oss-sec: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

711 messages starting Apr 16 14 and ending Apr 16 14
Date index | Thread index | Author index

Adam Caudill

CVE Request - XXS in phpMyID (openid_error) Adam Caudill (Apr 16)

advisories

LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues advisories (Jun 03)

Agostino Sarubbo

CVE request: Icecast world readable log/logdir Agostino Sarubbo (Apr 06)
Re: CVE request: Icecast world readable log/logdir Agostino Sarubbo (Apr 07)

Alan Coopersmith

Fwd: [ANNOUNCE] X.Org Security Advisory: Multiple issues in libXfont Alan Coopersmith (May 13)
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Alan Coopersmith (Apr 08)
Re: Request for linux-distros subscription Alan Coopersmith (Jun 04)

Alexander E. Patrakov

CVE request: PulseAudio crash due to empty UDP packet Alexander E. Patrakov (Jun 04)
Re: CVE request: PulseAudio crash due to empty UDP packet Alexander E. Patrakov (Jun 04)

Alex Gaynor

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Alex Gaynor (Apr 07)
CVE for library bug that requires application participation Alex Gaynor (Jun 11)
Re: TMP flaw in rackspace jclouds? Alex Gaynor (Jun 18)

Andres Lagar Cavilla

Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla (Jun 17)
Xen Security Advisory 99 - unexpected pitfall in xenaccess API Andres Lagar Cavilla (Jun 17)

Andrew Gaul

Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 19)
Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 18)
Re: TMP flaw in rackspace jclouds? Andrew Gaul (Jun 23)

Andrey Korolyov

Re: *Possible* ssh vulnerability Andrey Korolyov (May 05)

Andy Lutomirski

Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 28)
Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 23)
Re: local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 30)
Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski (Jun 17)
CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
Re: CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski (Jun 23)
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
CVE-2014-4014: Linux kernel user namespace bug Andy Lutomirski (Jun 10)
CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 22)
Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
CVE request: Another Linux syscall auditing bug Andy Lutomirski (Jun 19)
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
Re: CVE Request: seunshare and setexeccon issues Andy Lutomirski (May 12)
Re: CVE request: Linux kernel DoS with syscall auditing Andy Lutomirski (May 28)
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Andy Lutomirski (Apr 22)
local privilege escalation due to capng_lock as used in seunshare Andy Lutomirski (Apr 29)

Anthony Liguori

Re: Request for linux-distros list membership Anthony Liguori (Apr 09)
Re: Request for linux-distros list membership Anthony Liguori (Apr 18)
Re: Request for linux-distros list membership Anthony Liguori (Apr 10)
Re: Request for linux-distros list membership Anthony Liguori (Apr 09)
Re: Request for linux-distros list membership Anthony Liguori (Apr 25)
Request for linux-distros list membership Anthony Liguori (Apr 09)

Arrigo Triulzi

Re: Other instances of CVE-2014-0160 - mod_spdy from Google Arrigo Triulzi (Apr 09)

Arun Babu Neelicattu

Re: CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE Arun Babu Neelicattu (Jun 27)

Ben Corman

Re: CVE request: Icecast world readable log/logdir Ben Corman (Apr 08)

Bobby Broughton

RE: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Bobby Broughton (Apr 08)

Carlos Alberto Lopez Perez

Re: Other instances of CVE-2014-0160 - mod_spdy from Google Carlos Alberto Lopez Perez (Apr 11)

Chris Reffett

Re: Re: CVE request: X2Go Server privilege escalation Chris Reffett (May 19)
CVE request: X2Go Server privilege escalation Chris Reffett (May 17)

Chris Steipp

Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Chris Steipp (Jun 25)

Christian Hoffmann

Fwd: [vs] php-fpm: privilege escalation due to insecure default config (CVE-2014-0185) Christian Hoffmann (Apr 29)

Conor McCarthy

CVE request: rxvt-unicode user-assisted arbitrary commands execution Conor McCarthy (Apr 30)

