

CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? yersinia

Sunday, 22 July

Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? David Jorm

Monday, 23 July

Re: CVE for JBOSS EAP 5.0(twiddle and jmx invocations) ? Kurt Seifried
Wireshark before 1.8.1 (etc.) CVE-2012-4048 CVE-2012-4049 cve-assign
Re: Wireshark before 1.8.1 (etc.) CVE-2012-4048 CVE-2012-4049 Huzaifa Sidhpurwala
CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Huzaifa Sidhpurwala

Tuesday, 24 July

CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) Henri Salo
Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images Kurt Seifried

Wednesday, 25 July

Re: libdbus hardening Florian Weimer

Thursday, 26 July

Re: libdbus hardening Simon McVittie
Re: libdbus hardening yersinia
CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory Petr Matousek
Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Xen . org security team
Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory Kurt Seifried
Ruby on Rails DoS Vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424) Aaron Patterson

Friday, 27 July

Re: Xen Security Advisory 10 - HVM guest user mode MMIO emulation DoS Kurt Seifried
Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) Kurt Seifried
Xen Security Advisory 10 (CVE-2012-3432) - HVM user mode MMIO emul DoS Xen . org security team
[OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426) Thierry Carrez
CVE request for OpenTTD frosch
Zabbix SQL injection flaw (CVE request) Vincent Danen
Quick question regarding CVEs Kurt Seifried
Re: CVE request for OpenTTD Kurt Seifried
Re: Zabbix SQL injection flaw (CVE request) Kurt Seifried
Re: Quick question regarding CVEs Kurt Seifried

Saturday, 28 July

Re: CVE request for OpenTTD frosch
ocPortal 7.1.5 <= | Open URL Redirection Vulnerability YGN Ethical Hacker Group
Re: CVE request for OpenTTD Kurt Seifried

Sunday, 29 July

ImageMagick Magick_png_malloc() / GraphicsMagick png_IM_malloc() size issue Kurt Seifried

Monday, 30 July

Re: libdbus hardening Ludwig Nussel
Re: libdbus hardening Ludwig Nussel
Re: libdbus hardening Florian Weimer
Re: libdbus hardening Ludwig Nussel
CVE Request: icinga sample db creation scripts Marcus Meissner
Re: CVE Request: icinga sample db creation scripts Kurt Seifried
CVE Request: Django 1.3.1 and 1.4.0 security issues Kurt Seifried
Re: CVE Request: Django 1.3.1 and 1.4.0 security issues Kurt Seifried

Tuesday, 31 July

CVE request for Ushahidi Robbie MacKay
CVE Request -- libvirt: crash in virTypedParameterArrayClear Petr Matousek
Re: CVE request for OpenTTD frosch
Re: CVE request for Ushahidi Kurt Seifried
Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear Kurt Seifried
RSGallery2 before 2.3.0 (etc.) CVE-2012-3554 CVE-2012-4071 cve-assign

Wednesday, 01 August

CVE Request: NVidia Linux driver Marc Deslauriers
Re: CVE Request: NVidia Linux driver Petr Matousek
Re: CVE Request: NVidia Linux driver Tavis Ormandy
Re: CVE Request: NVidia Linux driver Marc Deslauriers
Re: Re: CVE Request: NVidia Linux driver Marc Deslauriers
Re: Re: CVE Request: NVidia Linux driver Marcus Meissner
Re: CVE Request: NVidia Linux driver Kurt Seifried
Re: CVE Request: NVidia Linux driver Marc Deslauriers
Re: Re: CVE Request: NVidia Linux driver Tavis Ormandy
CVE request: Ganglia Web 3.5.1 Vincent Danen
Re: CVE request: Ganglia Web 3.5.1 Kurt Seifried
Re: CVE request for Ushahidi Robbie Mackay

Thursday, 02 August

CVE Request: php5 pdo array overread/crash Marcus Meissner
IcedTea-Web security fixes in 1.1.6 and 1.2.1 Tomas Hoger
bind-dyndb-ldap DoS CVE-2012-3429 Tomas Hoger
openvswitch world writable directories (CVE-2012-3449) Kurt Seifried
Re: CVE Request: php5 pdo array overread/crash Kurt Seifried
Re: CVE Request for Drupal contributed modules Greg Knaddison
Re: openvswitch world writable directories (CVE-2012-3449) Yves-Alexis Perez

