oss-sec: by thread

oss-sec: by thread

640 messages starting Jan 02 11 and ending Mar 31 11
Date index | Thread index | Author index

CVE request for subversion Kurt Seifried (Jan 02)
- Re: CVE request for subversion Josh Bressers (Jan 03)
  - Re: CVE request for subversion Jan Lieskovsky (Jan 04)
    - Re: CVE request for subversion Hyrum Wright (Jan 04)
    - Re: CVE request for subversion Josh Bressers (Jan 05)
    - Re: CVE request for subversion Hyrum K Wright (Jan 09)
    - Re: CVE request for subversion Kurt Seifried (Jan 09)
Re: CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES Huzaifa Sidhpurwala (Jan 03)
CVE request for buffer overflows in gimp Huzaifa Sidhpurwala (Jan 03)
- Re: CVE request for buffer overflows in gimp Josh Bressers (Jan 04)
Re: CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: [oss-security] CVE request: opensc buffer overflow ] Josh Bressers (Jan 03)
Re: Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol Josh Bressers (Jan 03)
Re: CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws Josh Bressers (Jan 03)
Re: CVE request: wordpress before 3.0.4 XSS Josh Bressers (Jan 03)
Re: CVE Request: CrawlTrack < 3.2.7 - remote php code execution Josh Bressers (Jan 03)
Re: CVE Request: Wireshark Josh Bressers (Jan 03)
Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)
- Re: Possible CVE Request: improper AppArmor exec transition Jamie Strandboge (Jan 03)
CVE request: silverstripe before 2.4.4 Hanno Böck (Jan 03)
- Re: CVE request: silverstripe before 2.4.4 Josh Bressers (Jan 04)
CVE request: AusweisApp Hanno Böck (Jan 04)
- Re: CVE request: AusweisApp Hanno Böck (Jan 04)
CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Eugene Teo (Jan 04)
- Re: CVE-2010-4526 kernel: sctp: a race between ICMP protocol unreachable and connect() Greg KH (Jan 04)
Re: CVE request: kernel: Multiple DoS issues in block layer Eugene Teo (Jan 04)
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Jan Lieskovsky (Jan 04)
- Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) Mark Stosberg (Jan 04)
  - CGI.pm 3.51 released Mark Stosberg (Jan 05)
    - Re: CGI.pm 3.51 released (revised) Mark Stosberg (Jan 05)
(possible) CVE request: Clickjacking in Mediawiki Jonathan Wiltshire (Jan 04)
- Re: (possible) CVE request: Clickjacking in Mediawiki Josh Bressers (Jan 04)
CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 05)
- Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Greg KH (Jan 05)
  - Re: CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak Eugene Teo (Jan 06)
possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
- Re: possible flaw in widely used strtod.c implementation Michael Gilbert (Jan 05)
  - Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 05)
    - Re: possible flaw in widely used strtod.c implementation Pierre Joye (Jan 06)
    - Re: possible flaw in widely used strtod.c implementation Josh Bressers (Jan 06)
    - Re: possible flaw in widely used strtod.c implementation Steven M. Christey (Jan 11)
    - Re: possible flaw in widely used strtod.c implementation Pierre Joye (Feb 01)
CVE request: hastymail before 1.01 XSS Hanno Böck (Jan 05)
- Re: CVE request: hastymail before 1.01 XSS Josh Bressers (Jan 06)
CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Dan Rosenberg (Jan 05)
  - Re: CVE request: patch directory traversal flaw Vincent Danen (Jan 05)
- Re: CVE request: patch directory traversal flaw Steve Beattie (Jan 06)
  - Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
- Re: CVE request: patch directory traversal flaw Josh Bressers (Jan 06)
  - Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Jan 26)
  - Re: CVE request: patch directory traversal flaw Vasiliy Kulikov (Feb 18)
- Re: CVE request: patch directory traversal flaw Raphael Geissert (Jan 06)
CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Anthon Pang (Jan 06)
- Re: CVE Request: Multiple XSS Vulnerabiliies < Piwik 1.1 Josh Bressers (Jan 06)
CVE-NONE kernel: PHONET signedness issue Eugene Teo (Jan 06)
- Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
  - Re: CVE-NONE kernel: PHONET signedness issue Dan Rosenberg (Jan 06)
    - Re: CVE-NONE kernel: PHONET signedness issue Michael Gilbert (Jan 06)
    - Re: CVE-NONE kernel: PHONET signedness issue Nelson Elhage (Jan 06)
  - Re: CVE-NONE kernel: PHONET signedness issue Steven M. Christey (Jan 07)
CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 06)
- Re: CVE Request for Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability Josh Bressers (Jan 06)
CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) YGN Ethical Hacker Group (Jan 06)
- Re: CVE Request: Eclipse IDE Version: 3.6.1 | Help Server Local Cross Site Scripting (XSS) Josh Bressers (Jan 06)
CVE Request: kernel [Re: Security review of 2.6.32.28] dann frazier (Jan 06)
- Re: CVE Request: kernel [Re: Security review of 2.6.32.28] Josh Bressers (Jan 06)
CVE-2010-4225: XSP/mod_mono source code disclosure Thomas Biege (Jan 07)
- Re: CVE-2010-4225: XSP/mod_mono source code disclosure Oden Eriksson (Jan 20)
  - Re: CVE-2010-4225: XSP/mod_mono source code disclosure Vincent Danen (Jan 20)
CVE Request - pimd - Insecure file creation in /var/tmp Steve Kemp (Jan 07)
- Re: CVE Request - pimd - Insecure file creation in /var/tmp Josh Bressers (Jan 07)
