Home page logo
/

550 messages starting Jul 12 11 and ending Sep 15 11
Date index | Thread index | Author index

Abhijeet Patil

[Announcement] ClubHack Magazine Issue 18-July2011 Released Abhijeet Patil (Jul 12)
CFP open for ClubHack2011 Abhijeet Patil (Jul 30)

akuster

Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount akuster (Sep 23)

Alan Boudreault

Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Alan Boudreault (Jul 19)
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Alan Boudreault (Jul 20)

Alex Legler

CVE request: BusyBox unpack_Z_stream() buffer underflow Alex Legler (Aug 19)
CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)

Andrea Barisani

oCERT name change due to trademark claims Andrea Barisani (Jul 07)
[oCERT-2011-001] Chyrp input sanitization errors Andrea Barisani (Jul 13)

Barry Greene

Re: The Bind incident Barry Greene (Jul 06)

Billy Rios

Re: libxml security fix from apple ... any information? Billy Rios (Jul 29)

Chris Evans

Re: vsftpd download backdoored Chris Evans (Jul 07)

Colin Percival

Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 05)
Re: LZW decompression issues Colin Percival (Sep 28)

Daniele Bianco

[oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)
Re: [oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)

Daniel Veillard

Re: libxml security fix from apple ... any information? Daniel Veillard (Aug 04)

dann frazier

CVE request: perf: may parse user-controlled config file dann frazier (Aug 09)
Re: CVE request: perf: may parse user-controlled config file dann frazier (Aug 11)

Dan Rosenberg

Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 14)
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 15)
CVE request: kernel: arbitrary kernel read in xtensa Dan Rosenberg (Jul 20)
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)
Re: CVE requests: Two kernel issues Dan Rosenberg (Aug 10)
CVE request (and disclosure): ax25d missing setuid return code check Dan Rosenberg (Aug 10)
Re: [oCERT-2011-002] libavcodec insufficient boundary check Dan Rosenberg (Aug 10)

dave bl

Re: CVE Request: foomatic-gui dave bl (Aug 04)
Re: CVE Request: foomatic-gui dave bl (Aug 05)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws dave bl (Sep 15)

David Hicks

CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities David Hicks (Aug 18)

David Jorm

Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() David Jorm (Aug 24)

dfncert

CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 15)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)

Djalal Harouni

CVE-2011-1764 Exim: DKIM Format String Djalal Harouni (Jul 15)

Eren Türkay

Re: CVE request (and disclosure): ax25d missing setuid return code check Eren Türkay (Aug 11)
D-Link DCS-2121 Semicolon Vulnerability Eren Türkay (Sep 10)

Erik de Castro Lopo

Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 15)

Eugene Teo

Re: CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Eugene Teo (Jul 01)
Re: CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Eugene Teo (Jul 01)
Re: vsftpd download backdoored Eugene Teo (Jul 05)
The Bind incident Eugene Teo (Jul 05)
Re: The Bind incident Eugene Teo (Jul 05)
Re: vsftpd download backdoored Eugene Teo (Jul 05)
CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Eugene Teo (Jul 06)
CVE-2011-1780, CVE-2011-1936, kernel/xen issues Eugene Teo (Jul 07)
Re: The Bind incident Eugene Teo (Jul 07)
CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() Eugene Teo (Jul 12)
CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize Eugene Teo (Jul 13)
CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe() Eugene Teo (Jul 15)
CVE request: kernel: ipv6: make fragment identifications less predictable Eugene Teo (Jul 20)
CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Eugene Teo (Jul 20)
Re: CVE request: kernel: gro: Only reset frag0 when skb can be pulled Eugene Teo (Jul 29)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Eugene Teo (Jul 29)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 10)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 12)
Re: CVE requests: Two kernel issues Eugene Teo (Aug 15)
kernel: ext3/4: ext3/4_symlink lock oops Eugene Teo (Aug 15)
Re: CVE request -- kernel: perf: fix software event overflow Eugene Teo (Aug 16)
Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Eugene Teo (Aug 19)
CVE request: kernel: change in how tcp seq numbers are generated Eugene Teo (Aug 23)
CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 24)
Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 24)
kernel: CVE-2011-2482/2519 Eugene Teo (Aug 30)
Re: CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Eugene Teo (Sep 14)
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Eugene Teo (Sep 26)