Friday, 03 August

Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger
gnome-screensaver 3.4.2 locked only active screen Marcus Meissner
Remote DoS in Linux sfc driver through TCP MSS option (CVE-2012-3412) Ben Hutchings
Re: gnome-screensaver 3.4.2 locked only active screen Kurt Seifried
Re: openvswitch world writable directories (CVE-2012-3449) Kurt Seifried
CVE ASSIGNMENT: extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp Kurt Seifried
CVE ASSIGNMENT: logol: creates world writable directory: /var/lib/logol/results Kurt Seifried

Saturday, 04 August

CVE request for Calligra Jeff Mitchell
Re: CVE request for Calligra Agostino Sarubbo
Re: CVE request for Calligra Jeff Mitchell
Re: CVE request for Calligra Agostino Sarubbo
Re: CVE request for Calligra Jeff Mitchell

Sunday, 05 August

Re: CVE request for Calligra Jorge Manuel B. S. Vicetto
Re: CVE request for Calligra Kurt Seifried
Re: CVE request for Calligra Kurt Seifried
Re: CVE request for Calligra Charlie Miller

Monday, 06 August

CVE Request: Linux kernel net/rds max socket length checking Marcus Meissner
Re: CVE Request: Linux kernel net/rds max socket length checking Petr Matousek
Re: CVE request for Calligra Jeff Mitchell
Re: CVE request for Calligra Kurt Seifried
Re: CVE request for Calligra Kurt Seifried
CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Kurt Seifried
Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable Christoph Anton Mitterer

Tuesday, 07 August

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447) Thierry Carrez
Re: CVE request for Calligra Jeff Mitchell

Wednesday, 08 August

Test email - please ignore Kurt Seifried
Re: CVE Request -- libotr: Multiple heap-based buffer overflows in the Base64 decoder Kurt Seifried
Re: CVE Request: NVidia Linux driver cve-assign
CVE Request: gnome-keyring: improper caching of gpg password/passphrase Huzaifa Sidhpurwala
Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase Kurt Seifried

Thursday, 09 August

Xen Security Advisory 11 (CVE-2012-3433) - HVM destroy p2m host DoS Xen . org security team
Re: CVE request for Ushahidi Tim
Re: CVE request for Ushahidi Kurt Seifried
CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections Vincent Danen
Randomness Attacks Against PHP Applications Yves-Alexis Perez
Ruby on Rails Potential XSS Vulnerability in select_tag prompt Santiago Pastorino
XSS Vulnerability in strip_tags Santiago Pastorino
Potential XSS Vulnerability in Ruby on Rails Santiago Pastorino

Friday, 10 August

Re: CVE request for Calligra Jeff Mitchell
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger
Possible data loss or data modification in ownCloud Bruno Kleinert
CVE Request: NeoInvoice Blind SQL Injection in signup_check.php Adam Caudill
Re: Randomness Attacks Against PHP Applications Yves-Alexis Perez
Re: CVE Request: NeoInvoice Blind SQL Injection in signup_check.php Kurt Seifried
CVE Request: rssh command-line parsing vulnerability Russ Allbery
Re: Possible data loss or data modification in ownCloud Simon McVittie
ownCloud - matching CVEs to fix information and vice versa Kurt Seifried
Re: CVE Request: rssh command-line parsing vulnerability Kurt Seifried
Re: CVE Request: rssh command-line parsing vulnerability Russ Allbery

Saturday, 11 August

Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Solar Designer
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kyle Creyts

Sunday, 12 August

Security flaw in GNU Emacs file-local variables Chong Yidong
Re: Security flaw in GNU Emacs file-local variables Kurt Seifried
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kurt Seifried

Monday, 13 August

CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines Jan Lieskovsky
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Jason A. Donenfeld
Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines Kurt Seifried
Total Shop UK eCommerce Generic Cross-Site Scripting research
TCExam Edit SQL Injection research
CVE ID request for fetchmail segfault in NTLM protocol exchange Matthias Andree
ANN: Beaker 1.6.4 released with important security update Ben Bangert
Re: CVE ID request for fetchmail segfault in NTLM protocol exchange Kurt Seifried
Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) Kurt Seifried