cve-assign

Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 24)
Re: CVE request: possible miniupnpc buffer overflow cve-assign (Jun 06)
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign (Jun 03)
Re: CVE request: SKS non-persistent XSS cve-assign (May 04)
Re: CVE Request - XSS in FOG open imaging system cve-assign (Apr 29)
Re: Session IP check bypass in Roundcube 1.0 cve-assign (Apr 10)
Re: CVE request: various NodeJS module vulnerabilities cve-assign (May 14)
Re: CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking cve-assign (Apr 30)
Re: CVE request: redmine open redirector cve-assign (Apr 10)
Re: Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM cve-assign (Apr 30)
Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2 cve-assign (Apr 15)
Re: Persistent XSS in Mayan EDMS - document management system cve-assign (May 21)
Re: glibc - CVE for library bug that requires application participation cve-assign (Jun 12)
Re: CVE request for buffer overrun in CHICKEN Scheme cve-assign (May 19)
Re: CVE request: python-lxml clean_html() input sanitization flaw cve-assign (May 09)
Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Apr 10)
Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el cve-assign (Jun 12)
Re: CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message cve-assign (May 09)
Re: CVE request: Python Bottle JSON content-type not restrictive enough cve-assign (May 01)
Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library cve-assign (Jun 23)
Re: CVE request - node-connect: methodOverride middleware reflected cross-site scripting cve-assign (Apr 21)
Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign (Jun 13)
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign (May 28)
Re: CVE Request: Shaarli: Several XSS in index.php cve-assign (Apr 01)
Re: CVE request: X2Go Server privilege escalation cve-assign (May 19)
Re: (Linux kernel) Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS cve-assign (Jun 17)
Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM cve-assign (Jun 04)
Re: Remote Command Injection in Ruby Gem sfpagent 0.4.14 cve-assign (Apr 18)
Re: sendmail close-on-exec issue -- CVE assigned? cve-assign (Jun 03)
Re: Ansible CVE requests cve-assign (Jun 26)
CVE-2014-3940 - Linux kernel - missing check during hugepage migration cve-assign (Jun 02)
Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks cve-assign (Apr 23)
Re: Remote code execution in Pimcore CMS cve-assign (Apr 20)
CVE-2013-7353 CVE-2013-7354 libpng integer overflows cve-assign (Apr 10)
Re: CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target cve-assign (Apr 18)
Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign (Apr 07)
Re: CVE Request: indicator-datetime issue cve-assign (Apr 29)
Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes cve-assign (Jun 12)
Re: CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART cve-assign (Apr 18)
Re: CVE Request - Predictable temporary filenames in GNU Emacs cve-assign (May 07)
Re: ldns-keygen creates private key world readable cve-assign (May 04)
Re: CVE Request for KIO/kmail cve-assign (Jun 15)
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference cve-assign (May 14)
Re: CVE Request: userCake <= 2.0.2 CSRF vulnerability cve-assign (May 26)
Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 25)
Re: TrueCrypt audit report cve-assign (Apr 17)
Re: Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created cve-assign (Apr 30)
Re: CVE request: xbmc cve-assign (May 20)
Re: Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM cve-assign (Apr 22)
Re: KAuth security issues cve-assign (Apr 02)
Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution cve-assign (Apr 30)
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 26)
Re: CVE Request: Linux kernel ALSA core control API vulnerabilities cve-assign (Jun 25)
Re: cups-browsed remote exploit cve-assign (Jun 19)
Re: CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF cve-assign (Jun 23)
Re: Xen Security Advisory 101 - information leak via gnttab_setup_table on ARM cve-assign (Jun 27)
Re: Request for CVE: Bytemark Symbiosis cve-assign (Jun 11)
Re: cups-browsed remote exploit cve-assign (Apr 02)
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write cve-assign (May 06)
Re: Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers) cve-assign (Jun 06)
Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression cve-assign (Apr 08)
Re: CVE request, multiple vulnerabilities in openwsman cve-assign (May 21)
Re: Erlang OTP's httpc module Denial of Service cve-assign (May 04)
Re: Use-after-free race condition,in OpenSSL's read buffer cve-assign (Apr 14)
Re: TMP flaw in rackspace jclouds? cve-assign (Jun 25)
Re: Upcoming security release of fish 2.1.1 cve-assign (May 23)
CVE-2014-4171 - Linux kernel mm/shmem.c denial of service cve-assign (Jun 18)
Re: CVE Request - Local File inclusion in Cobbler cve-assign (May 08)
Re: CVE requests / advisory: TeamPass <= 2.1.19 cve-assign (May 19)
Re: CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext cve-assign (Jun 04)
Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure cve-assign (Jun 06)
Re: CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function cve-assign (Apr 11)
Re: CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) cve-assign (Apr 21)
Re: CVE Request for KIO/kmail cve-assign (Jun 15)
Re: CVE request: Linux kernel DoS with syscall auditing cve-assign (May 29)
Re: libmms heap-based buffer overflow fix cve-assign (Apr 18)
Re: CVE Request: rsync denial of service cve-assign (Apr 15)
Re: Confusion on CVE-2014-0235 cve-assign (Jun 29)
Re: [CVE request] Local privilege escalation in libfep cve-assign (Jun 06)
Re: CVE ID request: typo3 cve-assign (Jun 02)
Re: CVE request: Linux Kernel, two security issues cve-assign (Apr 01)
Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords cve-assign (Jun 13)
REJECT of CVE-2014-2750 (an extra CVE ID for Prosody) cve-assign (Apr 10)
Re: CVE request for vulnerability in OpenStack Neutron cve-assign (Jun 17)
Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze cve-assign (May 01)
Re: CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer cve-assign (May 12)
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation cve-assign (Jun 05)
Re: Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 cve-assign (May 28)
Re: CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities cve-assign (May 06)
Re: CVE request: Another Linux syscall auditing bug cve-assign (Jun 20)
Re: CVE Request - XXS in phpMyID (openid_error) cve-assign (Apr 18)
Re: CVE ID Request for Python CGIHTTPServer File Disclosure cve-assign (Jun 25)
Re: CVE request: insecure temporary file handling in clang's scan-build utility cve-assign (Apr 18)
Re: CVE Request: Parameter Injection in jCryption 3.0 cve-assign (Jun 18)
Re: Upcoming security release of fish 2.1.1 cve-assign (May 06)
Re: A number of EncFS issues cve-assign (May 13)
Re: CVE request for vulnerability in OpenStack Heat cve-assign (May 20)
Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin cve-assign (May 04)
Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure cve-assign (Jun 06)
Re: CVE ids for CyaSSL 2.9.4? cve-assign (Apr 17)
Re: CVE request: PulseAudio crash due to empty UDP packet cve-assign (Jun 04)
Re: local privilege escalation due to capng_lock as used in seunshare cve-assign (May 07)
Re: CVE request / advisory: Cherokee cve-assign (Jun 28)
Re: CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 cve-assign (Mar 31)
Re: Ubuntu 14.04: security problem in the lock screen cve-assign (May 03)
Re: CVE request: another path traversal in dpkg-source during unpack cve-assign (May 29)
Re: CVE request: Proxmox VE < 3.2 user enumeration vulnerability cve-assign (Jun 17)
Re: libgadu vulnerability: possible memory corruption cve-assign (May 18)
Re: Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL cve-assign (May 06)
Re: CVE request: GnuPG-1 cve-assign (Jun 24)
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords cve-assign (May 30)
Re: CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" cve-assign (Apr 03)
Re: CVE request: piwigo before 2.6.3 sql injection cve-assign (Jun 23)
Re: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities cve-assign (May 14)
Re: CVE request: multiple /tmp races in ppc64-diag cve-assign (Jun 16)
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution cve-assign (Apr 21)
Re: CVE request: Qemu: usb: fix up post load checks cve-assign (May 13)
Re: CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem cve-assign (Jun 27)
Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root cve-assign (Jun 30)
Re: pam_cifscreds stack overflow cve-assign (Apr 10)
Re: CVE ID request: typo3 cve-assign (Jun 02)
Re: CVE request: Linux kernel / target information leak cve-assign (Jun 11)
Re: OpenFiler - Arbitrary Code Execution & Stored XSS cve-assign (May 18)
Re: CVE request: Denial of Service attacks against Dovecot v1.1+ cve-assign (May 09)
Re: Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection cve-assign (Jun 04)
Re: CVE Request for Drupal Core cve-assign (Apr 21)
Re: CVE request: timthumb remote code execution cve-assign (Jun 27)
Re: XSS vulnerability in apt-cacher-ng cve-assign (Jun 22)
changing CVE ID for RH Bugzilla 1098222 (from CVE-2014-0235) cve-assign (Jun 30)
Re: CVE Request: iodine: authentication bypass by client cve-assign (Jun 17)
Re: CVE request: Pyplate multiple vulnerabilities cve-assign (May 23)
Re: CVE request: MediaWiki 1.22.5 login csrf cve-assign (Apr 01)
Re: CVE Reuest: Django: Malformed URLs from user input incorrectly validated cve-assign (May 14)
Re: Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access cve-assign (Apr 23)
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
Re: CVE request: PHP heap-based buffer overflow in DNS TXT record parsing cve-assign (Jun 12)
Re: CVE request: monitorix: HTTP server 'handle_request()' session fixation & XSS vulnerabilities (clearing up confusion) cve-assign (Jun 16)
Re: Remote code execution in Pimcore CMS cve-assign (Apr 19)
Re: Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM cve-assign (May 15)
Re: akpop3d review cve-assign (May 04)
Re: CVE request: WordPress plugin wp-gpx-maps wp-gpx-maps_admin_tracks.php Improper Admin Verification File Upload PHP Code Execution cve-assign (Jun 25)
Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 25)
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 cve-assign (Jun 27)
Re: CVE request: python: _json module is vulnerable to arbitrary process memory read cve-assign (Jun 23)
Re: Postfix bounces arbitrary content cve-assign (May 06)
Re: CVE request: XSS in coppermine gallery before 1.5.28 cve-assign (Jun 23)
Re: pam_cifscreds stack overflow cve-assign (Apr 10)
Re: Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 cve-assign (May 14)
Re: CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler cve-assign (Apr 10)