Even Rouault

Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Even Rouault (Jul 19)

Florian Weimer

Re: The Bind incident Florian Weimer (Jul 06)
Re: LZW decompression issues Florian Weimer (Sep 28)

Geoffrey Keating

Re: CVE request and info: freetype flaw to jailbreak iphone Geoffrey Keating (Jul 17)

halfdog

Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 12)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 16)

Hanno Böck

CVE request: roundcube XSS before 0.5.4 Hanno Böck (Aug 18)
CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Hanno Böck (Sep 19)

HD Moore

Re: vsftpd download backdoored HD Moore (Jul 05)
Re: vsftpd download backdoored HD Moore (Jul 05)
Re: vsftpd download backdoored HD Moore (Jul 05)

Henri Doreau

Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Henri Doreau (Sep 07)

Henri Salo

CVE request: sNews 1.7.1 XSS in reorder Henri Salo (Jul 20)
Fwd: Joomla! Security News Henri Salo (Jul 20)
CVE request: PyForum backdoor BMSA-2009-07 Henri Salo (Jul 24)
Re: CVE request: silverstripe before 2.4.4 Henri Salo (Jul 24)
CVE request: Drupal Data-module multiple vulnerabilities Henri Salo (Jul 24)
Re: CVE request: gri < 2.12.18 insecure temp file generation Henri Salo (Jul 28)
CVE-request Tribiq CMS path disclosure HTB22857 Henri Salo (Jul 28)
CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Aug 04)
CVE request: coppermine gallery < 1.4.26 Henri Salo (Aug 04)
Re: CVE Request: foomatic-gui Henri Salo (Aug 04)
CVE-request: KaiBB security vulnerabilities without CVE-IDs Henri Salo (Aug 04)
CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Henri Salo (Aug 04)
CVE-request: pithos symlink vulnerability CWE-61 Henri Salo (Aug 04)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Henri Salo (Sep 08)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo (Sep 15)
CVE request: PunBB multiple XSS issues Henri Salo (Sep 18)
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Sep 24)

Huzaifa Sidhpurwala

Please reject CVE-2011-0705 Huzaifa Sidhpurwala (Jul 01)
Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Huzaifa Sidhpurwala (Jul 06)
Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala (Jul 13)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Huzaifa Sidhpurwala (Jul 18)
Re: CVE Request: ruby PRNG fixes Huzaifa Sidhpurwala (Jul 20)
Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala (Jul 20)
Re: CVE request: kernel: ipv6: make fragment identifications less predictable Huzaifa Sidhpurwala (Jul 20)
Re: CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Huzaifa Sidhpurwala (Jul 20)
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Huzaifa Sidhpurwala (Jul 28)
Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala (Jul 29)
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Huzaifa Sidhpurwala (Aug 02)
Re: CVE Request: foomatic-gui Huzaifa Sidhpurwala (Aug 12)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Huzaifa Sidhpurwala (Aug 15)
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
CVE Request: Multiple issues fixed in wireshark 1.6.2 Huzaifa Sidhpurwala (Sep 13)

Jamie Strandboge

Security issue in reseed Jamie Strandboge (Jul 06)
CVE Request: reseed Jamie Strandboge (Jul 06)
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jamie Strandboge (Jul 07)
Security issue in hammerhead Jamie Strandboge (Aug 26)
CVE Request -- apt Jamie Strandboge (Sep 22)
Re: CVE Request -- apt Jamie Strandboge (Sep 22)