Wednesday, 15 August

pcp: Multiple security flaws Huzaifa Sidhpurwala

Thursday, 16 August

CVE Request: SquidClamav insufficient escaping flaws Sean Amoss
phpMyAdmin PMASA-2012-3 (CVE-2012-4219) and PMASA-2012-4 (CVE-2012-4345) issues Jan Lieskovsky
Re: CVE Request: SquidClamav insufficient escaping flaws Kurt Seifried
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Steven M. Christey
GIMP Scriptfu Python Remote Command Execution research

Friday, 17 August

Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution Julius Kivimäki
Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution Giles Coochey
CVE request: tinyproxy Jamie Strandboge

Saturday, 18 August

Re: CVE request: tinyproxy Kurt Seifried

Sunday, 19 August

ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group
ocPoral CMS 8.x | Session Hijacking Vulnerability YGN Ethical Hacker Group
RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution research

Monday, 20 August

CVE-request: Roundcube XSS issues Henri Salo
Re: CVE-request: Roundcube XSS issues Henri Salo
Re: CVE-request: Roundcube XSS issues Hanno Böck
Re: CVE-request: Roundcube XSS issues Henri Salo
The Gimp PSD plug-in CVE-2012-3402 issue Jan Lieskovsky
The Gimp CEL plug-in CVE-2012-3403 issue Jan Lieskovsky
The Gimp GIF plug-in CVE-2012-3481 issue Matthias Weckbecker
Re: CVE-request: Roundcube XSS issues Kurt Seifried
CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek
CVE Request -- kernel: mm: use-after-free in madvise_remove() Petr Matousek
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Kurt Seifried
Re: CVE Request -- kernel: mm: use-after-free in madvise_remove() Kurt Seifried
Two munin issues, now with CVEs Kurt Seifried
ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514 Kurt Seifried

Tuesday, 21 August

CVE Request -- Tor 0.2.2.38: Three issues Jan Lieskovsky
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() akuster
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek
Re: CVE Request -- Tor 0.2.2.38: Three issues Kurt Seifried
CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Jan Lieskovsky
CVE Request -- inn (nnrpd): Prone to STARTTLS plaintext command injection Jan Lieskovsky
Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Raphael Geissert
CVE request: Typo3 Moritz Muehlenhoff
Re: CVE Request -- php-geshi / GeSHi (1.0.8.11): Remote directory traversal and information disclosure in the cssgen contrib module (plus possibly XSS, but it needs upstream to confirm) Kurt Seifried
Re: CVE Request -- inn (nnrpd): Prone to STARTTLS plaintext command injection Kurt Seifried

Wednesday, 22 August

CVE-2012-3520 kernel: af_netlink: invalid handling of SCM_CREDENTIALS passing Petr Matousek
CVE Request: Apache mod RPAF denial of service Thijs Kinkhorst
Any information on mesa/CVE-2012-2864? Moritz Muehlenhoff
Re: Randomness Attacks Against PHP Applications Solar Designer
CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks Jan Lieskovsky
Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks Kurt Seifried
Re: CVE Request: Apache mod RPAF denial of service Kurt Seifried
Re: CVE request: Typo3 Kurt Seifried
Stripe Capture the Flag John Collison
Re: Stripe Capture the Flag Solar Designer

Thursday, 23 August

Re: Any information on mesa/CVE-2012-2864? Huzaifa Sidhpurwala
Re: Stripe Capture the Flag Carlos Alberto Lopez Perez
Re: Stripe Capture the Flag Thanh Nguyen

Friday, 24 August

Re: Stripe Capture the Flag Filip Palian
zenoss issues Thomas Pollet
Re: zenoss issues Thomas Pollet
Re: Stripe Capture the Flag Henri Salo
oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) Vincent Danen
Re: zenoss issues Kurt Seifried
Re: zenoss issues Kurt Seifried
Re: CVE Request: SquidClamav insufficient escaping flaws Steven M. Christey
Re: CVE-request: Roundcube XSS issues Steven M. Christey

Saturday, 25 August

information request on security bug fix in GNU Gatekeeper 3.1 Raphael Geissert
Re: information request on security bug fix in GNU Gatekeeper 3.1 Jan Willamowius