Damien Cauquil

CVE request: Proxmox VE < 3.2 user enumeration vulnerability Damien Cauquil (Jun 13)

Daniel J Walsh

Re: docker VMM breakout Daniel J Walsh (Jun 18)
Re: local privilege escalation due to capng_lock as used in seunshare Daniel J Walsh (May 01)
Re: docker VMM breakout Daniel J Walsh (Jun 20)

Dave Walker

Re: Ubuntu 14.04: security problem in the lock screen Dave Walker (Apr 26)

David Adam

Upcoming security release of fish 2.1.1 David Adam (Apr 28)
Re: Upcoming security release of fish 2.1.1 David Adam (Apr 28)

David Faure

Re: KMail/KIO POP3 SSL MITM Flaw David Faure (Jun 22)

David Jorm

Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 02)
Re: docker VMM breakout David Jorm (Jun 18)
Re: CVE-2014-0085 / Zookeeper David Jorm (Jun 09)
CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE David Jorm (Jun 15)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled David Jorm (Jun 06)

David Tomaschik

CVE Request: Parameter Injection in jCryption 3.0 David Tomaschik (Jun 18)

Dolev Farhi

Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities Dolev Farhi (May 14)
OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi (May 15)
Persistent XSS in Mayan EDMS - document management system Dolev Farhi (May 21)
CVE Request - Local File inclusion in Cobbler Dolev Farhi (May 07)
CVE Request - XSS in FOG open imaging system Dolev Farhi (Apr 29)
Re: OpenFiler - Arbitrary Code Execution & Stored XSS Dolev Farhi (May 19)
CVE Request: userCake <= 2.0.2 CSRF vulnerability Dolev Farhi (May 25)
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Dolev Farhi (May 29)

Don A. Bailey

LMS-2014-06-16-2: Linux Kernel LZO Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
LMS-2014-06-16-4: FFmpeg LZO Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey (Jun 27)
LMS-2014-06-16-3: Libav LZO Don A. Bailey (Jun 26)
LMS-2014-06-16-5: Linux Kernel LZ4 Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)
Re: LMS-2014-06-16-1: Oberhumer LZO Don A. Bailey (Jun 26)
LMS-2014-06-16-6: LZ4 Core Don A. Bailey (Jun 26)

Donald Stufft

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Donald Stufft (Apr 08)

Eddie Chapman

Re: LMS-2014-06-16-5: Linux Kernel LZ4 Eddie Chapman (Jun 27)

Eduardo Tongson

CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 17)
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Eduardo Tongson (Apr 22)

Eric Lacombe

Re: Heartbleed, clients and Android Eric Lacombe (Apr 09)

Eric W. Biederman

Re: CVE-2014-0181: Linux network reconfiguration due to incorrect netlink checks Eric W. Biederman (Apr 23)

Erik Ekman

CVE Request: iodine: authentication bypass by client Erik Ekman (Jun 16)

feer james

CVE Request ---- SOAPpy 0.12.5 Multiple Vulnerabilities feer james (May 05)

Felix Eckhofer

Session IP check bypass in Roundcube 1.0 Felix Eckhofer (Apr 09)

Florian Weimer

Heap-based buffer overflow in libdw/elfutils (CVE-2014-0172) Florian Weimer (Apr 09)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Florian Weimer (Apr 08)
super unchecked setuid (CVE-2014-0470) Florian Weimer (Apr 28)
Re: GnuTLS and libtasn1 security fixes Florian Weimer (May 30)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Florian Weimer (Jun 26)
Re: Re: Ansible CVE requests Florian Weimer (Jun 26)
Re: X.509 name constraints and potential interpretation conflict Florian Weimer (Apr 22)
CVE request: redmine open redirector Florian Weimer (Apr 06)
[CVE request] Local privilege escalation in libfep Florian Weimer (Jun 05)
Re: CVE request: openssl: missing critical flag for extended key usage not always detected in time-stamp verification Florian Weimer (Apr 17)

Forest Monsen

CVE Request for Drupal Core Forest Monsen (Apr 18)

Frédéric Basse

[CVE-2014-2978] DirectFB remote out-of-bounds write vulnerability Frédéric Basse (May 15)
[CVE-2014-2977] DirectFB integer signedness vulnerability Frédéric Basse (May 15)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-14:16.file FreeBSD Security Advisories (Jun 24)
FreeBSD Security Advisory FreeBSD-SA-14:14.openssl FreeBSD Security Advisories (Jun 05)
FreeBSD Security Advisory FreeBSD-SA-14:15.iconv FreeBSD Security Advisories (Jun 24)
FreeBSD Security Advisory FreeBSD-SA-14:13.pam FreeBSD Security Advisories (Jun 03)

Georgi Guninski

Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 10)
Re: Should openssl accept weak DSA/DH keys with g = +/- 1 ? Georgi Guninski (Apr 08)

Giuseppe Iuculano

CVE-2014-0476 chkrootkit vulnerability Giuseppe Iuculano (Jun 04)

Graham Dumpleton

Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 18)
Re: Security release for mod_wsgi (version 3.5) Graham Dumpleton (Jun 17)

Greg KH

Re: Request for linux-distros subscription Greg KH (Jun 04)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference Greg KH (May 14)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
Re: Request for linux-distros subscription Greg KH (Jun 04)
Re: CVE request: Linux kernel DoS with syscall auditing Greg KH (May 28)
Re: CVE request: Linux kernel DoS with syscall auditing Greg KH (May 28)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 05)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Greg KH (Jun 06)
Re: Request for linux-distros subscription Greg KH (Jun 03)
Re: Request for linux-distros subscription Greg KH (Jun 04)

gremlin

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution gremlin (Apr 17)
Re: docker VMM breakout gremlin (Jun 18)

Guillem Jover

Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Guillem Jover (May 25)

Hanno Böck

Re: Heartbleed, clients and Android Hanno Böck (Apr 09)
Lots of CVEs ahead in TLS implementations Hanno Böck (Apr 04)
Re: CVE request: timthumb remote code execution Hanno Böck (Jun 25)
Re: MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Hanno Böck (Jun 26)
Re: CVE request: piwigo before 2.6.3 sql injection Hanno Böck (Jun 24)
CVE request: timthumb remote code execution Hanno Böck (Jun 25)
Re: LMS-2014-06-16-6: LZ4 Core Hanno Böck (Jun 26)
Heartbleed, clients and Android Hanno Böck (Apr 09)
CVE request: XSS in coppermine gallery before 1.5.28 Hanno Böck (Jun 23)
CVE request: piwigo before 2.6.3 sql injection Hanno Böck (Jun 23)
Re: A note on DBus and the Hash DOS Hanno Böck (May 07)
Re: Heartbleed, clients and Android Hanno Böck (Apr 09)

Hector Marco

Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 03)
CVE-2014-1226 s3dvt Root shell (still) Hector Marco (Jun 03)
CVE-2013-6825 DCMTK Root Privilege escalation Hector Marco (Jun 03)
Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Hector Marco (Jun 04)
CVE-2013-6876 s3dvt Root shell Hector Marco (Jun 03)

Henri Salo

CVE request: WordPress plugin wp-gpx-maps wp-gpx-maps_admin_tracks.php Improper Admin Verification File Upload PHP Code Execution Henri Salo (Jun 23)
Re: transparency on message moderation Henri Salo (Jun 17)
CVE-2014-3114 WordPress plugin ezpz-one-click-backup cmd parameter os command injection Henri Salo (May 01)
MediaWiki releases 1.19.17, 1.21.11, 1.22.8 and 1.23.1 Henri Salo (Jun 25)
Re: CVE Request for KIO/kmail Henri Salo (Jun 15)
CVE request: Denial of Service attacks against Dovecot v1.1+ Henri Salo (May 09)
Re: CVE ID request: typo3 Henri Salo (Jun 01)
CVE request: Piwigo before 2.6.2 ws.php Arbitrary User Creation CSRF Henri Salo (Jun 23)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Henri Salo (Jun 26)
CVE request: Pyplate multiple vulnerabilities Henri Salo (May 14)

H. Peter Anvin

Re: LMS-2014-06-16-1: Oberhumer LZO H. Peter Anvin (Jun 27)

Huzaifa Sidhpurwala

Two security flaws with json-c Huzaifa Sidhpurwala (Apr 08)
Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala (Apr 02)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 09)
jbigkit security flaw Huzaifa Sidhpurwala (Apr 08)
freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c Huzaifa Sidhpurwala (May 28)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Huzaifa Sidhpurwala (Apr 08)

Ian Campbell

Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Ian Campbell (Jun 17)

Ian Jackson

Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Ian Jackson (Jun 04)

Ignasi Barrera

Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 20)
Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 19)
Re: TMP flaw in rackspace jclouds? Ignasi Barrera (Jun 20)

Jacob Kaplan-Moss

Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Jacob Kaplan-Moss (May 07)

Jamie Strandboge

Re: Re: cups-browsed remote exploit Jamie Strandboge (Apr 25)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Jamie Strandboge (Jun 26)

Jeffrey Altman

Re: [OpenAFS-GK] Re: CVE request: OpenAFS 1.6.8 TMAY fileserver crashes Jeffrey Altman (Jun 13)

Jeffrey Walton

Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Jeffrey Walton (Jun 05)

Jeremy Stanley

[OSSA 2014-017] Nova VMWare driver leaks rescued images (CVE-2014-2573) Jeremy Stanley (May 29)

Jim Hull

Re: akpop3d review Jim Hull (May 02)

John Haxby

Re: local privilege escalation due to capng_lock as used in seunshare John Haxby (Apr 30)
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution John Haxby (Apr 18)

John Johansen

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) John Johansen (Jun 05)

Jordi Massaguer

Re: Unsafe Query Risk in Active Record Jordi Massaguer (May 13)

Jose Carlos Luna Duran

Re: Bug in bash <= 4.3 [security feature bypassed] Jose Carlos Luna Duran (Jun 04)

Josh Bressers

Re: transparency on message moderation Josh Bressers (Jun 08)

Jussi Eronen

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 25)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Jussi Eronen (Apr 08)

Kees Cook

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Kees Cook (Jun 05)

Kent Baxley

CVE Request one more openwsman issue Kent Baxley (May 20)
CVE request, multiple vulnerabilities in openwsman Kent Baxley (May 19)

Kristian Fiskerstrand

Re: GnuTLS and libtasn1 security fixes Kristian Fiskerstrand (Jun 01)
CVE request: SKS non-persistent XSS Kristian Fiskerstrand (May 01)

Kurt Seifried

Re: Re: TMP flaw in rackspace jclouds? Kurt Seifried (Jun 18)
Re: Re: pam_cifscreds stack overflow Kurt Seifried (Apr 10)
CVE-2013-4159 ctdb: /tmp file vulnerability issues Kurt Seifried (May 29)
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
TrueCrypt audit report Kurt Seifried (Apr 14)
ldns-keygen creates private key world readable Kurt Seifried (May 03)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
Re: Request for linux-distros list membership Kurt Seifried (Apr 18)
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Kurt Seifried (May 29)
Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
A note on DBus and the Hash DOS Kurt Seifried (May 07)
*REJECT* CVE-2013-4121 Kurt Seifried (Apr 30)
CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried (May 27)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried (Jun 04)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Kurt Seifried (Apr 08)
Re: CVE request: Icecast world readable log/logdir Kurt Seifried (Apr 08)
Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL Kurt Seifried (May 02)
Please REJECT CVE-2014-3463 Kurt Seifried (May 29)
Re: Request for linux-distros subscription Kurt Seifried (Jun 03)
Ubuntu 14.04: security problem in the lock screen Kurt Seifried (Apr 26)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
TMP flaw in rackspace jclouds? Kurt Seifried (Jun 18)
Re: Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 08)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 25)
Re: A note on DBus and the Hash DOS Kurt Seifried (May 07)
Security release for mod_wsgi (version 3.5) Kurt Seifried (May 21)
two more interesting notes on heartbleed Kurt Seifried (Apr 13)
CVE request - node-connect: methodOverride middleware reflected cross-site scripting Kurt Seifried (Apr 15)
Re: Request for linux-distros subscription Kurt Seifried (Jun 04)
Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Kurt Seifried (May 07)
Other instances of CVE-2014-0160 - mod_spdy from Google Kurt Seifried (Apr 08)
Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Kurt Seifried (May 02)
Re: Re: CVE-2014-0234 Installer: OpenShift Enterprise: openshift.sh default password creation Kurt Seifried (Jun 04)
Re: Request for linux-distros list membership Kurt Seifried (Apr 09)
Re: Request for linux-distros list membership Kurt Seifried (Apr 09)

Larry W. Cashdollar

XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar (Apr 27)
Remote Command Injection in Ruby Gem sfpagent 0.4.14 Larry W. Cashdollar (Apr 15)
Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar (Apr 30)
Re: XSS in NextCellent Gallery 1.9.13 WordPress plugin Larry W. Cashdollar (May 05)

Leon Weber

Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Leon Weber (Jun 05)

Lisa Bradley

Re: Operating system distribution security contact lists Lisa Bradley (Jun 04)
Operating system distribution security contact lists Lisa Bradley (Jun 03)

lists

Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] lists (Jun 05)

LSE Leading Security Experts GmbH (Security Advisories)

LSE Leading Security Experts GmbH - LSE-2014-05-21 - Check_MK - Arbitrary File Disclosure Vulnerability LSE Leading Security Experts GmbH (Security Advisories) (May 28)

mancha

Re: Use-after-free race condition,in OpenSSL's read buffer mancha (Apr 13)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) mancha (Jun 07)
Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 13)
Re: Linux Foundation OpenSSL audit mancha (Jun 02)
Cauterizing OpenSSL's heartbleed (the aftermath) mancha (Apr 09)
CVE request: GnuPG-1 mancha (Jun 23)
Re: Cauterizing OpenSSL's heartbleed (the aftermath) mancha (Apr 11)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 mancha (Apr 09)
Re: GnuTLS and libtasn1 security fixes mancha (Jun 01)
Linux Foundation OpenSSL audit mancha (May 29)
Re: CVE request: GnuPG-1 mancha (Jun 23)
Re: Other instances of CVE-2014-0160 - mod_spdy from Google mancha (Apr 08)

Marc Deslauriers

Re: CVE request: dovecot denial of service Marc Deslauriers (May 20)
Re: CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers (Apr 17)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marc Deslauriers (Apr 09)
CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Marc Deslauriers (May 02)
CVE Request: systemd stack-based buffer overflow in systemd-ask-password Marc Deslauriers (Apr 17)
CVE Request: indicator-datetime issue Marc Deslauriers (Apr 29)
Re: Ubuntu 14.04: security problem in the lock screen Marc Deslauriers (Apr 29)
CVE Request: rsync denial of service Marc Deslauriers (Apr 14)

Marcin Owsiany

libgadu vulnerability: possible memory corruption Marcin Owsiany (May 15)

Marcus Meissner

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 07)
CVE Request: Linux kernel ALSA core control API vulnerabilities Marcus Meissner (Jun 24)
Re: CVE Request: Linux kernel ALSA core control API vulnerabilities Marcus Meissner (Jun 24)
Linux kernel floppy ioctl kernel code execution Marcus Meissner (May 09)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Marcus Meissner (Apr 09)
CVE-2014-0196: Linux kernel pty layer race condition memory corruption Marcus Meissner (May 05)

Mark Lee

Re: *Possible* ssh vulnerability Mark Lee (May 05)

Martin Carpenter

Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Martin Carpenter (Apr 21)

Martin Prpic

CVE request: python-lxml clean_html() input sanitization flaw Martin Prpic (May 09)

Matthew Daley

CVE request / advisory: Cherokee Matthew Daley (Jun 27)
Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley (May 12)
CVE request / advisory: gdomap (GNUstep core package <= 1.24.6) Matthew Daley (Apr 18)
CVE requests / advisory: TeamPass <= 2.1.19 Matthew Daley (May 17)
Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Matthew Daley (Jun 09)
Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Matthew Daley (May 12)
Re: Security release for mod_wsgi (version 3.5) Matthew Daley (Jun 18)

Matt Wilson

Re: Request for linux-distros list membership Matt Wilson (Apr 09)

Max Spevack

Re: Request for linux-distros list membership Max Spevack (Apr 10)

Michael de Raadt

Moodle security notifications public Michael de Raadt (May 18)

Michael Scherer

Small security issue in hub, a github client ( CVE-2014-0177 ) Michael Scherer (May 16)
Ansible CVE requests Michael Scherer (Jun 23)

Michał Grzędzicki

OpenVZ simfs container filesystem breakout Michał Grzędzicki (Jun 24)

Michal Zalewski

Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Michal Zalewski (Apr 09)

Mikkel Krautz

Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 Mikkel Krautz (May 14)

Moritz Muehlenhoff

CVE-2014-0085 / Zookeeper Moritz Muehlenhoff (Jun 06)
Re: CVE request: possible miniupnpc buffer overflow Moritz Muehlenhoff (Jun 06)
CVE request: xbmc Moritz Muehlenhoff (May 20)
CVE request: Linux kernel / target information leak Moritz Muehlenhoff (Jun 10)
CVE ID request: typo3 Moritz Muehlenhoff (Jun 01)

Murray McAllister

A number of EncFS issues Murray McAllister (May 13)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
CVE request: PHP heap-based buffer overflow in DNS TXT record parsing Murray McAllister (Jun 11)
CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister (Jun 19)
CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root Murray McAllister (Jun 29)
CVE request: mod_wsgi group privilege dropping [was Re: [oss-security] Security release for mod_wsgi (version 3.5)] Murray McAllister (Jun 18)
CVE request: insecure temporary file handling in clang's scan-build utility Murray McAllister (Apr 15)
CVE request: Python Bottle JSON content-type not restrictive enough Murray McAllister (Apr 30)
CVE request: cacti "bug#0002405: SQL injection in graph_xport.php" Murray McAllister (Apr 01)
Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Murray McAllister (Jun 19)
Re: CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Murray McAllister (Jun 04)
possible CVE request: opendnssec and softhsm permission issue Murray McAllister (Jun 19)
Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
CVE-2014-0246 sos: md5 hash of GRUB password collected when running sosreport Murray McAllister (May 27)
CVE-2014-0189: /etc/sysconfig/virt-who is world-readable (contains unencrypted passwords) Murray McAllister (Apr 27)
CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 29)
CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer Murray McAllister (May 11)
Re: CVE request: possible miniupnpc buffer overflow Murray McAllister (Apr 30)
CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure Murray McAllister (Jun 05)
CVE-2014-0190: NULL pointer dereference in GIF image handler in QtGui Murray McAllister (Apr 27)
CVE request: cross-site scripting issue fixed in CUPS 1.7.2 Murray McAllister (Apr 13)
CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Murray McAllister (May 29)

Nick Boyce

Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)
Re: KMail/KIO POP3 SSL MITM Flaw Nick Boyce (Jun 22)

Nick Kralevich

Re: Heartbleed, clients and Android Nick Kralevich (Apr 09)

Nicolas Grégoire

Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Nicolas Grégoire (May 06)

Olivier Levillain

Re: CVE request: GnuPG-1 Olivier Levillain (Jun 24)

Patrick J Cherry

Request for CVE: Bytemark Symbiosis Patrick J Cherry (Jun 06)

Paul Wise

CVE request: various NodeJS module vulnerabilities Paul Wise (May 12)

Pedro Ribeiro

Re: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 20)
CVE request: Fwd: Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 19)
Remote code execution in Pimcore CMS Pedro Ribeiro (Apr 14)

Peter Bex

CVE request for buffer overrun in CHICKEN Scheme Peter Bex (May 18)
Incorrect SQL identifier quotation rampant among popular web frameworks Peter Bex (May 20)

Petr Matousek

CVE request -- Linux kernel: net: ping: refcount issue in ping_init_sock() function Petr Matousek (Apr 11)
CVE-2014-0155 -- kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table Petr Matousek (Apr 07)
Re: Re: CVE request: Linux Kernel, two security issues Petr Matousek (Apr 01)
CVE-2014-0206 -- Linux kernel: kernel memory disclosure in io_getevents() Petr Matousek (Jun 25)
CVE request -- Linux kernel: sctp: sk_ack_backlog wrap-around problem Petr Matousek (Jun 27)
Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference Petr Matousek (May 14)

Phil Pennock

Re: Fwd: [exim-announce] Exim 4.82.1 Security Release Phil Pennock (May 28)
Fwd: [exim-announce] Exim 4.82.1 Security Release Phil Pennock (May 28)

Phil Turnbull

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Phil Turnbull (Jun 05)

P J P

CVE request Linux kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking P J P (Apr 30)
Re: Re: CVE Request New-djbdns: dnscache: potential cache poisoning P J P (Apr 22)
CVE request: Qemu: usb: fix up post load checks P J P (May 13)
CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference P J P (May 14)
CVE request Linux kernel: filter: prevent nla extensions to peek beyond the end of the message P J P (May 09)
CVE-2014-3471 Qemu: hw: pci: use after free triggered via guest P J P (Jun 23)
CVE request Linux kernel: arch: x86: net: bpf_jit: an off-by-one bug in x86_64 cond jump target P J P (Apr 15)
Re: LMS-2014-06-16-5: Linux Kernel LZ4 P J P (Jun 27)
Re: CVE request: Linux kernel DoS with syscall auditing P J P (May 29)
CVE request Qemu: out of bounds buffer access, guest triggerable via IDE SMART P J P (Apr 15)
CVE-2014-0222 Qemu: qcow1: Validate L2 table size P J P (May 13)
CVE-2014-0223 Qemu: qcow1: Validate image size P J P (May 13)
CVE request Linux kernel: IB/core: crash while resolving passive side RoCE L2 address in cma_req_handler P J P (Apr 08)

Rafael Mendonça França

[AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França (May 06)
Unsafe Query Risk in Active Record Rafael Mendonça França (May 06)
[CVE-2014-0130] Directory Traversal Vulnerability With Certain Route Configurations Rafael Mendonça França (May 06)

Ramon de C Valle

Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
Fwd: [ruby-core:62800] [ruby-trunk - Bug #9709] Large string causes SEGV with x64-mingw32 Ramon de C Valle (May 27)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)

Raphael Geissert

CVE ids for CyaSSL 2.9.4? Raphael Geissert (Apr 17)
CVE request: another path traversal in dpkg-source during unpack Raphael Geissert (May 25)
CVE request: openssl: missing critical flag for extended key usage not always detected in time-stamp verification Raphael Geissert (Apr 16)
Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)
Re: Re: CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert (May 25)
CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze Raphael Geissert (Apr 29)
Re: Re: Request for linux-distros subscription Raphael Geissert (Jun 04)
Re: Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)

RbN

*Possible* ssh vulnerability RbN (May 05)

rea

Re: transparency on message moderation rea (Jun 08)

Reed Loden

Re: [AMENDED] [CVE-2014-0130] Ruby on Rails: Directory Traversal Vulnerability With Certain Route Configurations Reed Loden (May 29)
Re: CVE Request: Nagios Remote Plugin Executor <= 2.15 Remote Command Execution Reed Loden (Apr 18)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Reed Loden (Apr 07)

rf

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
Re: Request for linux-distros list membership rf (Apr 19)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)
Re: Request for linux-distros list membership rf (Apr 25)
Re: Request for linux-distros list membership rf (Apr 18)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) rf (Jun 06)

Richard Moore

KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 18)
Re: CVE Request for KIO/kmail Richard Moore (Jun 15)
Re: KMail/KIO POP3 SSL MITM Flaw Richard Moore (Jun 22)
CVE Request for KIO/kmail Richard Moore (Jun 15)
Re: Re: CVE Request for KIO/kmail Richard Moore (Jun 15)

Rich Felker

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
Security advisory for musl libc - remote stack-based buffer overflow in DNS response parsing [CVE-2014-3484] Rich Felker (Jun 06)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 05)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Rich Felker (Jun 06)

Robert Scheck

CVE-2014-0103: Zarafa WebAccess/WebApp store passwords in cleartext on server Robert Scheck (Jun 29)

Russ Allbery

Re: Request for linux-distros subscription Russ Allbery (Jun 04)
CVE request: OpenAFS 1.6.8 TMAY fileserver crashes Russ Allbery (Jun 11)

Salva Peiró

CVE-2014-1739: Kernel Infoleak vulnerability in,media_enum_entities() Salva Peiró (Jun 14)

Salvatore Bonaccorso

Re: CVE request: softhsm, softhsm-keyconv tool creates world-readable files Salvatore Bonaccorso (Jun 19)
Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression Salvatore Bonaccorso (Apr 05)
CVE Request: Horde_Ldap: Stricter parameter check in bind() to detect empty passwords Salvatore Bonaccorso (Jun 04)
CVE Request: Shaarli: Several XSS in index.php Salvatore Bonaccorso (Mar 31)
Confusion on CVE-2014-0235 Salvatore Bonaccorso (Jun 29)
CVE request: scheme48: insecure use of temporary files in cmuscheme48.el Salvatore Bonaccorso (Jun 12)
CVE Reuest: Django: Malformed URLs from user input incorrectly validated Salvatore Bonaccorso (May 14)
CVE-2014-0477: Email::Address: Denial-of-Service in Email::Address::parse Salvatore Bonaccorso (Jun 17)
Re: Debian Bug#746579: libwww-perl: HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL Salvatore Bonaccorso (May 03)

Savio Bot

Re: [FD] [oss-security] CVE-2014-0196: Linux kernel pty layer race condition memory corruption Savio Bot (May 12)

Scotty Bauer

Use-after-free race condition,in OpenSSL's read buffer Scotty Bauer (Apr 12)

Seba

Erlang OTP's httpc module Denial of Service Seba (May 02)

Sebastian Krahmer

Re: pam_cifscreds stack overflow Sebastian Krahmer (Apr 13)
pam_cifscreds stack overflow Sebastian Krahmer (Apr 09)
docker VMM breakout Sebastian Krahmer (Jun 18)
cups-browsed remote exploit Sebastian Krahmer (Apr 01)

Serge Hallyn

Re: docker VMM breakout Serge Hallyn (Jun 19)

Seth Arnold

Re: Security release for mod_wsgi (version 3.5) Seth Arnold (Jun 17)
Re: CVE request: dovecot denial of service Seth Arnold (May 20)
Re: Cauterizing OpenSSL's heartbleed (the aftermath) Seth Arnold (Apr 09)
Re: Request for linux-distros list membership Seth Arnold (Apr 10)

Shawn

Re: CVE-2014-0196: Linux kernel pty layer race condition memory corruption Shawn (May 05)

Simon McVittie

CVE-2014-3477 (fd.o#78979): local DoS in dbus-daemon Simon McVittie (Jun 10)
Re: Re: [FD] [oss-security] Bug in bash <= 4.3 [security feature bypassed] Simon McVittie (Jun 06)

Solar Designer

Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
Re: CVE Request: seunshare and setexeccon issues Solar Designer (May 12)
Re: Use-after-free race condition,in OpenSSL's read buffer Solar Designer (Apr 12)
Re: LMS-2014-06-16-6: LZ4 Core Solar Designer (Jun 26)
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 29)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
Re: local privilege escalation due to capng_lock as used in seunshare Solar Designer (Apr 30)
Re: Request for linux-distros list membership Solar Designer (Apr 25)
Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
Re: transparency on message moderation Solar Designer (Jun 17)
Re: FreeBSD Security Advisory FreeBSD-SA-14:13.pam Solar Designer (Jun 03)
Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
Re: [FD] [oss-security] CVE-2014-0196: Linux kernel pty layer race condition memory corruption Solar Designer (May 12)
Re: transparency on message moderation Solar Designer (Jun 17)
akpop3d review Solar Designer (May 01)
Re: Operating system distribution security contact lists Solar Designer (Jun 03)
Re: Request for linux-distros list membership Solar Designer (Apr 24)
Re: CVE Request: seunshare and setexeccon issues Solar Designer (May 12)
Re: Security release for mod_wsgi (version 3.5) Solar Designer (Jun 18)
Re: LMS-2014-06-16-1: Oberhumer LZO Solar Designer (Jun 26)
Re: Request for linux-distros list membership Solar Designer (Apr 24)
Re: Request for linux-distros subscription Solar Designer (Jun 03)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Solar Designer (Jun 05)
OpenSSL seven security fixes Solar Designer (Jun 05)
Re: OpenSSL seven security fixes Solar Designer (Jun 05)
Re: OpenSSL seven security fixes Solar Designer (Jun 05)
transparency on message moderation Solar Designer (Jun 08)
Defeating memory comparison timing oracles Solar Designer (May 08)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Solar Designer (Apr 08)
Re: Request for linux-distros list membership Solar Designer (Apr 09)

Stefan Cornelius

CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Stefan Cornelius (May 06)

Stephen Gallagher

Requesting CVEs issued for two XSS vulnerabilities in Djblets (a set of Django helpers) Stephen Gallagher (Jun 06)

Steve Grubb

Re: Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb (May 29)
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)
Re: CVE request: Linux kernel DoS with syscall auditing Steve Grubb (May 28)
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 29)
Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 29)
Re: CVE request: Another Linux syscall auditing bug Steve Grubb (Jun 19)
Re: Bug in bash <= 4.3 [security feature bypassed] Steve Grubb (Jun 03)
Re: Re: local privilege escalation due to capng_lock as used in seunshare Steve Grubb (Apr 30)

Steve Kemp

CVE Request - Predictable temporary filenames in GNU Emacs Steve Kemp (May 07)

Steven Haigh

Re: Xen Security Advisory 99 - unexpected pitfall in xenaccess API Steven Haigh (Jun 17)

Sven Kieske

Re: docker VMM breakout Sven Kieske (Jun 18)
Re: Re: CVE-2014-4014: Linux kernel user namespace bug Sven Kieske (Jun 18)

Sylvestre Ledru

Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Apr 20)
Re: Bug#744817: CVE request: insecure temporary file handling in clang's scan-build utility Sylvestre Ledru (Jun 16)

Theo de Raadt

Re: CVE Request: OpenSSL NULL pointer dereference in do_ssl3_write Theo de Raadt (May 02)

Thijs Kinkhorst

CVE request: mediawiki invalid usernames on Special:PasswordReset were parsed as wikitext Thijs Kinkhorst (Jun 03)

Thomas Gleixner

Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 05)
Re: Linux kernel futex local privilege escalation (CVE-2014-3153) Thomas Gleixner (Jun 07)

Thomas Klausner

older ffmpeg overflows/out-of-bounds-accesses/etc. Thomas Klausner (Jun 15)

Till Maas

CVE ID Request for Python CGIHTTPServer File Disclosure Till Maas (Jun 23)

Tim

Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 03)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tim (Jun 09)

Tim Heckman

Re: CVE request: Icecast world readable log/logdir Tim Heckman (Apr 06)

Timoth D. Morgan

Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Timoth D. Morgan (May 08)

Todd A Ouska

Re: CVE ids for CyaSSL 2.9.4? Todd A Ouska (Apr 17)

Tomas Hoger

Re: GnuTLS and libtasn1 security fixes Tomas Hoger (Jun 03)
Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (Jun 09)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 12)
GnuTLS and libtasn1 security fixes Tomas Hoger (May 30)
Re: Re: cups-browsed remote exploit Tomas Hoger (Jun 19)
Re: CVE Request: libxml2 external parsed entities issue Tomas Hoger (May 05)
OpenJDK CVE duplicates Tomas Hoger (Jun 09)
OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Tomas Hoger (Apr 07)
Re: Security release for mod_wsgi (version 3.5) Tomas Hoger (Jun 17)
Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Tomas Hoger (May 06)

Tristan Cacqueray

CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Apr 09)
[OSSA 2014-019] Neutron L3-agent DoS through IPv6 subnet (CVE-2014-4167) Tristan Cacqueray (Jun 18)
CVE request for vulnerability in OpenStack Heat Tristan Cacqueray (May 20)
[OSSA 2014-013] Keystone DoS through V3 API authentication chaining (CVE-2014-2828) Tristan Cacqueray (Apr 10)
CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library Tristan Cacqueray (Jun 23)
[OSSA 2014-011] RBAC policy not properly enforced in Nova EC2 API (CVE-2014-0167) Tristan Cacqueray (Apr 09)
[OSSA 2014-016] Heat template URL information leakage (CVE-2014-3801) Tristan Cacqueray (May 23)
[OSSA 2014-012] Remote code execution in Glance Sheepdog backend (CVE-2014-0162) Tristan Cacqueray (Apr 10)
[OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157) Tristan Cacqueray (Apr 08)
[OSSA 2014-020] XSS in Swift requests through WWW-Authenticate header (CVE-2014-3497) Tristan Cacqueray (Jun 19)
[OSSA 2014-014] Neutron security groups bypass through invalid CIDR (CVE-2014-0187) Tristan Cacqueray (Apr 22)
[OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615) Tristan Cacqueray (Jun 25)
[OSSA 2014-015] Keystone user and group id mismatch (CVE-2014-0204) Tristan Cacqueray (May 21)
[OSSA 2014-018] Keystone privilege escalation through trust chained delegation (CVE-2014-3476) Tristan Cacqueray (Jun 12)
CVE request for vulnerability in OpenStack Neutron Tristan Cacqueray (Jun 16)

Tyler Hicks

Re: Request for linux-distros list membership Tyler Hicks (Apr 10)

Vasyl Kaigorodov

CVE request: PowerDNS in default configuration is vulnerable to DoS attack Vasyl Kaigorodov (Jun 13)
CVE request: python: _json module is vulnerable to arbitrary process memory read Vasyl Kaigorodov (Jun 23)

Vincent Danen

possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen (Jun 24)
Re: CVE request: multiple /tmp races in ppc64-diag Vincent Danen (Jun 18)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
CVE request: multiple /tmp races in ppc64-diag Vincent Danen (Jun 13)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Vincent Danen (Apr 08)
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 29)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 26)
Re: possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen (Jun 24)
Postfix bounces arbitrary content Vincent Danen (May 06)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 30)
Re: CVE request: sos: /etc/fstab collected by sosreport, possibly containing passwords Vincent Danen (May 30)
Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 25)
Re: Other instances of CVE-2014-0160 - mod_spdy from Google Vincent Danen (Apr 11)
Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
Re: Postfix bounces arbitrary content Vincent Danen (May 07)

Vladimir '3APA3A' Dubrovin

Re: Re: Question regarding CVE applicability of missing HttpOnly flag Vladimir '3APA3A' Dubrovin (Jun 26)

"VMware Security Response Center"

Request for linux-distros subscription "VMware Security Response Center" (Jun 02)

Werner Koch

Re: CVE request: GnuPG-1 Werner Koch (Jun 24)

Xen . org security team

Xen Security Advisory 93 (CVE-2014-2915) - Hardware features unintentionally exposed to guests on ARM Xen . org security team (Apr 23)
Xen Security Advisory 94 - ARM hypervisor crash on guest interrupt controller access Xen . org security team (Apr 23)
Xen Security Advisory 95 (CVE-2014-3714,CVE-2014-3715,CVE-2014-3716,CVE-2014-3717) - input handling vulnerabilities loading guest kernel on ARM Xen . org security team (May 16)
Xen Security Advisory 54 (CVE-2013-2078) - Hypervisor crash due to missing exception recovery on XSETBV Xen . org security team (Jun 03)
Xen Security Advisory 101 (CVE-2014-4022) - information leak via gnttab_setup_table on ARM Xen . org security team (Jun 30)
Xen Security Advisory 92 - HVMOP_set_mem_type allows invalid P2M entries to be created Xen . org security team (Apr 29)
Xen Security Advisory 90 (CVE-2014-2580) - Linux netback crash trying to disable due to malformed packet Xen . org security team (Apr 02)
Xen Security Advisory 96 - Vulnerabilities in HVM MSI injection Xen . org security team (Jun 03)
Xen Security Advisory 101 - information leak via gnttab_setup_table on ARM Xen . org security team (Jun 25)
Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Jun 04)
Xen Security Advisory 91 (CVE-2014-3125) - Hardware timer context is not properly context switched on ARM Xen . org security team (May 01)
Xen Security Advisory 98 (CVE-2014-3969) - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Jun 04)
Xen Security Advisory 96 (CVE-2014-3967,CVE-2014-3968) - Vulnerabilities in HVM MSI injection Xen . org security team (Jun 04)
Xen Security Advisory 92 (CVE-2014-3124) - HVMOP_set_mem_type allows invalid P2M entries to be created Xen . org security team (May 01)
Xen Security Advisory 93 - Hardware features unintentionally exposed to guests on ARM Xen . org security team (Apr 22)
Xen Security Advisory 95 - input handling vulnerabilities loading guest kernel on ARM Xen . org security team (May 14)
Xen Security Advisory 100 (CVE-2014-4021) - Hypervisor heap contents leaked to guests Xen . org security team (Jun 17)
Xen Security Advisory 89 (CVE-2014-2599) - HVMOP_set_mem_access is not preemptible Xen . org security team (Apr 02)
Xen Security Advisory 91 - Hardware timer context is not properly context switched on ARM Xen . org security team (Apr 30)
Xen Security Advisory 99 - unexpected pitfall in xenaccess API Xen . org security team (Jun 17)
Xen Security Advisory 94 (CVE-2014-2986) - ARM hypervisor crash on guest interrupt controller access Xen . org security team (Apr 23)

Xin Li

sendmail close-on-exec issue -- CVE assigned? Xin Li (Jun 02)

Yves-Alexis Perez

Re: docker VMM breakout Yves-Alexis Perez (Jun 18)
Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
Re: CVE request: dovecot denial of service Yves-Alexis Perez (May 20)
Re: Bug#751417: linux-image-3.2.0-4-5kc-malta: no SIGKILL after prctl(PR_SET_SECCOMP, 1, ...) on MIPS Yves-Alexis Perez (Jun 16)
Re: Cauterizing OpenSSL's heartbleed (the aftermath) Yves-Alexis Perez (Apr 09)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 09)
CVE-2014-0469: xbuffy stack-based buffer overflow in subject processing Yves-Alexis Perez (Apr 28)
Re: Re: CVE Request for KIO/kmail Yves-Alexis Perez (Jun 15)
Re: XSS vulnerability in apt-cacher-ng Yves-Alexis Perez (Jun 21)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 07)
Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 26)
Re: OpenSSL 1.0.1 TLS/DTLS hearbeat information disclosure CVE-2014-0160 Yves-Alexis Perez (Apr 08)
CVE request: dovecot denial of service Yves-Alexis Perez (May 20)
Re: Heartbleed, clients and Android Yves-Alexis Perez (Apr 09)
Re: LMS-2014-06-16-1: Oberhumer LZO Yves-Alexis Perez (Jun 28)

Źmicier Januszkiewicz

libmms heap-based buffer overflow fix Źmicier Januszkiewicz (Apr 16)

Previous period

Next period