Jan Lieskovsky

CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky (Jul 11)
CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 15)
Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky (Jul 18)
CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky (Jul 19)
CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Jan Lieskovsky (Jul 19)
CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Jan Lieskovsky (Jul 19)
Re: CVE requests; issues fixed in MySQL 5.1.52 Jan Lieskovsky (Jul 20)
CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Jan Lieskovsky (Jul 21)
CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Jan Lieskovsky (Jul 25)
Re: Squirrelmail CVE duplicates Jan Lieskovsky (Jul 25)
CVE Request -- GLPI -- Properly blacklist some sensitive fields Jan Lieskovsky (Jul 25)
CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Jan Lieskovsky (Jul 26)
CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Jan Lieskovsky (Jul 28)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky (Jul 29)
CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue Jan Lieskovsky (Jul 29)
CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan Lieskovsky (Sep 07)
CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Jan Lieskovsky (Sep 08)
CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Jan Lieskovsky (Sep 08)
CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Jan Lieskovsky (Sep 09)
CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Jan Lieskovsky (Sep 11)
CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Jan Lieskovsky (Sep 15)
CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Jan Lieskovsky (Sep 22)
CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Jan Lieskovsky (Sep 29)

Jan-Oliver Wagner

Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan-Oliver Wagner (Sep 09)

Jeff Johnson

Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 26)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 26)

Jeff Mitchell

CVE Request: Ark path traversal Jeff Mitchell (Jul 25)
CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
Re: CVE Request: Ark path traversal Jeff Mitchell (Jul 26)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 28)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Aug 01)

Jeffrey Czerniak

Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak (Jul 30)

Joerg Sonnenberger

Re: LZW decompression issues Joerg Sonnenberger (Sep 29)

Johannes Schlüter

Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Johannes Schlüter (Sep 26)

John Haxby

Closed List John Haxby (Aug 30)
Re: Closed List John Haxby (Aug 30)

John Lightsey

CVE request: two vulnerabilities in ktsuss 1.4 and earlier John Lightsey (Aug 13)

Jonathan Wiltshire

CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
CVE request for bcfg2 (remote root) Jonathan Wiltshire (Sep 01)

Jon Oberheide

Re: CVE request (and disclosure): ax25d missing setuid return code check Jon Oberheide (Aug 11)