Sunday, 26 August

Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) Michael Pasternak
Re: CVE-request: Roundcube XSS issues Eygene Ryabinkin
Re: CVE-request: Roundcube XSS issues Eygene Ryabinkin
Re: Re: information request on security bug fix in GNU Gatekeeper 3.1 Kurt Seifried
CVE Request: Heap-based buffer overflow in openjpeg Huzaifa Sidhpurwala
Re: CVE Request: Heap-based buffer overflow in openjpeg Kurt Seifried

Monday, 27 August

CVE request: joomla before 1.5.26 password change Hanno Böck
CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Thomas Biege
Re: CVE request: joomla before 1.5.26 password change Kurt Seifried
Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling Kurt Seifried
Re: Re: zenoss issues Kurt Seifried
Re: ownCloud - matching CVEs to fix information and vice versa Kurt Seifried
CVE request: letodms multiple issues Raphael Geissert
CVE Request: Java 7 code execution 0day David Jorm
Re: CVE Request: Java 7 code execution 0day Kurt Seifried
Re: CVE request: letodms multiple issues Kurt Seifried
Re: CVE Request: Java 7 code execution 0day Kurt Seifried
Re: CVE request: letodms multiple issues Raphael Geissert
Re: information request on security bug fix in GNU Gatekeeper 3.1 Raphael Geissert
Re: CVE request: letodms multiple issues Kurt Seifried
Re: CVE request: letodms multiple issues Raphael Geissert
CVE for FreeBSD SCTP remote DoS? Raphael Geissert

Tuesday, 28 August

CVE-Request: apache2-mod_php5 AddHandler content confusion Sebastian Krahmer
Re: CVE for FreeBSD SCTP remote DoS? Simon L. B. Nielsen
CVE Request: Hash collision issue in Mono/C# (similar to Microsoft .NET issue) Marcus Meissner
Re: CVE-Request: apache2-mod_php5 AddHandler content confusion Kurt Seifried
Re: CVE Request: Hash collision issue in Mono/C# (similar to Microsoft .NET issue) Kurt Seifried
CVE request: FreeBSD SCTP remote DoS Raphael Geissert

Wednesday, 29 August

Re: CVE Request: Java 7 code execution 0day Eygene Ryabinkin
CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Jan Lieskovsky
CVE-2012-3509: objalloc_alloc integer overflows in libiberty Florian Weimer
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried
php header() header injection detection bypass Raphael Geissert
Re: CVE request: FreeBSD SCTP remote DoS Kurt Seifried
[icinga-web] rmtmp-files.sh Simon .
Re: [icinga-web] rmtmp-files.sh Kurt Seifried

Thursday, 30 August

CVE request: crowbar XSS Thomas Biege
Re: Stripe Capture the Flag Solar Designer
[OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542) Russell Bryant
Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) Russell Bryant
[OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) Russell Bryant
Re: [icinga-web] rmtmp-files.sh Simon .
Re: CVE request: crowbar XSS Kurt Seifried

Friday, 31 August

CVE request: contao before 2.11.4 sql injection Hanno Böck
Information on security issues fixed in ffmpeg 0.11? Moritz Muehlenhoff
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin
operator new[] overflow checking in G++ Florian Weimer
CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws Jan Lieskovsky
[Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output Jan Lieskovsky
CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Petr Matousek
Re: Three CVE requests: at-spi2-atk, as31, naxsi Steven M. Christey
Re: CVE Request -- MediaWiki 1.19.2 and 1.18.5 multiple security flaws Kurt Seifried
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Kurt Seifried
CVE Request -- kernel: request_module() OOM local DoS Petr Matousek
Re: Three CVE requests: at-spi2-atk, as31, naxsi Kurt Seifried
Re: CVE request: contao before 2.11.4 sql injection Kurt Seifried
Re: php header() header injection detection bypass Kurt Seifried
Re: [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output Jakub Wilk
Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt akuster
Re: operator new[] overflow checking in G++ Kurt Seifried
Re: CVE request: letodms multiple issues Kurt Seifried
Re: php header() header injection detection bypass Raphael Geissert
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Gerald Combs
Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Kurt Seifried