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Eygene Ryabinkin (Jan 10)
- Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too Pierre Joye (Jan 10)
CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Petr Matousek (Jan 10)
- Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Kurt Seifried (Jan 11)
- Re: CVE request: qemu-kvm: Setting VNC password to empty string silently disables all authentication Josh Bressers (Jan 12)
CVE request: sudo does not ask for password on GID changes Vincent Danen (Jan 11)
- Re: CVE request: sudo does not ask for password on GID changes Josh Bressers (Jan 12)
- Re: CVE request: sudo does not ask for password on GID changes Todd C. Miller (Jan 12)
CVE assignments for Wireshark Steven M. Christey (Jan 12)
- Re: CVE assignments for Wireshark Huzaifa Sidhpurwala (Jan 20)
  - Re: CVE assignments for Wireshark Josh Bressers (Jan 31)
    - Re: CVE assignments for Wireshark Josh Bressers (Feb 09)
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo Raphael Geissert (Jan 13)
CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Raphael Geissert (Jan 13)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Moritz Mühlenhoff (Jan 14)
  - Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Steven M. Christey (Jan 14)
    - Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Tomas Hoger (Jan 14)
- Re: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3 Josh Bressers (Jan 14)
CVE request: proftpd before 1.3.3d Hanno Böck (Jan 14)
- Re: CVE request: proftpd before 1.3.3d Josh Bressers (Jan 14)
  - Re: CVE request: proftpd before 1.3.3d TJ Saunders (Jan 14)
CVE request: tor Moritz Muehlenhoff (Jan 17)
- Re: CVE request: tor Josh Bressers (Jan 18)
  - Re: CVE request: tor Steven M. Christey (Jan 19)
CVE request Tim Brown (Jan 18)
- Re: CVE request Michael Gilbert (Jan 18)
  - Re: CVE request Tim Brown (Jan 18)
    - Re: CVE request Michael Gilbert (Jan 18)
    - Re: CVE request Josh Bressers (Jan 18)
- <Possible follow-ups>
- CVE Request Kurt Seifried (Feb 23)
  - Re: CVE Request Eugene Teo (Feb 23)
CVE request: heap corruption in libpango Dan Rosenberg (Jan 18)
- Re: CVE request: heap corruption in libpango Josh Bressers (Jan 20)
CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Jan Lieskovsky (Jan 19)
- Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Steven M. Christey (Jan 19)
  - Re: CVE Request -- Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001) Matthew Nicholson (Jan 19)
2 acpid flaws Vasiliy Kulikov (Jan 19)
- Re: 2 acpid flaws Ludwig Nussel (Mar 15)
  - Re: 2 acpid flaws Josh Bressers (Mar 15)
CVE request: heap corruption in VLC media player Dan Rosenberg (Jan 19)
- Re: CVE request: heap corruption in VLC media player Josh Bressers (Jan 20)
CVE request: xpdf Dan Rosenberg (Jan 20)
- Re: CVE request: xpdf Josh Bressers (Jan 24)
- Re: CVE request: xpdf Michael Gilbert (Feb 02)
- Re: CVE request: xpdf Thomas Biege (Feb 08)
  - Re: CVE request: xpdf Tomas Hoger (Feb 08)
  - Re: CVE request: xpdf Thomas Biege (Feb 08)
Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 21)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 21)
  - Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 21)
- Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Steven M. Christey (Jan 22)
  - Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 23)
    - Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Josh Bressers (Jan 24)
    - Re: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Eugene Teo (Jan 25)
  - Re: [PATCH] acpi: debugfs: fix buffer overflows, double free Vasiliy Kulikov (Jan 24)
CVE request: MaraDNS DoS via long queries Raphael Geissert (Jan 24)
- Re: CVE request: MaraDNS DoS via long queries Josh Bressers (Jan 24)
Linux kernel av7110 negative array offset Kees Cook (Jan 24)
- Re: Linux kernel av7110 negative array offset Eugene Teo (Jan 25)
CVE request: multiple status.net issues Kees Cook (Jan 24)
- Re: CVE request: multiple status.net issues Josh Bressers (Jan 25)
CVE request: libxml2 heap contents leak Kees Cook (Jan 24)
- Re: CVE request: libxml2 heap contents leak Josh Bressers (Jan 25)
- Re: CVE request: libxml2 heap contents leak Pierre Joye (Jan 25)
  - Re: CVE request: libxml2 heap contents leak Kees Cook (Jan 25)
CVE request: linux kernel heap issues Kees Cook (Jan 24)
- Re: CVE request: linux kernel heap issues Kurt Seifried (Jan 25)
- Re: CVE request: linux kernel heap issues Eugene Teo (Jan 25)
  - Re: CVE request: linux kernel heap issues Eugene Teo (Jan 25)
    - Re: CVE request: linux kernel heap issues Eugene Teo (Jan 28)
CVE request: multiple gypsy vulnerabilities Kees Cook (Jan 24)
- Re: CVE request: multiple gypsy vulnerabilities Josh Bressers (Jan 25)
syslog-ng wrong file permission vulnerability SZALAY Attila (Jan 25)
CVE Request: VLC Subtitle StripTags heap corruption Marc Deslauriers (Jan 25)
- Re: CVE Request: VLC Subtitle StripTags heap corruption Josh Bressers (Jan 25)
Batavi 1.0 - XSRF bug fixed Ronald van den Blink (Jan 25)
- Re: Batavi 1.0 - XSRF bug fixed Josh Bressers (Jan 27)
CVE-2010-4238 xen dom0 issue Eugene Teo (Jan 25)
CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Jan 27)
- Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Josh Bressers (Jan 27)
  - Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability Steven M. Christey (Feb 02)
    - Re: CVE Request for phpMyAdmin 3.4.x, 3.4.0 beta 2 <= Stored Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Feb 25)
CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Jan 27)
- Re: CVE Request:Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability Josh Bressers (Jan 27)
CVE request: puppet Moritz Mühlenhoff (Jan 27)
- Re: CVE request: puppet Josh Bressers (Jan 31)
request CVE for weborf Salvo Tomaselli (Jan 28)
- Re: request CVE for weborf Josh Bressers (Jan 31)
CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Jan Lieskovsky (Jan 28)
- Re: CVE Request -- NDB: CVE-2005-3534 reintroduced in upstream nbd-v2.9.0 version Josh Bressers (Jan 31)
MaraDNS 1.4.06 and 1.3.07.11 released Sam Trenholme (Jan 30)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Tomas Hoger (Jan 31)
- Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
  - Re: MaraDNS 1.4.06 and 1.3.07.11 released Raphael Geissert (Mar 18)
    - Re: MaraDNS 1.4.06 and 1.3.07.11 released Vincent Danen (Mar 18)
[HITB-Announce] Reminder: HITB2011AMS - Call for Papers closes on the 18th of Feb Hafez Kamal (Jan 31)
CVE request: code execution in VLC media player Dan Rosenberg (Jan 31)
- Re: CVE request: code execution in VLC media player Josh Bressers (Jan 31)
CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Feb 01)
- Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Feb 03)
CVE request: glibc CVE-2010-3847 fix regression Tomas Hoger (Feb 01)
- Re: CVE request: glibc CVE-2010-3847 fix regression Josh Bressers (Feb 03)
CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Reed Loden (Feb 01)
- Re: CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1 Josh Bressers (Feb 03)
CVE request: fuse Marc Deslauriers (Feb 02)
- Re: CVE request: fuse Josh Bressers (Feb 03)
  - Re: CVE request: fuse Marc Deslauriers (Feb 03)
    - Re: CVE request: fuse Josh Bressers (Feb 08)
Wireshark: Freeing uninitialized pointer Huzaifa Sidhpurwala (Feb 04)
Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7 Josh Bressers (Feb 04)
Webkit Roundup Michael Gilbert (Feb 05)
Webkit Dupes Michael Gilbert (Feb 05)
- Re: Webkit Dupes Steven M. Christey (Feb 17)
  - Re: Webkit Dupes Michael Gilbert (Feb 18)
CVE request: phpbb before 3.0.8 Hanno Böck (Feb 07)
- Re: CVE request: phpbb before 3.0.8 Josh Bressers (Feb 08)
  - Re: CVE request: phpbb before 3.0.8 Hanno Böck (Feb 08)
CVE request: wordpress before 3.0.5 Hanno Böck (Feb 08)
- Re: CVE request: wordpress before 3.0.5 Josh Bressers (Feb 09)
CVE request for feh Stefan Behte (Feb 09)
- Re: CVE request for feh Josh Bressers (Feb 09)
CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
  - Re: CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
    - Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
    - Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
    - Re: CVE request: kernel: btrfs heap overflow Steven M. Christey (Feb 10)
    - Re: CVE request: kernel: btrfs heap overflow Stéphane Gaudreault (Feb 09)
    - Re: CVE request: kernel: btrfs heap overflow Moritz Muehlenhoff (Feb 09)
    - Re: CVE request: kernel: btrfs heap overflow Greg KH (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 22)
Django multiple flaws (CVEs inside) Josh Bressers (Feb 09)
[HITB-Announce] HITB Magazine Issue 005 Released Hafez Kamal (Feb 09)
PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 14)
- Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 16)
  - Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Huzaifa Sidhpurwala (Feb 16)
    - Re: Re: PHP Exif 64bit Casting Vulnerability, CVE request Pierre Joye (Feb 16)
CVE request: aircrack-ng Marc Deslauriers (Feb 14)
- Re: CVE request: aircrack-ng Nico Golde (Feb 15)
CVE request - kernel: bridge br_multicast NULL pointer dereference Eugene Teo (Feb 16)
- Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Josh Bressers (Feb 16)
  - Re: CVE request - kernel: bridge br_multicast NULL pointer dereference Moritz Muehlenhoff (Feb 16)
CVE request - kernel: s390 task_show_regs infoleak Eugene Teo (Feb 16)
- Re: CVE request - kernel: s390 task_show_regs infoleak Josh Bressers (Feb 16)
CVE request - kernel: xfs infoleak Eugene Teo (Feb 16)
- Re: CVE request - kernel: xfs infoleak Josh Bressers (Feb 16)
- Re: CVE request - kernel: xfs infoleak Eugene Teo (Mar 01)
kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo (Feb 16)
- Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Josh Bressers (Feb 16)
  - Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow Eugene Teo (Feb 16)
wireshark dct3trace buffer overflow Huzaifa Sidhpurwala (Feb 16)
CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Petr Matousek (Feb 17)
- Re: CVE request -- kernel: deficiency in processing igmp host membership reports in br_multicast Eugene Teo (Feb 17)
CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Eugene Teo (Feb 17)
- Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack Josh Bressers (Feb 17)
CVE id request: telepathy-gabble Nico Golde (Feb 17)
- Re: CVE id request: telepathy-gabble Josh Bressers (Feb 17)
CVE request: avahi daemon remote denial of service by sending NULL UDP Thomas Biege (Feb 18)
- Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Josh Bressers (Feb 18)