Josh Bressers

Re: vsftpd download backdoored Josh Bressers (Jul 11)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Josh Bressers (Jul 12)
Re: CVE requests; issues fixed in MySQL 5.1.52 Josh Bressers (Jul 12)
Re: CVE request: plone privilege escalation flaw Josh Bressers (Jul 12)
Re: CVE Request: reseed Josh Bressers (Jul 12)
Re: CVE Request: foo2zjs Josh Bressers (Jul 12)
Re: libreoffice/openoffice.org CVE id request Josh Bressers (Jul 12)
Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 12)
Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers (Jul 12)
Re: CVE id request: apache mod-auth-external Josh Bressers (Jul 12)
Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Josh Bressers (Jul 15)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Josh Bressers (Jul 20)
Re: CVE id request: (e)glibc Josh Bressers (Jul 20)
Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: [oss-security] Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.] Josh Bressers (Jul 20)
Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 20)
Re: CVE request: sNews 1.7.1 XSS in reorder Josh Bressers (Jul 20)
Re: CVE request: kernel: arbitrary kernel read in xtensa Josh Bressers (Jul 20)
Re: Fwd: Joomla! Security News Josh Bressers (Jul 20)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Josh Bressers (Jul 22)
Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities Josh Bressers (Jul 22)
Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
Re: CVE request: PyForum backdoor BMSA-2009-07 Josh Bressers (Jul 26)
Re: CVE request: Drupal Data-module multiple vulnerabilities Josh Bressers (Jul 26)
Re: CVE request - dhcp clients Josh Bressers (Jul 26)
Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Josh Bressers (Jul 26)
Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields Josh Bressers (Jul 26)
Re: CVE Request: Ark path traversal Josh Bressers (Jul 26)
Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Josh Bressers (Jul 26)
Re: CVE request: hplip: insecure tmp file handling Josh Bressers (Jul 26)
Re: CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Josh Bressers (Jul 29)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Josh Bressers (Jul 29)
Re: CVE-request Tribiq CMS path disclosure HTB22857 Josh Bressers (Jul 29)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Jul 29)
Re: CVE request: Linux kernel af_packet information leak Josh Bressers (Aug 03)
Re: CVE Request: foomatic-gui Josh Bressers (Aug 03)
Re: CVE id request: shttpd/mongoose/yassl embedded webserver Josh Bressers (Aug 03)
Re: CVE Request: foomatic-gui Josh Bressers (Aug 04)
Re: cve request: xpdf: insecure tempfile usage in zxpdf script Josh Bressers (Aug 09)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers (Aug 09)
Re: CVE request: zabbix XSS flaw Josh Bressers (Aug 09)
Re: CVE request: perf: may parse user-controlled config file Josh Bressers (Aug 09)
Re: CVE request (and disclosure): ax25d missing setuid return code check Josh Bressers (Aug 12)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers (Aug 12)
Re: CVE request: improper permissions on ~/.qtnx/*.nxml Josh Bressers (Aug 12)
Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection Josh Bressers (Aug 12)
Re: CVE request: two vulnerabilities in ktsuss 1.4 and earlier Josh Bressers (Aug 16)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Aug 17)
Re: CVE request: coppermine gallery < 1.4.26 Josh Bressers (Aug 19)
Re: CVE-request: KaiBB security vulnerabilities without CVE-IDs Josh Bressers (Aug 19)
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Josh Bressers (Aug 19)
Re: CVE-request: pithos symlink vulnerability CWE-61 Josh Bressers (Aug 19)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)
Re: CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability Josh Bressers (Aug 19)
Re: CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Aug 19)
Re: CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities Josh Bressers (Aug 19)
Re: CVE request: roundcube XSS before 0.5.4 Josh Bressers (Aug 19)
Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities Josh Bressers (Aug 19)
Re: CVE request: heap overflow in perl while decoding Unicode string Josh Bressers (Aug 19)
Re: CVE request: stunnel 4.4x heap overflow flaw Josh Bressers (Aug 19)
CVE assignment php NULL pointer dereference - CVE-2011-3182 Josh Bressers (Aug 22)
Re: CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting Josh Bressers (Aug 22)
Re: CVE request: Pidgin crash Josh Bressers (Aug 22)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
CVE assignment - PHP salt flaw CVE-2011-3189 Josh Bressers (Aug 23)
Re: CVE request: libqt4: two memory issues Josh Bressers (Aug 24)
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
CVE Assignment - evolution CVE-2011-3201 Josh Bressers (Aug 26)
Re: CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting Josh Bressers (Aug 30)
Re: CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution Josh Bressers (Aug 30)
Re: Security issue in hammerhead Josh Bressers (Aug 30)
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Josh Bressers (Aug 30)
Re: CVE request for bcfg2 (remote root) Josh Bressers (Sep 06)
Re: CVE request for OpenTTD Josh Bressers (Sep 06)
Re: Re: lightdm issues Josh Bressers (Sep 09)
Re: CVE id request: masqmail Josh Bressers (Sep 09)
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Josh Bressers (Sep 09)
Re: CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Josh Bressers (Sep 09)
Re: CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Josh Bressers (Sep 09)
Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)
Re: CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Josh Bressers (Sep 09)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Josh Bressers (Sep 09)
Re: D-Link DCS-2121 Semicolon Vulnerability Josh Bressers (Sep 14)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Josh Bressers (Sep 14)
Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting Josh Bressers (Sep 14)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Josh Bressers (Sep 14)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Josh Bressers (Sep 14)
Re: CVE Request? etherape remote crash (denial of service) Josh Bressers (Sep 22)
Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Josh Bressers (Sep 22)
Re: CVE request: PunBB multiple XSS issues Josh Bressers (Sep 22)
Re: CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Josh Bressers (Sep 23)
Re: CVE Request -- apt Josh Bressers (Sep 23)
Re: CVE Request: Missing input sanitation in various X GLX calls Josh Bressers (Sep 23)
Re: CVE Request: X.org ProcRenderGlyps input sanitation issue Josh Bressers (Sep 23)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Josh Bressers (Sep 27)
Re: CVE request: heap-based buffer overflow in ldns Josh Bressers (Sep 30)
Re: CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Sep 30)
Re: CVE requests: Typo3 Josh Bressers (Sep 30)
Re: CVE Request: samba, cifs-utils Josh Bressers (Sep 30)
Re: CVE Request: ffmpeg/libav Josh Bressers (Sep 30)
Re: CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Josh Bressers (Sep 30)
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Josh Bressers (Sep 30)