Saturday, 01 September

Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector Eygene Ryabinkin
CVE request: Apache Struts S2-010 and S2-011 Raphael Geissert
Re: CVE request: Apache Struts S2-010 and S2-011 Kurt Seifried
Re: php header() header injection detection bypass Kurt Seifried
Re: CVE - ownCloud Kurt Seifried

Sunday, 02 September

CVE Request -- kernel: request_module() OOM local DoS Kurt Seifried
Re: Information on security issues fixed in ffmpeg 0.11? Michael Niedermayer
CVE-request: CakePHP XXE injection Henri Salo

Monday, 03 September

Re: CVE-request: CakePHP XXE injection Kurt Seifried

Tuesday, 04 September

Re: php header() header injection detection bypass Eygene Ryabinkin
Re: php header() header injection detection bypass cve-assign
Re: Re: php header() header injection detection bypass Raphael Geissert
CVE request: moinmoin incorrect ACL evaluation for virtual groups Raphael Geissert
(linux-)distros membership changes Solar Designer
Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups Kurt Seifried
Re: Re: php header() header injection detection bypass Eygene Ryabinkin

Wednesday, 05 September

CVE-Request: openstack pickle de-serialization Sebastian Krahmer
Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability Xen . org security team
Xen Security Advisory 13 (CVE-2012-3495) - hypercall physdev_get_free_pirq vulnerability Xen . org security team
Xen Security Advisory 14 (CVE-2012-3496) - XENMEM_populate_physmap DoS vulnerability Xen . org security team
Xen Security Advisory 15 (CVE-2012-3497) - multiple TMEM hypercall vulnerabilities Xen . org security team
Xen Security Advisory 16 (CVE-2012-3498) - PHYSDEVOP_map_pirq index vulnerability Xen . org security team
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability Xen . org security team
Xen Security Advisory 18 (CVE-2012-3516) - grant table entry swaps have inadequate bounds checking Xen . org security team
CVE Request: pidgin lack of SSL checks Marcus Meissner
Re: CVE Request: pidgin lack of SSL checks Jan Lieskovsky
Re: CVE Request: pidgin lack of SSL checks Marcus Meissner
Re: php header() header injection detection bypass cve-assign
Re: CVE-Request: openstack pickle de-serialization Kurt Seifried
Re: Re: CVE - ownCloud Steven M. Christey

Thursday, 06 September

CVE request - mcrypt buffer overflow flaw Vincent Danen
Xen Security Advisory 19 - guest administrator can access qemu monitor console Xen . org security team
CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Jan Lieskovsky
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried
Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console Kurt Seifried
Re: Xen Security Advisory 19 - guest administrator can access qemu monitor console Kurt Seifried
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
Re: CVE request - mcrypt buffer overflow flaw Vincent Danen
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Eitan Adler
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried
CVE request: opencryptoki insecure lock files handling Raphael Geissert
Re: Re: php header() header injection detection bypass Raphael Geissert

Friday, 07 September

Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt Petr Matousek
Xen Security Advisory 19 (CVE-2012-4411) - guest administrator can access qemu monitor console Xen . org security team
Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger
CVE Request -- urllib3: Does not check for SSL certificates by default Jan Lieskovsky
Re: CVE Request -- urllib3: Does not check for SSL certificates by default Jan Lieskovsky
CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky
Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert
Re: CVE Request -- urllib3: Does not check for SSL certificates by default Andrey Petrov
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Kurt Seifried
Re: CVE-2010 Request -- blender: Insecure temporary file use by creating file string in undo save quit Blender kernel routine (re-occurrence of CVE-2008-1103) Eitan Adler
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jeff Law
Re: [Xen-users] Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability Nathan March

Saturday, 08 September

note on gnome shell extensions Tavis Ormandy
Re: note on gnome shell extensions Kurt Seifried

Sunday, 09 September

Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger

Monday, 10 September

Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Florian Weimer
[PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods Timo Warns
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Florian Weimer
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Jan Lieskovsky
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
Re: note on gnome shell extensions Vincent Danen

Tuesday, 11 September

CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky
CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write Huzaifa Sidhpurwala
CVE id request: guacd Nico Golde
Multiple SQL injections in MySQL/MariaDB sergii
Re: CVE request - mcrypt buffer overflow flaw Eygene Ryabinkin
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried
Re: CVE id request: guacd Kurt Seifried
NTP authentication Nico Golde
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Steven M. Christey
CVE-2012-2238: trytond missing permissions check in button model Raphael Geissert
CVE Request: Apache Axis2 XML Signature Wrapping Attack David Jorm