  - Re: CVE request: avahi daemon remote denial of service by sending NULL UDP Steven M. Christey (Feb 22)
Re: CVE request: More Evince overflows Raphael Geissert (Feb 19)
- Re: Re: CVE request: More Evince overflows Tomas Hoger (Mar 04)
clamav 0.97 Hanno Böck (Feb 21)
- Re: clamav 0.97 Josh Bressers (Feb 21)
CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Thomas Biege (Feb 21)
- Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Josh Bressers (Feb 21)
CVE requests: freebsd kernel/tesseract/xinha/proftpd Moritz Muehlenhoff (Feb 21)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Josh Bressers (Feb 23)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Steven M. Christey (Mar 02)
CVE-2011-0436: dtc sends password of new users to site admin by unencrypted email Raphael Geissert (Feb 22)
CVE request: kernel: fs/partitions: validate map_count in mac partition tables Eugene Teo (Feb 22)
- Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers (Feb 22)
  - Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Greg KH (Feb 22)
    - Re: CVE request: kernel: fs/partitions: validate map_count in mac partition tables Josh Bressers (Feb 22)
CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 22)
- Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 22)
  - Re: CVE request: kernel: a collection of world-writable debugfs bugs Eugene Teo (Feb 23)
    - Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Feb 23)
    - Re: CVE request: kernel: a collection of world-writable debugfs bugs Josh Bressers (Feb 23)
    - Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 20)
    - Re: CVE request: kernel: a collection of world-writable debugfs bugs Dan Rosenberg (Mar 20)
    - Re: CVE request: kernel: a collection of world-writable debugfs bugs Vasiliy Kulikov (Mar 21)
CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Jan Lieskovsky (Feb 22)
- Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 22)
- Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Thomas Sibley (Feb 22)
  - Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition Josh Bressers (Feb 23)
gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 22)
- Re: gdm PostLogin script executes scripts as user gdm Josh Bressers (Feb 22)
  - Re: gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 23)
CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Feb 22)
- Re: CVE Request: Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability Josh Bressers (Feb 22)
CVE request: simple machines forum before 1.1.13 Hanno Böck (Feb 22)
- Re: CVE request: simple machines forum before 1.1.13 Josh Bressers (Feb 23)
  - Re: CVE request: simple machines forum before 1.1.13 Steven M. Christey (Mar 02)
CVE request: kernel: Corrupted LDM partition table issues Eugene Teo (Feb 23)
- Re: CVE request: kernel: Corrupted LDM partition table issues Josh Bressers (Feb 23)
Physical access vulnerabilities and auto-mounting Dan Rosenberg (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 23)
  - Re: Physical access vulnerabilities and auto-mounting Eugene Teo (Feb 23)
  - Re: Physical access vulnerabilities and auto-mounting Steve Grubb (Feb 23)
    - Re: Physical access vulnerabilities and auto-mounting Timo Warns (Feb 23)
    - Re: Physical access vulnerabilities and auto-mounting Steven M. Christey (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Nelson Elhage (Feb 23)
  - Re: Physical access vulnerabilities and auto-mounting Solar Designer (Feb 23)
  - Re: Physical access vulnerabilities and auto-mounting Michael Tokarev (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Sebastian Krahmer (Feb 23)
  - Re: Physical access vulnerabilities and auto-mounting Vincent Danen (Feb 23)
- Re: Physical access vulnerabilities and auto-mounting Hanno Böck (Feb 23)
CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Feb 23)
- Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers (Feb 23)
  - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Eugene Teo (Feb 24)
    - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Jon Oberheide (Feb 24)
    - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Josh Bressers (Feb 24)
CVE request: pmwiki before 2.2.21 Hanno Böck (Feb 23)
- Re: CVE request: pmwiki before 2.2.21 Josh Bressers (Feb 23)
CVE request: Information disclosure in CGIHTTPServer from Python Moritz Muehlenhoff (Feb 23)
- Re: CVE request: Information disclosure in CGIHTTPServer from Python Josh Bressers (Feb 24)
Pattern lock bypass on SE X10 with Android 1.6 Tim Brown (Feb 24)
- Re: Pattern lock bypass on SE X10 with Android 1.6 Josh Bressers (Feb 24)
CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo (Feb 24)
- Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Josh Bressers (Feb 24)
- Re: CVE request: kernel: drm/radeon/kms: check AA resolve registers on r300 Eugene Teo (Feb 25)
XSSer v1.5 -beta- aka "Swarm Edition!" released. psy (Feb 24)
CVE Request -- OpenLDAP -- two issues Jan Lieskovsky (Feb 24)
- Re: CVE Request -- OpenLDAP -- two issues Josh Bressers (Feb 25)
  - Re: CVE Request -- OpenLDAP -- two issues Thomas Biege (Feb 28)
    - Re: CVE Request -- OpenLDAP -- two issues Vincent Danen (Feb 28)
    - Re: CVE Request -- OpenLDAP -- two issues Ralf Haferkamp (Mar 01)
    - Re: CVE Request -- OpenLDAP -- two issues Vincent Danen (Mar 01)
    - Re: CVE Request -- OpenLDAP -- two issues Josh Bressers (Mar 01)
CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Jan Lieskovsky (Feb 24)
- Re: CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names Josh Bressers (Feb 24)
CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
- Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)
CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Kees Cook (Feb 24)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Eugene Teo (Feb 25)
- Re: CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN Vasiliy Kulikov (Mar 11)
CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Kees Cook (Feb 24)
- Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec Eugene Teo (Feb 25)
CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook (Feb 25)
- Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Eugene Teo (Feb 25)
- Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Vasiliy Kulikov (Feb 25)
  - Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions Kees Cook (Feb 26)
CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage (Feb 25)
- Re: CVE request: libcgroup: Failure to verify netlink messages Eugene Teo (Feb 25)
  - Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb (Feb 25)
    - Re: CVE request: libcgroup: Failure to verify netlink messages Nelson Elhage (Feb 25)
    - Re: CVE request: libcgroup: Failure to verify netlink messages Steve Grubb (Feb 25)
CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Feb 25)
- Re: CVE Request: PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability Josh Bressers (Feb 28)
CVE request: v86d: Failure to validate netlink message sender Nelson Elhage (Feb 26)
- Re: CVE request: v86d: Failure to validate netlink message sender Josh Bressers (Feb 28)
cve request: eglibc memory corruption Michael Gilbert (Feb 26)
- Re: cve request: eglibc memory corruption Josh Bressers (Feb 28)
  - Re: cve request: eglibc memory corruption Michael Gilbert (Feb 28)
CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Feb 28)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Feb 28)
  - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 03)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Dan Rosenberg (Mar 01)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Pierre Joye (Mar 01)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 01)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Helgi Þormar Þorbjörnsson (Mar 08)
    - Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Vincent Danen (Mar 11)
- Re: CVE Request: PEAR Installer 1.9.1 <= - Symlink Attack Josh Bressers (Feb 28)
CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Vasiliy Kulikov (Feb 28)
- Re: CVE request: kernel: two bluetooth and one ebtables infoleaks/DoSes Petr Matousek (Mar 01)
CVE request: FreeBSD/OS X crontab information leakage Dan Rosenberg (Feb 28)
- Re: CVE request: FreeBSD/OS X crontab information leakage Josh Bressers (Feb 28)
CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
  - Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
    - Re: CVE request: kernel: OOM-killer via argv expansion Nelson Elhage (Mar 01)
    - Re: CVE request: kernel: OOM-killer via argv expansion Eugene Teo (Mar 01)
CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability henri (Mar 01)
- Re: CVE request: Atlassian JIRA Parameter-Based Redirection Vulnerability Josh Bressers (Mar 01)
cve request for smoothwall & openfiler dave b (Mar 01)
- Re: cve request for smoothwall & openfiler Josh Bressers (Mar 03)
CVE request: kernel: Multiple DoS issues in epoll Nelson Elhage (Mar 02)
- Re: CVE request: kernel: Multiple DoS issues in epoll Petr Matousek (Mar 02)
CVE request: VLC bookmark buffer overflow henri (Mar 02)
- Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
  - Re: CVE request: VLC bookmark buffer overflow Josh Bressers (Mar 03)
    - Re: CVE request: VLC bookmark buffer overflow Henri Salo (Mar 24)
    - Re: CVE request: VLC bookmark buffer overflow Steven M. Christey (Mar 28)
CVE request: gri < 2.12.18 insecure temp file generation henri (Mar 03)
- Re: CVE request: gri < 2.12.18 insecure temp file generation Josh Bressers (Mar 03)
CVE-2011-1023 kernel: rds: prevent BUG_ON triggering on congestion map updates Eugene Teo (Mar 03)
Vendor-sec hosting and future of closed lists Marcus Meissner (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 03)
  - Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Michael Gilbert (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
    - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
    - RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
    - RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 17)
    - RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 17)
    - Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists David Hicks (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Nelson Elhage (Mar 04)
    - Re: Vendor-sec hosting and future of closed lists Steven M. Christey (Mar 04)
- Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Solar Designer (Mar 03)
  - Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)
    - Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 05)
    - Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 06)
  - Re: Vendor-sec hosting and future of closed lists Matthieu Herrb (Mar 06)
  - Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 07)
    - Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 07)
    - Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 08)
    - Vendor-sec hosting and future of closed lists R P Herrold (Mar 08)
    - Re: Vendor-sec hosting and future of closed lists akuster (Mar 08)
    - Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 08)
    - Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
    - Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 16)
    - Re: Vendor-sec hosting and future of closed lists Art Manion (Mar 15)
  - Re: Vendor-sec hosting and future of closed lists Willy Tarreau (Mar 07)
- Re: Vendor-sec hosting and future of closed lists Marcus Meissner (Mar 04)
Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 04)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dmitry V. Levin (Mar 04)
  - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 04)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 04)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 05)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Kees Cook (Mar 05)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Josh Bressers (Mar 07)
- Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Ludwig Nussel (Mar 14)
  - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 14)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 15)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Tomas Hoger (Mar 22)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 22)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Dan Rosenberg (Mar 31)
    - Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE Patrick J. Volkerding (Mar 31)
CVE-2011-1076 kernel: DNS: Fix a NULL pointer deref when trying to read an error key Eugene Teo (Mar 04)
CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)
- Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
  - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Dan Rosenberg (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Steve Grubb (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 06)
  - Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Steven M. Christey (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Jan Lieskovsky (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Jan Kaluža (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Paul Martin (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 07)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 08)
    - Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Florian Zumbiehl (Mar 10)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 11)
    - Re: CVE Request -- logrotate -- nine issues Ludwig Nussel (Mar 23)
  - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 04)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 05)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Solar Designer (Mar 06)
    - Re: CVE Request -- logrotate -- nine issues Pavel Labushev (Mar 06)
- Re: CVE Request -- logrotate -- nine issues Josh Bressers (Mar 14)
kernel: modules_disabled policy Vasiliy Kulikov (Mar 05)
- Re: kernel: modules_disabled policy Kees Cook (Mar 05)
- Re: kernel: modules_disabled policy Steve Grubb (Mar 06)
CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Eugene Teo (Mar 07)
- Re: CVE request - kernel: nfs4: Ensure that ACL pages sent over NFS were not allocated from the slab Josh Bressers (Mar 07)
cgit convert_query_hexchar infinite loop (CVE-2011-1027) Tomas Hoger (Mar 07)
ldd can execute an app unexpectedly Steve Grubb (Mar 07)
- Re: ldd can execute an app unexpectedly Dmitry V. Levin (Mar 08)
  - Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)
  - Re: ldd can execute an app unexpectedly Tim Brown (Mar 08)
- Re: ldd can execute an app unexpectedly Tomas Hoger (Mar 08)
  - Re: ldd can execute an app unexpectedly Steve Grubb (Mar 08)
CVE request: kernel: dccp: fix oops on Reset after close Eugene Teo (Mar 08)
- Re: CVE request: kernel: dccp: fix oops on Reset after close Josh Bressers (Mar 08)
Buffer overflows in fsck may become security issues Ludwig Nussel (Mar 08)
glibc locale escaping issue Tomas Hoger (Mar 08)
- Re: glibc locale escaping issue Josh Bressers (Mar 08)
  - Re: glibc locale escaping issue Steven M. Christey (Mar 08)
CVE request, php's shm Pierre Joye (Mar 08)
- Re: CVE request, php's shm Josh Bressers (Mar 08)
- Re: CVE request, php's shm Tomas Hoger (Mar 08)
KDE SSL name check issue Tomas Hoger (Mar 08)
- Re: KDE SSL name check issue Josh Bressers (Mar 08)
CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Petr Matousek (Mar 08)
- Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd Eugene Teo (Mar 09)
CVE request: buffer overflow in unixODBC's SQLDriverConnect() Felipe Pena (Mar 09)
- Re: CVE request: buffer overflow in unixODBC's SQLDriverConnect() Josh Bressers (Mar 10)
CVE request: libvirt: several API calls do not honour read-only connection Petr Matousek (Mar 09)
- Re: CVE request: libvirt: several API calls do not honour read-only connection Josh Bressers (Mar 10)
nss-pam-ldapd security advisory (CVE-2011-0438) Arthur de Jong (Mar 10)
CVE-2011-0695 kernel: panic in ib_cm:cm_work_handler Eugene Teo (Mar 11)
CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Jan Lieskovsky (Mar 11)
- Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Josh Bressers (Mar 11)
  - Re: CVE Request -- Asterisk AST-2011-002 / Multiple array overflow and crash vulnerabilities in UDPTL code Matthew Nicholson (Mar 11)
announcing libwipe Andrew Clausen (Mar 12)
- Re: announcing libwipe Kees Cook (Mar 13)
- Re: announcing libwipe Pierre Joye (Mar 13)
  - Re: announcing libwipe Andrew Clausen (Mar 14)
- Re: announcing libwipe Andrew Clausen (Mar 14)
Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 12)
- Re: Untrusted fs and invalid filenames Steve Grubb (Mar 13)
- Re: Untrusted fs and invalid filenames Eitan Adler (Mar 13)
- Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)
  - Re: Untrusted fs and invalid filenames Dan Rosenberg (Mar 14)
    - Re: Untrusted fs and invalid filenames Stephan Mueller (Mar 14)
    - Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)
    - Re: Untrusted fs and invalid filenames Vasiliy Kulikov (Mar 14)
  - Re: Untrusted fs and invalid filenames Ludwig Nussel (Mar 14)
    - Re: Untrusted fs and invalid filenames Steve Grubb (Mar 14)
CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 13)
- Re: CVE Request: bbPress 1.0.2 <= Cross Site Scripting Vulnerability Josh Bressers (Mar 14)
CVE request: PHP substr_replace() use-after-free Felipe Pena (Mar 13)
- Re: CVE request: PHP substr_replace() use-after-free Eugene Teo (Mar 13)
- Re: CVE request: PHP substr_replace() use-after-free Oden Eriksson (Mar 13)
  - Re: CVE request: PHP substr_replace() use-after-free Felipe Pena (Mar 13)
    - Re: CVE request: PHP substr_replace() use-after-free Vincent Danen (Mar 18)
Please REJECT CVE-2008-2956 Michael Gilbert (Mar 13)
- Re: Please REJECT CVE-2008-2956 Eugene Teo (Mar 14)
CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 13)
- Re: CVE Request: Joomla! 1.6.0 | SQL Injection Vulnerability Josh Bressers (Mar 14)
CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 13)
- Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability Josh Bressers (Mar 14)
  - Re: CVE Request: Joomla! 1.6.0 | Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE requests - kernel: tpm infoleaks Eugene Teo (Mar 14)
- Re: CVE requests - kernel: tpm infoleaks Josh Bressers (Mar 14)
  - Re: CVE requests - kernel: tpm infoleaks Eugene Teo (Mar 15)
- Re: CVE requests - kernel: tpm infoleaks Josh Bressers (Mar 15)
CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Felipe Pena (Mar 14)
- Re: CVE request: format-string vulnerability in PHP Phar extension Josh Bressers (Mar 14)
CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 14)
  - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 15)
  - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
    - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 16)
    - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
    - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 16)
    - Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Ludwig Nussel (Mar 16)
CVE request for python-feedparser Vincent Danen (Mar 14)
- Re: CVE request for python-feedparser Josh Bressers (Mar 15)
- <Possible follow-ups>
- Re: CVE request for python-feedparser Jonathan Wiltshire (Mar 16)
  - Re: Re: CVE request for python-feedparser Josh Bressers (Mar 21)
gksu-polkit Sebastian Krahmer (Mar 15)
- Re: gksu-polkit Josh Bressers (Mar 15)
CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Timo Warns (Mar 15)
- Re: CVE Request: kernel: fs/partitions: Corrupted OSF partition table can cause information disclosure Josh Bressers (Mar 15)
CVE Request: xen DoS Ludwig Nussel (Mar 17)
- Re: CVE Request: xen DoS Eugene Teo (Mar 17)
CVE request for Asterisk flaws Vincent Danen (Mar 17)
- Re: CVE request for Asterisk flaws Josh Bressers (Mar 21)
The risks of cleaning /tmp Dan Rosenberg (Mar 17)
- Re: The risks of cleaning /tmp Nelson Elhage (Mar 17)
CVE request: kernel: AudioScience HPI driver Dan Rosenberg (Mar 18)
- Re: CVE request: kernel: AudioScience HPI driver Eugene Teo (Mar 18)
CVE Request: Joomla! 1.5.21 <= SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: Joomla! 1.5.20 <= Cross Site Scripting (XSS) Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: MyBB 1.6 <= SQL Injection YGN Ethical Hacker Group (Mar 18)
CVE Request: MyBB 1.6 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: TinyBrowser (TinyMCE Editor File browser) 1.41.6 - Multiple Vulnerabilities YGN Ethical Hacker Group (Mar 18)
CVE Request: 2Wire Broadband Router Session Hijacking Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE Request: PHP Support Ticket 2.2 <= Multiple Vulnerabilities YGN Ethical Hacker Group (Mar 18)
CVE Request: HP System Management Homepage(SMH) | Open URL Redirection YGN Ethical Hacker Group (Mar 18)
- Re: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Mike O'Connor (Mar 18)
  - RE: CVE Request: HP System Management Homepage(SMH) | Open URL Redirection Menkhus, Mark (GSE Security HP SSRT) (Mar 19)
CVE Request: XOOPS 2.5.0 <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 18)
CVE request: kernel: netfilter & econet infoleaks Vasiliy Kulikov (Mar 18)
- Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo (Mar 21)
  - Re: CVE request: kernel: netfilter & econet infoleaks Eugene Teo (Mar 21)
CVE request: MPM-ITK module for Apache HTTPD Stefan Fritsch (Mar 20)
- Re: CVE request: MPM-ITK module for Apache HTTPD Josh Bressers (Mar 21)
  - Re: CVE request: MPM-ITK module for Apache HTTPD Steinar H. Gunderson (Mar 21)
CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 20)
- Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 21)
  - Re: CVE request: kernel: heap corruption in IrDA Dan Rosenberg (Mar 21)
    - Re: CVE request: kernel: heap corruption in IrDA Eugene Teo (Mar 22)
CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Mar 20)
- Re: CVE request: kernel: multiple issues in ROSE Eugene Teo (Mar 21)
  - Re: CVE request: kernel: multiple issues in ROSE Dan Rosenberg (Mar 30)
CVE Request (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky (Mar 21)
- Re: CVE UnRequest (minor) -- Pidgin / libpurple -- Cipher API information disclosure Jan Lieskovsky (Mar 21)
  - Local memory disclosure (was: libpurple CVE UnRequest) Steven M. Christey (Mar 21)
    - Re: Local memory disclosure (was: libpurple CVE UnRequest) Steve Grubb (Mar 21)
Re: CVE request: kernel: a collection ofworld-writable debugfs bugs dan . j . rosenberg (Mar 21)
Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 21)
- Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. Steven M. Christey (Mar 22)
  - Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 22)
- Message not available
  - Re: Security advisory: local DOS attack affecting non updated PaX patched kernels. klondike (Mar 22)
Possible security fixes in 5.05? Raphael Geissert (Mar 22)
CVE requests - kernel: irda/decnet issues Eugene Teo (Mar 22)
- Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg (Mar 22)
- Re: CVE requests - kernel: irda/decnet issues Josh Bressers (Mar 22)
  - Re: CVE requests - kernel: irda/decnet issues Dan Rosenberg (Mar 22)
CVE Request: libpng memory leak Ludwig Nussel (Mar 22)
- Re: CVE Request: libpng memory leak Steven M. Christey (Mar 28)
Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes (Mar 22)
- Re: Linux kernel signal spoofing vulnerability (CVE request) Eugene Teo (Mar 23)
- Re: Linux kernel signal spoofing vulnerability (CVE request) Julien Tinnes (Mar 29)
Re: Linux kernel proactive security hardening Solar Designer (Mar 23)
oss-security is on twitter Eugene Teo (Mar 23)
- RE: oss-security is on twitter Menkhus, Mark (GSE Security HP SSRT) (Mar 24)
  - Re: oss-security is on twitter Eugene Teo (Mar 24)
CVE Request: perl: regex causes assertion fail Ludwig Nussel (Mar 23)
- Re: CVE Request: perl: regex causes assertion fail Steven M. Christey (Mar 28)
CVE Request -- Asterisk Security Vulnerability Matthew Nicholson (Mar 23)
- Re: CVE Request -- Asterisk Security Vulnerability Steven M. Christey (Mar 23)
CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Mar 23)
- Re: CVE Request: PHP-Nuke 8.x <= "chng_uid" Blind SQL Injection Vulnerability Josh Bressers (Mar 30)
CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability YGN Ethical Hacker Group (Mar 23)
- Re: CVE Request: PHP-Nuke 8.x <= Cross Site Scripting Vulnerability Josh Bressers (Mar 30)
CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability YGN Ethical Hacker Group (Mar 23)
- Re: CVE Request: PHP-Nuke 8.x <= Cross Site Request Forgery (CSRF) / Anti-CSRF Bypass Vulnerability Josh Bressers (Mar 30)
CVE request: kernel: two OSS fixes Dan Rosenberg (Mar 23)
- Re: CVE request: kernel: two OSS fixes Eugene Teo (Mar 25)
CVE request: roundcube < 0.5.1 CSRF Hanno Böck (Mar 24)
- Re: CVE request: roundcube < 0.5.1 CSRF Jan Lieskovsky (Mar 24)
CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Jan Lieskovsky (Mar 24)
- Re: CVE Request -- Python (urllib, urllib2): Improper management of ftp:// and file:// URL schemes Steven M. Christey (Mar 28)
CVE-2011-0728: Loggerhead 1.18.1 security release William Grant (Mar 24)
CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Jan Lieskovsky (Mar 25)
- Re: CVE Request -- php-doctrine-Doctrine -- SQL injection flaw Steven M. Christey (Mar 28)
CVE Request -- Nagios -- XSS in the network status map CGI script Jan Lieskovsky (Mar 25)
- Re: CVE Request -- Nagios -- XSS in the network status map CGI script Steven M. Christey (Mar 28)
CVE-2011-1478 kernel: gro: reset dev and skb_iff on skb reuse Eugene Teo (Mar 28)
CVE requests : Liferay 6.0.6 Nicolas Grégoire (Mar 29)
CVE request: cmsmadesimple before 1.9.1 Hanno Böck (Mar 29)
- Re: CVE request: cmsmadesimple before 1.9.1 Josh Bressers (Mar 30)
CVE Request: rsyslogd memory leaks Ludwig Nussel (Mar 29)
tiff CVE-2011-0192 patch broken Ludwig Nussel (Mar 30)
CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Jan Lieskovsky (Mar 30)
- Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Steven M. Christey (Mar 30)
- Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes pan (Mar 30)
- Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Raimo Niskanen (Mar 31)
- Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Sverker Eriksson (Mar 31)
- Message not available
  - Re: CVE Request -- Erlang/OTP R14, Erlang/OTP R14B01, Erlang/OTP R14B02 -- multiple security fixes Rickard Green (Mar 31)

Previous period

Next period