Kees Cook

multiple flaws in minissdpd Kees Cook (Jul 28)
CVE request: kernel: gro: Only reset frag0 when skb can be pulled Kees Cook (Jul 28)
closed-list membership transition Kees Cook (Sep 16)
Re: closed-list membership transition Kees Cook (Sep 16)

Ludwig Nussel

Re: CVE requests; issues fixed in MySQL 5.1.52 Ludwig Nussel (Jul 04)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
CVE Request: ruby PRNG fixes Ludwig Nussel (Jul 11)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 11)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 12)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 13)
Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 14)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Ludwig Nussel (Jul 18)
Re: closed-list membership transition Ludwig Nussel (Sep 19)

Lukas Fleischer

Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)

Maksymilian Arciemowicz

Re: php ZipArchive::addGlob() crashes on invalid flags Maksymilian Arciemowicz (Jul 01)

Marc Deslauriers

CVE Request: foo2zjs Marc Deslauriers (Jul 06)
CVE Request: foomatic-gui Marc Deslauriers (Aug 03)
CVE Request: samba, cifs-utils Marc Deslauriers (Sep 27)
CVE Request: ffmpeg/libav Marc Deslauriers (Sep 27)
Re: CVE Request: ffmpeg/libav Marc Deslauriers (Sep 30)

Marcus Meissner

libxml security fix from apple ... any information? Marcus Meissner (Jul 28)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Marcus Meissner (Aug 12)
CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 06)
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 07)
CVE Request? etherape remote crash (denial of service) Marcus Meissner (Sep 19)
CVE Request: Missing input sanitation in various X GLX calls Marcus Meissner (Sep 22)
CVE Request: X.org ProcRenderGlyps input sanitation issue Marcus Meissner (Sep 22)

Mark Doliner

CVE request: Pidgin crash Mark Doliner (Aug 20)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
Re: CVE request: Pidgin crash Mark Doliner (Aug 22)

Mark J Cox

CVE assignment Apache httpd multiple-range DoS ("Apache Killer") - CVE-2011-3192 Mark J Cox (Aug 24)

Markus Friedl

Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)

Matthias Andree

Re: vsftpd download backdoored Matthias Andree (Jul 05)

Matthias Weckbecker

CVE request: hplip: insecure tmp file handling Matthias Weckbecker (Jul 26)
Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker (Aug 22)
CVE request: libqt4: two memory issues Matthias Weckbecker (Aug 22)
CVE-request(?): squid: buffer overflow in Gopher reply parser Matthias Weckbecker (Aug 29)

Michael Gilbert

cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 19)
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 22)
cve request: xpdf: insecure tempfile usage in zxpdf script Michael Gilbert (Aug 04)
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Aug 04)