Wednesday, 12 September

Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Florian Weimer
CVEs for wordpress 3.4.2 release Hanno Boeck
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Jan Lieskovsky
CVE id request: tor Nico Golde
libdbus CVE-2012-3524 fix Sebastian Krahmer
[OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Thierry Carrez
Re: CVE id request: tor Kurt Seifried
Re: CVEs for wordpress 3.4.2 release Kurt Seifried
Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce
Re: Re: [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Kurt Seifried
Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Soren Hansen
Re: [Openstack] [Openstack-announce] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Russell Bryant
Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Dolph Mathews
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert
Re: CVEs for wordpress 3.4.2 release Andrew Nacin
Re: [Openstack] [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413) Matt Joyce
Re: CVE id request: tor Nico Golde
Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack Kurt Seifried
Re: CVE id request: tor Kurt Seifried
Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Kurt Seifried

Thursday, 13 September

Re: CVEs for wordpress 3.4.2 release Kurt Seifried
Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) andi abes
Re: note on gnome shell extensions Tavis Ormandy
Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) Kiall Mac Innes
Re: note on gnome shell extensions Marcus Meissner
Re: libdbus hardening Tomas Hoger
Re: note on gnome shell extensions Vincent Danen
CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall() Petr Matousek
CVE for Virtualbox 0x8 DoS? Raphael Geissert
Re: CVE for Virtualbox 0x8 DoS? Kurt Seifried
Re: CVE Request -- libvirt: null function pointer invocation in virNetServerProgramDispatchCall() Kurt Seifried
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried
Re: CVE Request -- glibc: strcoll() integer overflow leading to buffer overflow + another alloca() stack overflow issue (upstream #14547 && #14552) Kurt Seifried
Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert
Re: libdbus CVE-2012-3524 fix Kurt Seifried
Re: note on gnome shell extensions Tavis Ormandy
Re: CVEs for wordpress 3.4.2 release Yves-Alexis Perez
Re: CVEs for wordpress 3.4.2 release Kurt Seifried
Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried
Re: Re: note on gnome shell extensions Vincent Danen
CVE request: DoS in OpenSLP Vincent Danen
CVE request: information leak in vino Vincent Danen
Re: Re: note on gnome shell extensions Kurt Seifried
Re: CVE request: DoS in OpenSLP Kurt Seifried
Re: CVE request: information leak in vino Kurt Seifried

Friday, 14 September

Re: libdbus CVE-2012-3524 fix Tomas Hoger
Re: CVE for Virtualbox 0x8 DoS? halfdog
CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo
CVE-request: WordPress insufficient permissions verification on XMLRPC interface Henri Salo
Re: CVE for Virtualbox 0x8 DoS? Frank Mehnert
Re: CVE for Virtualbox 0x8 DoS? Kurt Seifried
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried
Re: CVE for Virtualbox 0x8 DoS? Raphael Geissert
Re: CVE-request: WordPress insufficient permissions verification on XMLRPC interface Kurt Seifried
CVE request: bacula: Console ACL Bypass Agostino Sarubbo
Re: CVE request: bacula: Console ACL Bypass Agostino Sarubbo
Re: Randomness Attacks Against PHP Applications Solar Designer
Re: Re: CVE request: bacula: Console ACL Bypass Kurt Seifried

Saturday, 15 September

Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert

Sunday, 16 September

Moodle security notifications public Michael de Raadt

Monday, 17 September

Re: libdbus CVE-2012-3524 fix Sebastian Krahmer
Re: Randomness Attacks Against PHP Applications Josh Bressers
Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov
CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability Agostino Sarubbo
Re: Randomness Attacks Against PHP Applications Raphael Geissert
Re: Randomness Attacks Against PHP Applications Daniel Kahn Gillmor
Re: Re: note on gnome shell extensions Vincent Danen
Re: Randomness Attacks Against PHP Applications Kurt Seifried
Re: CVE request: OptiPNG Palette Reduction Use-After-Free Vulnerability Kurt Seifried
Re: Re: note on gnome shell extensions Sebastian Krahmer