Michael Tokarev

CVE Request: qemu -runas does not clear supplementary groups Michael Tokarev (Jul 12)

Mike O'Connor

Re: The Bind incident Mike O'Connor (Jul 06)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Mike O'Connor (Jul 12)
Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor (Jul 21)
Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Mike O'Connor (Aug 04)

miniupnp

Re: multiple flaws in minissdpd miniupnp (Jul 29)

Moritz Muehlenhoff

Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)
Squirrelmail CVE duplicates Moritz Muehlenhoff (Jul 24)
Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff (Jul 26)
Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff (Jul 29)
CVE request: Linux kernel af_packet information leak Moritz Muehlenhoff (Aug 03)
CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 09)
Re: CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 10)
Re: CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Moritz Muehlenhoff (Sep 08)
CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Moritz Muehlenhoff (Sep 13)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Moritz Muehlenhoff (Sep 13)
CVE requests: Typo3 Moritz Muehlenhoff (Sep 26)
Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff (Sep 30)

Moritz Mühlenhoff

Re: Squirrelmail CVE duplicates Moritz Mühlenhoff (Jul 25)
Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff (Jul 26)
Re: CVE request: Pidgin crash Moritz Mühlenhoff (Aug 22)

Nico Golde

libreoffice/openoffice.org CVE id request Nico Golde (Jul 06)
CVE id request: apache mod-auth-external Nico Golde (Jul 12)
CVE id request: (e)glibc Nico Golde (Jul 18)
CVE id request: shttpd/mongoose/yassl embedded webserver Nico Golde (Aug 03)
CVE id request: masqmail Nico Golde (Sep 07)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Nico Golde (Sep 08)

Nicolas Grégoire

Is there a maintainer for librsvg ? Nicolas Grégoire (Sep 16)

nicolas vigier

Re: rpm/librpm/rpm-python memory corruption pre-verification nicolas vigier (Sep 29)

Oracle Security Alerts

Re: Closed list Oracle Security Alerts (Jul 01)

Papers, Call For

CFP SecurityByte India Papers, Call For (Jul 27)

Petr Matousek

CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Petr Matousek (Jul 01)
CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Petr Matousek (Jul 15)
CVE request -- kernel: perf: fix software event overflow Petr Matousek (Aug 15)
Re: CVE request: kernel: change in how tcp seq numbers are generated Petr Matousek (Aug 23)
kernel: xen: CVE-2011-2901 Petr Matousek (Aug 30)
Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Petr Matousek (Sep 07)
CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Petr Matousek (Sep 08)
CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Petr Matousek (Sep 14)
CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Petr Matousek (Sep 14)

Pierre Joye

Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 26)

pinto.elia () gmail com

R: Re: [oss-security] vsftpd download backdoored pinto.elia () gmail com (Jul 05)

Ralf Baechle

Re: CVE request (and disclosure): ax25d missing setuid return code check Ralf Baechle (Aug 11)

Rasmus Lerdorf

Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Rasmus Lerdorf (Sep 25)

Robert Ancell

Re: lightdm issues Robert Ancell (Aug 26)

Sebastian Krahmer

Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
CVE Request: hplip/foomatic-filters Sebastian Krahmer (Jul 13)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Jul 25)
Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
lxc + fscaps Sebastian Krahmer (Aug 23)
lightdm issues Sebastian Krahmer (Aug 24)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer (Aug 26)

Sergey Chernyshev

Start(up) API project security Sergey Chernyshev (Aug 18)

Solar Designer

vsftpd download backdoored Solar Designer (Jul 03)
Re: CVE request: openssl timing attack Solar Designer (Jul 03)
Re: vsftpd download backdoored Solar Designer (Jul 04)
FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: vsftpd download backdoored Solar Designer (Jul 05)
Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 05)
Re: vsftpd download backdoored Solar Designer (Jul 06)
Re: The Bind incident Solar Designer (Jul 06)
Re: CVE request: openssl timing attack Solar Designer (Jul 06)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 06)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 08)
Re: CVE request: openssl timing attack Solar Designer (Jul 10)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 11)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 18)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
*BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Solar Designer (Jul 19)
Re: Closed list Solar Designer (Jul 21)
Re: *BSD security contacts Solar Designer (Jul 21)
Re: Closed list Solar Designer (Jul 22)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? Solar Designer (Jul 26)
iputils ping6 -s buffer overflow Solar Designer (Jul 26)
Re: CFP SecurityByte India Solar Designer (Jul 27)
Re: CVE request: multiple libraries getenv() misuse Solar Designer (Jul 27)
Re: Closed list Solar Designer (Jul 29)
Re: CFP open for ClubHack2011 Solar Designer (Jul 30)
Re: libxml security fix from apple ... any information? Solar Designer (Jul 30)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Aug 03)
Re: CVE request (and disclosure): ax25d missing setuid return code check Solar Designer (Aug 11)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Aug 26)
Re: Closed List Solar Designer (Aug 30)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Sep 05)
Re: closed-list membership transition Solar Designer (Sep 17)
Re: closed-list membership transition Solar Designer (Sep 19)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: LZW decompression issues Solar Designer (Sep 28)
Re: LZW decompression issues Solar Designer (Sep 29)
Re: LZW decompression issues Solar Designer (Sep 29)
Re: LZW decompression issues Solar Designer (Sep 29)

Stas Malyshev

Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)

Stefan Behte

Re: CVE request: vulnerability in FreeRADIUS (OCSP) Stefan Behte (Jul 18)

Stefan Fritsch

Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Stefan Fritsch (Jul 16)

Steffen Joeris

Re: Closed list Steffen Joeris (Jul 21)

Steve Grubb

Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 09)
Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 10)

Steve Kemp

Re: Closed list Steve Kemp (Jul 21)

Steven M. Christey

Re: [oCERT-2011-001] Chyrp input sanitization errors Steven M. Christey (Jul 13)
Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Steven M. Christey (Jul 13)
Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Steven M. Christey (Jul 27)
Re: CVE request: gri < 2.12.18 insecure temp file generation Steven M. Christey (Jul 28)
Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Steven M. Christey (Aug 15)
Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey (Aug 31)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Steven M. Christey (Sep 15)

Tavis Ormandy

Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
rpm/librpm/rpm-python memory corruption pre-verification Tavis Ormandy (Sep 27)
Re: LZW decompression issues Tavis Ormandy (Sep 28)
Re: LZW decompression issues Tavis Ormandy (Sep 29)

Thijs Kinkhorst

Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Thijs Kinkhorst (Sep 13)
CVE Request: BackupPC 3.2.1 fixes cross site scripting Thijs Kinkhorst (Sep 13)

Thomas Biege

CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Jul 14)
Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
Re: CFP open for ClubHack2011 Thomas Biege (Aug 01)
Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Aug 02)
CVE request: GIF loader buffer overflow when initializing decompression tables Thomas Biege (Aug 02)
CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 10)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 11)

Thomas Goirand

Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 13)

Thomas Osterried

Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 11)
Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 18)

Tim Brown

Re: CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Tim Brown (Jul 25)
Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 07)
Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 09)

Timo Warns

CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Timo Warns (Aug 19)

Tim Waugh

Re: CVE Request: foomatic-gui Tim Waugh (Aug 03)
Re: CVE Request: foomatic-gui Tim Waugh (Aug 04)
Re: CVE Request: foomatic-gui Tim Waugh (Aug 05)

Tim Zingelman

Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
Re: *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Tim Zingelman (Jul 21)
Re: LZW decompression issues Tim Zingelman (Sep 29)