Tuesday, 18 September

Vulnerabilities in Oki CUPS printer drivers Guido Berhoerster
Re: Re: note on gnome shell extensions Vincent Danen

Wednesday, 19 September

CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Jan Lieskovsky
CVE Request -- fwknop 2.0.3: Multiple security issues Jan Lieskovsky
Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash
Re: Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried
Re: CVE Request -- fwknop 2.0.3: Multiple security issues Kurt Seifried
Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Kurt Seifried
Re: CVE Request -- fwknop 2.0.3: Multiple security issues Michael Rash

Thursday, 20 September

Re: CVE Request (minor) -- JVM: heap memory disclosure (possibly various JDKs) Tomas Hoger
Re: CVE request: opencryptoki insecure lock files handling Tomas Hoger
CVE-request: monkey fails to drop supplemental groups when lowering privileges Henri Salo
Re: Randomness Attacks Against PHP Applications George Argyros
Notification of upstream Condor security fixes Vincent Danen
CVE Request: Jenkins and plugins Kurt Seifried
Re: CVE Request: Jenkins and plugins Kurt Seifried
Re: CVE-request: monkey fails to drop supplemental groups when lowering privileges Kurt Seifried

Friday, 21 September

CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker
Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Dan Rosenberg
Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker
Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tomas Mraz
CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Henri Salo
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Kurt Seifried
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Request for linux-distros () vs openwall org membership Seth Arnold
Re: Request for linux-distros () vs openwall org membership Solar Designer

Saturday, 22 September

Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Solar Designer
Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer Solar Designer
Re: Randomness Attacks Against PHP Applications Solar Designer

Sunday, 23 September

Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov

Monday, 24 September

Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker
Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Steven M. Christey
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Tavis Ormandy
Re: Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Michael Gilbert
Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Patrick J. Volkerding
Re: CVE request: opencryptoki insecure lock files handling Raphael Geissert
Re: Randomness Attacks Against PHP Applications Raphael Geissert
Re: Request for linux-distros () vs openwall org membership Seth Arnold

Tuesday, 25 September

Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Matthias Weckbecker
CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala
CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard Jan Lieskovsky
CVE Request - phpMyAdmin: PMASA-2012-5 incident Jan Lieskovsky
Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident Marcus Meissner
Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident cve-assign
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Kurt Seifried
Re: CVE Request -- WordPress (3,4.2): CSRF in the incoming links section of the dashboard Kurt Seifried
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Sebastian Krahmer

Wednesday, 26 September

Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Huzaifa Sidhpurwala
CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) Jan Lieskovsky
RFC: ntp behavior with spoofed source IPs Fiedler Roman
Re: CVE Request -- 389-ds-base: Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in ACL (ACL rules bypass possible) Kurt Seifried
Re: Re: Re: Re: CVE request(?): gpg: improper file permssions set when en/de-crypting files Kurt Seifried
CVE Request -- php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) Jan Lieskovsky
Re: CVE Request: libtiff: Heap-buffer overflow when processing a TIFF image with PixarLog Compression Tom Lane
Re: CVE Request -- php-ZendFramework: XSS vectors in multiple Zend Framework components (ZF2012-03) Kurt Seifried
CVE-2009-4030 regression in mysql Huzaifa Sidhpurwala
Re: CVE request: opencryptoki insecure lock files handling Kurt Seifried

Thursday, 27 September

dracut creates non-world readable initramfs images Huzaifa Sidhpurwala
Re: dracut creates non-world readable initramfs images Daniel Kahn Gillmor
Re: dracut creates world readable initramfs images Kurt Seifried
Re: dracut creates world readable initramfs images Daniel Kahn Gillmor
Re: Randomness Attacks Against PHP Applications George Argyros
Re: Randomness Attacks Against PHP Applications George Argyros
Re: RFC: ntp behavior with spoofed source IPs Mike O'Connor

Friday, 28 September

Re: RFC: ntp behavior with spoofed source IPs cve-assign
[OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456) Russell Bryant
[OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant
Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes
Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Kurt Seifried

Saturday, 29 September

Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) Russell Bryant
Re: Re: [Openstack] [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) andi abes

Sunday, 30 September

cgit: heap buffer overflow Jason A. Donenfeld

Previous period

Next period