Tomas Hoger

php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
Re: Re: php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
Re: CVE request: openssl timing attack Tomas Hoger (Jul 04)
Re: Closed list Tomas Hoger (Jul 04)
Re: CVE request: openssl timing attack Tomas Hoger (Jul 06)
SSL renegotiation DoS CVE-2011-1473 Tomas Hoger (Jul 08)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tomas Hoger (Jul 19)
New IcedTea and IcedTea-Web releases Tomas Hoger (Jul 20)
CVE request - dhcp clients Tomas Hoger (Jul 25)
Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Jul 28)
Re: Closed list Tomas Hoger (Jul 29)
Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Aug 01)
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 03)
LZW decompression issues Tomas Hoger (Aug 10)
Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Tomas Hoger (Aug 12)
Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 19)
Re: CVE request: BusyBox unpack_Z_stream() buffer underflow Tomas Hoger (Aug 19)
Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 24)
Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 25)
Re: LZW decompression issues Tomas Hoger (Sep 28)
Re: LZW decompression issues Tomas Hoger (Sep 29)

Vasiliy Kulikov

Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Vasiliy Kulikov (Jul 25)
Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov (Sep 21)

Vincent Danen

CVE request: plone privilege escalation flaw Vincent Danen (Jul 04)
Re: CVE Request: qemu -runas does not clear supplementary groups Vincent Danen (Jul 12)
Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen (Jul 15)
CVE request and info: freetype flaw to jailbreak iphone Vincent Danen (Jul 16)
CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation Vincent Danen (Jul 18)
two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Vincent Danen (Jul 25)
CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Vincent Danen (Jul 27)
CVE-2011-2524: libsoup's SoupServer directory traversal flaw Vincent Danen (Jul 28)
CVE mistake in libsoup release notes Vincent Danen (Jul 29)
CVE request: heap overflow in tcptrack < 1.4.2 Vincent Danen (Aug 09)
CVE request: zabbix XSS flaw Vincent Danen (Aug 09)
CVE-2011-2907: authentication bypass in torque Vincent Danen (Aug 11)
CVE request: improper permissions on ~/.qtnx/*.nxml Vincent Danen (Aug 11)
CVE request: ruby on rails flaws (4) Vincent Danen (Aug 17)
CVE request: heap overflow in perl while decoding Unicode string Vincent Danen (Aug 18)
CVE request: stunnel 4.4x heap overflow flaw Vincent Danen (Aug 19)
Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 20)
Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Vincent Danen (Aug 30)
Re: CVE Request: Missing input sanitation in various X GLX calls Vincent Danen (Sep 23)
CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 24)
CVE request: heap-based buffer overflow in ldns Vincent Danen (Sep 24)
Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 26)

William Cohen

Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (Jul 12)

yersinia

Re: rpm/librpm/rpm-python memory corruption pre-verification yersinia (Sep 28)

YGN Ethical Hacker Group

CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 22)
CVE Request: Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 30)
CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection YGN Ethical Hacker Group (Aug 11)
CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability YGN Ethical Hacker Group (Aug 18)
CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Aug 18)
CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities YGN Ethical Hacker Group (Aug 18)
CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting YGN Ethical Hacker Group (Aug 22)
CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting YGN Ethical Hacker Group (Aug 26)
CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution YGN Ethical Hacker Group (Aug 26)
CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Sep 26)

Yves-Alexis Perez

Re: CVE request: perf: may parse user-controlled config file Yves-Alexis Perez (Aug 09)
Re: CVE requests: Two kernel issues Yves-Alexis Perez (Aug 12)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 25)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 29)
Re: Re: lightdm issues Yves-Alexis Perez (Sep 07)
Re: Is there a maintainer for librsvg ? Yves-Alexis Perez (Sep 16)
Re: closed-list membership transition Yves-Alexis Perez (Sep 16)

Zeev Suraski

RE: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Zeev Suraski (Sep 25)

Zooko O'Whielacronx

unauthorized deletion of file in Tahoe-LAFS Zooko O'Whielacronx (Sep 15)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault