oss-sec: by thread

oss-sec: by thread

550 messages starting Jul 01 11 and ending Sep 30 11
Date index | Thread index | Author index

Please reject CVE-2011-0705 Huzaifa Sidhpurwala (Jul 01)
CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Petr Matousek (Jul 01)
- Re: CVE request: kernel: nl80211: missing check for valid SSID size in scan operations Eugene Teo (Jul 01)
Re: CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Eugene Teo (Jul 01)
php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
- Re: php ZipArchive::addGlob() crashes on invalid flags Maksymilian Arciemowicz (Jul 01)
  - Re: Re: php ZipArchive::addGlob() crashes on invalid flags Tomas Hoger (Jul 01)
Re: Closed list Oracle Security Alerts (Jul 01)
- Re: Closed list Tomas Hoger (Jul 04)
- <Possible follow-ups>
- Re: Closed list Steve Kemp (Jul 21)
  - Re: Closed list Solar Designer (Jul 21)
    - Re: Closed list Steffen Joeris (Jul 21)
    - Re: Closed list Solar Designer (Jul 22)
    - Re: Closed list Tomas Hoger (Jul 29)
    - Re: Closed list Solar Designer (Jul 29)
- Closed List John Haxby (Aug 30)
  - Re: Closed List Solar Designer (Aug 30)
    - Re: Closed List John Haxby (Aug 30)
vsftpd download backdoored Solar Designer (Jul 03)
- Re: vsftpd download backdoored Moritz Muehlenhoff (Jul 04)
  - Re: vsftpd download backdoored Solar Designer (Jul 04)
    - Re: vsftpd download backdoored Eugene Teo (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 05)
    - Re: vsftpd download backdoored HD Moore (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 05)
    - Re: vsftpd download backdoored HD Moore (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 05)
    - Re: vsftpd download backdoored HD Moore (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 05)
    - Re: vsftpd download backdoored Matthias Andree (Jul 05)
    - Re: vsftpd download backdoored Chris Evans (Jul 07)
    - Re: vsftpd download backdoored Eugene Teo (Jul 05)
    - Re: vsftpd download backdoored Solar Designer (Jul 06)
    - Re: vsftpd download backdoored Josh Bressers (Jul 11)
Re: CVE request: openssl timing attack Solar Designer (Jul 03)
- Re: CVE request: openssl timing attack Tomas Hoger (Jul 04)
  - Re: CVE request: openssl timing attack Solar Designer (Jul 06)
    - Re: CVE request: openssl timing attack Tomas Hoger (Jul 06)
    - Re: CVE request: openssl timing attack Solar Designer (Jul 10)
Re: CVE requests; issues fixed in MySQL 5.1.52 Ludwig Nussel (Jul 04)
- Re: CVE requests; issues fixed in MySQL 5.1.52 Josh Bressers (Jul 12)
  - Re: CVE requests; issues fixed in MySQL 5.1.52 Jan Lieskovsky (Jul 20)
CVE request: plone privilege escalation flaw Vincent Danen (Jul 04)
- Re: CVE request: plone privilege escalation flaw Josh Bressers (Jul 12)
FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 04)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Colin Percival (Jul 05)
  - Re: FreeBSD 4.x OpenSSH/libopie remote root hole Solar Designer (Jul 05)
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Sebastian Krahmer (Jul 05)
- <Possible follow-ups>
- Re: FreeBSD 4.x OpenSSH/libopie remote root hole Markus Friedl (Jul 06)
R: Re: [oss-security] vsftpd download backdoored pinto.elia () gmail com (Jul 05)
The Bind incident Eugene Teo (Jul 05)
- Re: The Bind incident Eugene Teo (Jul 05)
  - Re: The Bind incident Barry Greene (Jul 06)
    - Re: The Bind incident Eugene Teo (Jul 07)
- Re: The Bind incident Solar Designer (Jul 06)
  - Re: The Bind incident Mike O'Connor (Jul 06)
    - Re: The Bind incident Florian Weimer (Jul 06)
CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Eugene Teo (Jul 06)
- Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization Huzaifa Sidhpurwala (Jul 06)
Security issue in reseed Jamie Strandboge (Jul 06)
- CVE Request: reseed Jamie Strandboge (Jul 06)
  - Re: CVE Request: reseed Josh Bressers (Jul 12)
CVE Request: foo2zjs Marc Deslauriers (Jul 06)
- Re: CVE Request: foo2zjs Josh Bressers (Jul 12)
libreoffice/openoffice.org CVE id request Nico Golde (Jul 06)
- Re: libreoffice/openoffice.org CVE id request Josh Bressers (Jul 12)
Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 06)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
  - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 08)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
- <Possible follow-ups>
- Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 07)
  - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 07)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 11)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 11)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 12)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 13)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Ludwig Nussel (Jul 14)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 14)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Aug 03)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jul 17)
CVE-2011-1780, CVE-2011-1936, kernel/xen issues Eugene Teo (Jul 07)
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jamie Strandboge (Jul 07)
- Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo William Cohen (Jul 12)
oCERT name change due to trademark claims Andrea Barisani (Jul 07)
SSL renegotiation DoS CVE-2011-1473 Tomas Hoger (Jul 08)
CVE Request: ruby PRNG fixes Ludwig Nussel (Jul 11)
- Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 12)
- Re: CVE Request: ruby PRNG fixes Huzaifa Sidhpurwala (Jul 20)
  - Re: CVE Request: ruby PRNG fixes Josh Bressers (Jul 20)
CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Jan Lieskovsky (Jul 11)
- Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002) Josh Bressers (Jul 12)
CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify() Eugene Teo (Jul 12)
Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 12)
- Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Mike O'Connor (Jul 12)
- Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Josh Bressers (Jul 12)
  - Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Steven M. Christey (Jul 13)
    - Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? halfdog (Jul 16)
    - Re: Apache symlink issue: can documented behavior be a security problem and hence get a CVE? Stefan Fritsch (Jul 16)
[Announcement] ClubHack Magazine Issue 18-July2011 Released Abhijeet Patil (Jul 12)
CVE Request: qemu -runas does not clear supplementary groups Michael Tokarev (Jul 12)
- Re: CVE Request: qemu -runas does not clear supplementary groups Vincent Danen (Jul 12)
CVE id request: apache mod-auth-external Nico Golde (Jul 12)
- Re: CVE id request: apache mod-auth-external Josh Bressers (Jul 12)
CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize Eugene Teo (Jul 13)
Security issues fixed in libpng 1.5.4 Huzaifa Sidhpurwala (Jul 13)
CVE Request: hplip/foomatic-filters Sebastian Krahmer (Jul 13)
- Re: CVE Request: hplip/foomatic-filters Jan Lieskovsky (Jul 18)
  - Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Jul 28)
    - Re: CVE Request: hplip/foomatic-filters Tomas Hoger (Aug 01)
[oCERT-2011-001] Chyrp input sanitization errors Andrea Barisani (Jul 13)
- Re: [oCERT-2011-001] Chyrp input sanitization errors Steven M. Christey (Jul 13)
CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
  - Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
    - Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 15)
    - Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 15)
    - Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 15)
  - Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Huzaifa Sidhpurwala (Jul 18)
CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Jul 14)
- Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Thomas Biege (Aug 02)
- <Possible follow-ups>
- Re: CVE request: webkit ZDI-11-138 and ZDI-11-139 Huzaifa Sidhpurwala (Aug 02)
CVE-2009-4067 kernel: usb: buffer overflow in auerswald_probe() Eugene Teo (Jul 15)
CVE-2011-1764 Exim: DKIM Format String Djalal Harouni (Jul 15)
CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 15)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen (Jul 15)
  - Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Ludwig Nussel (Jul 18)
  - Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Stefan Behte (Jul 18)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 18)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
    - *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Solar Designer (Jul 19)
    - Re: *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Tim Zingelman (Jul 21)
    - Re: *BSD security contacts Solar Designer (Jul 21)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tomas Hoger (Jul 19)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Josh Bressers (Jul 20)
    - Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Petr Matousek (Jul 15)
- Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Josh Bressers (Jul 15)
CVE request and info: freetype flaw to jailbreak iphone Vincent Danen (Jul 16)
- Re: CVE request and info: freetype flaw to jailbreak iphone Geoffrey Keating (Jul 17)
CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation Vincent Danen (Jul 18)
CVE id request: (e)glibc Nico Golde (Jul 18)
- Re: CVE id request: (e)glibc Josh Bressers (Jul 20)
cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 19)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Mike O'Connor (Jul 21)
  - Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Jul 22)
- Re: cve id request: insecure xauth cookie handling in fglrx (ati catalyst) driver Michael Gilbert (Aug 04)
CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Jan Lieskovsky (Jul 19)
- Re: CVE Request -- Wireshark: Infinite loop in the ANSI A Interface (IS-634/IOS) dissector Huzaifa Sidhpurwala (Jul 20)
CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Jan Lieskovsky (Jul 19)
- Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Even Rouault (Jul 19)
  - Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support. Alan Boudreault (Jul 19)
CVE request: kernel: ipv6: make fragment identifications less predictable Eugene Teo (Jul 20)
- Re: CVE request: kernel: ipv6: make fragment identifications less predictable Huzaifa Sidhpurwala (Jul 20)
CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Eugene Teo (Jul 20)
- Re: CVE request: kernel: si4713-i2c: avoid potential buffer overflow on si4713 Huzaifa Sidhpurwala (Jul 20)
CVE request: sNews 1.7.1 XSS in reorder Henri Salo (Jul 20)
- Re: CVE request: sNews 1.7.1 XSS in reorder Josh Bressers (Jul 20)
CVE request: kernel: arbitrary kernel read in xtensa Dan Rosenberg (Jul 20)
- Re: CVE request: kernel: arbitrary kernel read in xtensa Josh Bressers (Jul 20)
Fwd: Joomla! Security News Henri Salo (Jul 20)
- Re: Fwd: Joomla! Security News Josh Bressers (Jul 20)
New IcedTea and IcedTea-Web releases Tomas Hoger (Jul 20)
CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Jan Lieskovsky (Jul 21)
- Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Josh Bressers (Jul 22)
  - Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer (Jul 25)
    - Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Tomas Hoger (Aug 12)
    - Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Marcus Meissner (Aug 12)
CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 22)
- Re: CVE Request: Joomla! 1.7.0-RC and lower | Cross Site Scripting Vulnerabilities Josh Bressers (Jul 22)
CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
  - Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
    - Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)
CVE request: PyForum backdoor BMSA-2009-07 Henri Salo (Jul 24)
- Re: CVE request: PyForum backdoor BMSA-2009-07 Josh Bressers (Jul 26)
Re: CVE request: silverstripe before 2.4.4 Henri Salo (Jul 24)
CVE request: Drupal Data-module multiple vulnerabilities Henri Salo (Jul 24)
- Re: CVE request: Drupal Data-module multiple vulnerabilities Josh Bressers (Jul 26)
Squirrelmail CVE duplicates Moritz Muehlenhoff (Jul 24)
- Re: Squirrelmail CVE duplicates Jan Lieskovsky (Jul 25)
  - Re: Squirrelmail CVE duplicates Moritz Mühlenhoff (Jul 25)
Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Vasiliy Kulikov (Jul 25)
  - Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
    - Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 26)
- <Possible follow-ups>
- Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 25)
  - Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Solar Designer (Jul 25)
    - Re: CVE Request -- rpm -- Fails to remove the SUID/SGID bits on package upgrade (RH BZ#598775) Jeff Johnson (Jul 26)
CVE request - dhcp clients Tomas Hoger (Jul 25)
- Re: CVE request - dhcp clients Josh Bressers (Jul 26)
  - Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
    - Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
    - Re: CVE request - dhcp clients Tomas Hoger (Jul 27)
    - Re: CVE request - dhcp clients Sebastian Krahmer (Jul 27)
CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Jan Lieskovsky (Jul 25)
- Re: CVE-Request -- phpMyAdmin -- PMASA-2011-11 and PMASA-2011-12 Josh Bressers (Jul 26)
CVE Request -- GLPI -- Properly blacklist some sensitive fields Jan Lieskovsky (Jul 25)
- Re: CVE Request -- GLPI -- Properly blacklist some sensitive fields Josh Bressers (Jul 26)
CVE Request: Ark path traversal Jeff Mitchell (Jul 25)
- Re: CVE Request: Ark path traversal Josh Bressers (Jul 26)
  - Re: CVE Request: Ark path traversal Jeff Mitchell (Jul 26)
CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
- Re: CVE Request: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Tim Brown (Jul 25)
CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 25)
- Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Steven M. Christey (Jul 27)
  - Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Jul 28)
    - Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Josh Bressers (Jul 29)
    - Re: CVE: Input validation failure affecting multiple KDE applications, as well as many other Qt-based applications Jeff Mitchell (Aug 01)
two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Vincent Danen (Jul 25)
- Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
  - Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Huzaifa Sidhpurwala (Jul 28)
    - Re: Re: two systemtap flaws: CVE-2011-2502 and CVE-2011-2503 Tavis Ormandy (Jul 28)
CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Jan Lieskovsky (Jul 26)
- Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes Josh Bressers (Jul 26)
CVE request: hplip: insecure tmp file handling Matthias Weckbecker (Jul 26)
- Re: CVE request: hplip: insecure tmp file handling Josh Bressers (Jul 26)
Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Muehlenhoff (Jul 26)
- Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Dan Rosenberg (Jul 26)
  - Re: Information on CVE-2011-2300/CVE-2011-2305 for VirtualBox ? Moritz Mühlenhoff (Jul 26)
Re: Symlinks and filesystem recursion vulnerabilities: Action needed or ignore? Solar Designer (Jul 26)
iputils ping6 -s buffer overflow Solar Designer (Jul 26)
CFP SecurityByte India Papers, Call For (Jul 27)
- Re: CFP SecurityByte India Solar Designer (Jul 27)
Re: CVE request: multiple libraries getenv() misuse Solar Designer (Jul 27)
CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Vincent Danen (Jul 27)
- Re: CVE request: drupal7 SA-CORE-2011-003 (access restriction bypass) Josh Bressers (Jul 29)
Re: CVE request: gri < 2.12.18 insecure temp file generation Henri Salo (Jul 28)
- Re: CVE request: gri < 2.12.18 insecure temp file generation Steven M. Christey (Jul 28)
CVE-request Tribiq CMS path disclosure HTB22857 Henri Salo (Jul 28)
- Re: CVE-request Tribiq CMS path disclosure HTB22857 Josh Bressers (Jul 29)
libxml security fix from apple ... any information? Marcus Meissner (Jul 28)
- Re: libxml security fix from apple ... any information? Huzaifa Sidhpurwala (Jul 29)
- Re: libxml security fix from apple ... any information? Billy Rios (Jul 29)
  - Re: Re: libxml security fix from apple ... any information? Thomas Biege (Jul 29)
    - Re: Re: libxml security fix from apple ... any information? Moritz Muehlenhoff (Jul 29)
    - Re: Re: libxml security fix from apple ... any information? Jeffrey Czerniak (Jul 30)
    - Re: libxml security fix from apple ... any information? Solar Designer (Jul 30)
  - Re: libxml security fix from apple ... any information? Daniel Veillard (Aug 04)
CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Jan Lieskovsky (Jul 28)
- Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Jul 29)
  - Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Huzaifa Sidhpurwala (Aug 15)
    - Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Steven M. Christey (Aug 15)
- Re: CVE Request -- foomatic (foomatic-filters): foomatic-rip (debug mode) insecure temporary file use in renderer command line by processing PostScript data Josh Bressers (Aug 17)
CVE-2011-2524: libsoup's SoupServer directory traversal flaw Vincent Danen (Jul 28)
multiple flaws in minissdpd Kees Cook (Jul 28)
- Re: multiple flaws in minissdpd miniupnp (Jul 29)
CVE request: kernel: gro: Only reset frag0 when skb can be pulled Kees Cook (Jul 28)
- Re: CVE request: kernel: gro: Only reset frag0 when skb can be pulled Eugene Teo (Jul 29)
Re: CVE Request -- vsftpd -- Do not create network namespace per connection Eugene Teo (Jul 29)
- Re: CVE Request -- vsftpd -- Do not create network namespace per connection Jan Lieskovsky (Jul 29)
CVE-2011-2724 assignment notification -- samba -- incomplete fix for CVE-2010-0547 issue Jan Lieskovsky (Jul 29)
CVE mistake in libsoup release notes Vincent Danen (Jul 29)
CVE Request: Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jul 30)
CFP open for ClubHack2011 Abhijeet Patil (Jul 30)
- Re: CFP open for ClubHack2011 Solar Designer (Jul 30)
  - Re: CFP open for ClubHack2011 Thomas Biege (Aug 01)
CVE request: GIF loader buffer overflow when initializing decompression tables Thomas Biege (Aug 02)
- Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 03)
- Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 19)
CVE request: Linux kernel af_packet information leak Moritz Muehlenhoff (Aug 03)
- Re: CVE request: Linux kernel af_packet information leak Josh Bressers (Aug 03)
CVE Request: foomatic-gui Marc Deslauriers (Aug 03)
- Re: CVE Request: foomatic-gui Tim Waugh (Aug 03)
- Re: CVE Request: foomatic-gui Josh Bressers (Aug 03)
  - Re: CVE Request: foomatic-gui dave bl (Aug 04)
    - Re: CVE Request: foomatic-gui Henri Salo (Aug 04)
    - Re: CVE Request: foomatic-gui Tim Waugh (Aug 04)
    - Re: CVE Request: foomatic-gui Josh Bressers (Aug 04)
    - Re: CVE Request: foomatic-gui Tim Waugh (Aug 05)
    - Re: CVE Request: foomatic-gui dave bl (Aug 05)
    - Re: CVE Request: foomatic-gui Huzaifa Sidhpurwala (Aug 12)
CVE id request: shttpd/mongoose/yassl embedded webserver Nico Golde (Aug 03)
- Re: CVE id request: shttpd/mongoose/yassl embedded webserver Josh Bressers (Aug 03)
cve request: xpdf: insecure tempfile usage in zxpdf script Michael Gilbert (Aug 04)
- Re: cve request: xpdf: insecure tempfile usage in zxpdf script Josh Bressers (Aug 09)
CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Aug 04)
- Re: CVE-request: clamav floating point exception in OLE2 scanner DoS Henri Salo (Sep 24)
CVE request: coppermine gallery < 1.4.26 Henri Salo (Aug 04)
- Re: CVE request: coppermine gallery < 1.4.26 Josh Bressers (Aug 19)
CVE-request: KaiBB security vulnerabilities without CVE-IDs Henri Salo (Aug 04)
- Re: CVE-request: KaiBB security vulnerabilities without CVE-IDs Josh Bressers (Aug 19)
CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Henri Salo (Aug 04)
- Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Mike O'Connor (Aug 04)
- Re: CVE-request: FreeBSD/NetBSD/OpenBSD(?) ftpd remote crash (2010) Josh Bressers (Aug 19)
CVE-request: pithos symlink vulnerability CWE-61 Henri Salo (Aug 04)
- Re: CVE-request: pithos symlink vulnerability CWE-61 Josh Bressers (Aug 19)
CVE request: heap overflow in tcptrack < 1.4.2 Vincent Danen (Aug 09)
- Re: CVE request: heap overflow in tcptrack < 1.4.2 Josh Bressers (Aug 09)
  - Re: CVE request: heap overflow in tcptrack < 1.4.2 Steven M. Christey (Aug 31)
    - Re: CVE request: heap overflow in tcptrack < 1.4.2 Moritz Muehlenhoff (Sep 13)
CVE request: perf: may parse user-controlled config file dann frazier (Aug 09)
- Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 09)
  - Re: CVE request: perf: may parse user-controlled config file Yves-Alexis Perez (Aug 09)
    - Re: CVE request: perf: may parse user-controlled config file Steve Grubb (Aug 10)
  - Re: CVE request: perf: may parse user-controlled config file dann frazier (Aug 11)
- Re: CVE request: perf: may parse user-controlled config file Josh Bressers (Aug 09)
CVE request: zabbix XSS flaw Vincent Danen (Aug 09)
- Re: CVE request: zabbix XSS flaw Josh Bressers (Aug 09)
CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 09)
- Re: CVE requests: Two kernel issues Eugene Teo (Aug 09)
  - Re: CVE requests: Two kernel issues Dan Rosenberg (Aug 10)
    - Re: CVE requests: Two kernel issues Eugene Teo (Aug 10)
  - Re: CVE requests: Two kernel issues Moritz Muehlenhoff (Aug 10)
    - Re: CVE requests: Two kernel issues Eugene Teo (Aug 12)
    - Re: CVE requests: Two kernel issues Yves-Alexis Perez (Aug 12)
    - Re: CVE requests: Two kernel issues Eugene Teo (Aug 15)
CVE request (and disclosure): ax25d missing setuid return code check Dan Rosenberg (Aug 10)
- Re: CVE request (and disclosure): ax25d missing setuid return code check Eren Türkay (Aug 11)
  - Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 11)
    - Re: CVE request (and disclosure): ax25d missing setuid return code check Ralf Baechle (Aug 11)
    - Re: CVE request (and disclosure): ax25d missing setuid return code check Jon Oberheide (Aug 11)
    - Re: CVE request (and disclosure): ax25d missing setuid return code check Solar Designer (Aug 11)
    - Re: CVE request (and disclosure): ax25d missing setuid return code check Thomas Osterried (Aug 18)
- Re: CVE request (and disclosure): ax25d missing setuid return code check Josh Bressers (Aug 12)
CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 10)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Tomas Hoger (Aug 10)
  - Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Thomas Biege (Aug 11)
- Re: CVE request: libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 Josh Bressers (Aug 12)
[oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)
- Re: [oCERT-2011-002] libavcodec insufficient boundary check Dan Rosenberg (Aug 10)
  - Re: [oCERT-2011-002] libavcodec insufficient boundary check Daniele Bianco (Aug 10)
LZW decompression issues Tomas Hoger (Aug 10)
- Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Solar Designer (Sep 28)
  - Re: LZW decompression issues Colin Percival (Sep 28)
  - Re: LZW decompression issues Tomas Hoger (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 29)
  - Re: LZW decompression issues Tavis Ormandy (Sep 28)
    - Re: LZW decompression issues Solar Designer (Sep 29)
    - Re: LZW decompression issues Tomas Hoger (Sep 29)
    - Re: LZW decompression issues Tim Zingelman (Sep 29)
    - Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
    - Re: LZW decompression issues Solar Designer (Sep 29)
    - Re: LZW decompression issues Tavis Ormandy (Sep 29)
- Re: LZW decompression issues Florian Weimer (Sep 28)
CVE-2011-2907: authentication bypass in torque Vincent Danen (Aug 11)
CVE request: improper permissions on ~/.qtnx/*.nxml Vincent Danen (Aug 11)
- Re: CVE request: improper permissions on ~/.qtnx/*.nxml Josh Bressers (Aug 12)
CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection YGN Ethical Hacker Group (Aug 11)
- Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection Josh Bressers (Aug 12)
CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 12)
- Re: CVE request: multiple vulnerabilities in dtc Thomas Goirand (Aug 13)
  - Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
- Re: CVE request: multiple vulnerabilities in dtc Jonathan Wiltshire (Aug 24)
  - Re: Re: CVE request: multiple vulnerabilities in dtc Josh Bressers (Aug 24)
CVE request: two vulnerabilities in ktsuss 1.4 and earlier John Lightsey (Aug 13)
- Re: CVE request: two vulnerabilities in ktsuss 1.4 and earlier Josh Bressers (Aug 16)
kernel: ext3/4: ext3/4_symlink lock oops Eugene Teo (Aug 15)
CVE request -- kernel: perf: fix software event overflow Petr Matousek (Aug 15)
- Re: CVE request -- kernel: perf: fix software event overflow Eugene Teo (Aug 16)
CVE request: ruby on rails flaws (4) Vincent Danen (Aug 17)
- Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 19)
  - Re: CVE request: ruby on rails flaws (4) Vincent Danen (Aug 20)
    - Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
  - Re: CVE request: ruby on rails flaws (4) Matthias Weckbecker (Aug 22)
    - Re: CVE request: ruby on rails flaws (4) Josh Bressers (Aug 22)
CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability YGN Ethical Hacker Group (Aug 18)
- Re: CVE Request: WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability Josh Bressers (Aug 19)
CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Aug 18)
- Re: CVE Request: WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Aug 19)
CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities YGN Ethical Hacker Group (Aug 18)
- Re: CVE Request: Elgg 1.7.10 <= | Multiple Vulnerabilities Josh Bressers (Aug 19)
CVE request: roundcube XSS before 0.5.4 Hanno Böck (Aug 18)
- Re: CVE request: roundcube XSS before 0.5.4 Josh Bressers (Aug 19)
Start(up) API project security Sergey Chernyshev (Aug 18)
CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities David Hicks (Aug 18)
- Re: CVE request: MantisBT <1.2.7 search.php multiple XSS vulnerabilities Josh Bressers (Aug 19)
CVE request: heap overflow in perl while decoding Unicode string Vincent Danen (Aug 18)
- Re: CVE request: heap overflow in perl while decoding Unicode string Josh Bressers (Aug 19)
CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Timo Warns (Aug 19)
- Re: CVE request: Linux: ZERO_SIZE_PTR dereference for long symlinks in Be FS Eugene Teo (Aug 19)
CVE request: BusyBox unpack_Z_stream() buffer underflow Alex Legler (Aug 19)
- Re: CVE request: BusyBox unpack_Z_stream() buffer underflow Tomas Hoger (Aug 19)
CVE request: stunnel 4.4x heap overflow flaw Vincent Danen (Aug 19)
- Re: CVE request: stunnel 4.4x heap overflow flaw Josh Bressers (Aug 19)
CVE request: Pidgin crash Mark Doliner (Aug 20)
- Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
  - Re: CVE request: Pidgin crash Huzaifa Sidhpurwala (Aug 22)
    - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
  - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
  - Re: CVE request: Pidgin crash Moritz Mühlenhoff (Aug 22)
    - Re: CVE request: Pidgin crash Mark Doliner (Aug 22)
    - Re: CVE request: Pidgin crash Josh Bressers (Aug 22)
CVE request: libqt4: two memory issues Matthias Weckbecker (Aug 22)
- Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 24)
- Re: CVE request: libqt4: two memory issues Josh Bressers (Aug 24)
  - Re: CVE request: libqt4: two memory issues Tomas Hoger (Aug 25)
CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting YGN Ethical Hacker Group (Aug 22)
- Re: CVE Request: Concrete CMS 5.4.1.1 <= Cross Site Scripting Josh Bressers (Aug 22)
CVE assignment php NULL pointer dereference - CVE-2011-3182 Josh Bressers (Aug 22)
CVE request: kernel: change in how tcp seq numbers are generated Eugene Teo (Aug 23)
- Re: CVE request: kernel: change in how tcp seq numbers are generated Petr Matousek (Aug 23)
lxc + fscaps Sebastian Krahmer (Aug 23)
CVE assignment - PHP salt flaw CVE-2011-3189 Josh Bressers (Aug 23)
CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 24)
- Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() Eugene Teo (Aug 24)
- Re: CVE request: kernel: cifs: singedness issue in CIFSFindNext() David Jorm (Aug 24)
CVE assignment Apache httpd multiple-range DoS ("Apache Killer") - CVE-2011-3192 Mark J Cox (Aug 24)
lightdm issues Sebastian Krahmer (Aug 24)
- Re: lightdm issues Robert Ancell (Aug 26)
  - Re: Re: lightdm issues Yves-Alexis Perez (Sep 07)
    - Re: Re: lightdm issues Josh Bressers (Sep 09)
Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 25)
- Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Sebastian Krahmer (Aug 26)
  - Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
    - Re: Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 26)
    - Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Aug 26)
    - Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Yves-Alexis Perez (Aug 29)
    - Re: [Pkg-xfce-devel] Bug#639151: Bug#639151: Bug#639151: Local privilege escalation Solar Designer (Sep 05)
CVE Assignment - evolution CVE-2011-3201 Josh Bressers (Aug 26)
CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting YGN Ethical Hacker Group (Aug 26)
- Re: CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting Josh Bressers (Aug 30)
CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution YGN Ethical Hacker Group (Aug 26)
- Re: CVE Request: Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution Josh Bressers (Aug 30)
Security issue in hammerhead Jamie Strandboge (Aug 26)
- Re: Security issue in hammerhead Josh Bressers (Aug 30)
CVE-request(?): squid: buffer overflow in Gopher reply parser Matthias Weckbecker (Aug 29)
- Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Vincent Danen (Aug 30)
- Re: CVE-request(?): squid: buffer overflow in Gopher reply parser Josh Bressers (Aug 30)
kernel: CVE-2011-2482/2519 Eugene Teo (Aug 30)
kernel: xen: CVE-2011-2901 Petr Matousek (Aug 30)
CVE request for bcfg2 (remote root) Jonathan Wiltshire (Sep 01)
- Re: CVE request for bcfg2 (remote root) Josh Bressers (Sep 06)
Re: CVE request for OpenTTD Josh Bressers (Sep 06)
CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 06)
- Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Petr Matousek (Sep 07)
  - Re: CVE Request: OFED 1.5.2 /proc/net/sdpstats reading local denial of service/crash Marcus Meissner (Sep 07)
CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan Lieskovsky (Sep 07)
- Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Henri Doreau (Sep 07)
- Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 07)
  - Re: CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Josh Bressers (Sep 09)
    - Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Jan-Oliver Wagner (Sep 09)
    - Re: [Openvas-devel] [oss-security] CVE Request -- openvas-scanner -- Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled Tim Brown (Sep 09)
CVE id request: masqmail Nico Golde (Sep 07)
- Re: CVE id request: masqmail Josh Bressers (Sep 09)
CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Jan Lieskovsky (Sep 08)
- Re: CVE Request -- libfcgi-perl / perl-FCGI: Certain environment variables shared between first and subsequent HTTP requests Moritz Muehlenhoff (Sep 08)
Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Nico Golde (Sep 08)
- Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Henri Salo (Sep 08)
- <Possible follow-ups>
- Re: CVE requests: <mantisbt-1.2.8 multiple vulnerabilities (1xLFI+XSS, 2xXSS) Josh Bressers (Sep 09)
CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Jan Lieskovsky (Sep 08)
- Re: CVE Request -- Zikula (v1.3.x) -- XSS flaw due improper sanitization of 'themename' parameter by setting default, modifying and deleting themes Josh Bressers (Sep 09)
CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Petr Matousek (Sep 08)
- Re: CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message Josh Bressers (Sep 09)
CVE request: Quassel < 0.7.3 CTCP request core DoS Alex Legler (Sep 08)
- Re: CVE request: Quassel < 0.7.3 CTCP request core DoS Josh Bressers (Sep 09)
CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Jan Lieskovsky (Sep 09)
- Re: CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folder Josh Bressers (Sep 09)
D-Link DCS-2121 Semicolon Vulnerability Eren Türkay (Sep 10)
- Re: D-Link DCS-2121 Semicolon Vulnerability Josh Bressers (Sep 14)
CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Jan Lieskovsky (Sep 11)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Thijs Kinkhorst (Sep 13)
- Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Josh Bressers (Sep 14)
  - Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws Henri Salo (Sep 15)
    - Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws dave bl (Sep 15)
CVE Request: Multiple issues fixed in wireshark 1.6.2 Huzaifa Sidhpurwala (Sep 13)
- Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
  - Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
    - Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Josh Bressers (Sep 14)
  - Re: CVE Request: Multiple issues fixed in wireshark 1.6.2 Steven M. Christey (Sep 14)
CVE Request: BackupPC 3.2.1 fixes cross site scripting Thijs Kinkhorst (Sep 13)
- Re: CVE Request: BackupPC 3.2.1 fixes cross site scripting Josh Bressers (Sep 14)
CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Moritz Muehlenhoff (Sep 13)
- Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Josh Bressers (Sep 14)
CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Petr Matousek (Sep 14)
- Re: CVE request -- kernel: b43: allocate receive buffers big enough for max frame len + offset Eugene Teo (Sep 14)
CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Petr Matousek (Sep 14)
- Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Josh Bressers (Sep 14)
  - Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount akuster (Sep 23)
    - Re: CVE request -- kernel: cifs: always do is_path_accessible check in cifs_mount Eugene Teo (Sep 26)
unauthorized deletion of file in Tahoe-LAFS Zooko O'Whielacronx (Sep 15)
CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Jan Lieskovsky (Sep 15)
- Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Steven M. Christey (Sep 15)
- Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14) Josh Bressers (Sep 30)
Is there a maintainer for librsvg ? Nicolas Grégoire (Sep 16)
- Re: Is there a maintainer for librsvg ? Yves-Alexis Perez (Sep 16)
closed-list membership transition Kees Cook (Sep 16)
- Re: closed-list membership transition Yves-Alexis Perez (Sep 16)
  - Re: closed-list membership transition Kees Cook (Sep 16)
- Re: closed-list membership transition Solar Designer (Sep 17)
  - Re: closed-list membership transition Ludwig Nussel (Sep 19)
    - Re: closed-list membership transition Solar Designer (Sep 19)
CVE request: PunBB multiple XSS issues Henri Salo (Sep 18)
- Re: CVE request: PunBB multiple XSS issues Josh Bressers (Sep 22)
CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Hanno Böck (Sep 19)
- Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Josh Bressers (Sep 22)
CVE Request? etherape remote crash (denial of service) Marcus Meissner (Sep 19)
- Re: CVE Request? etherape remote crash (denial of service) Josh Bressers (Sep 22)
Re: CVE request: kernel: taskstats/procfs io infoleak Vasiliy Kulikov (Sep 21)
CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Jan Lieskovsky (Sep 22)
- Re: CVE Request -- drupal6-views_bulk_operations: XSS due improper escaping of a vocabulary help (SA-CONTRIB-2011-042) Josh Bressers (Sep 23)
CVE Request -- apt Jamie Strandboge (Sep 22)
- Re: CVE Request -- apt Josh Bressers (Sep 23)
- <Possible follow-ups>
- Re: CVE Request -- apt Jamie Strandboge (Sep 22)
CVE Request: Missing input sanitation in various X GLX calls Marcus Meissner (Sep 22)
- Re: CVE Request: Missing input sanitation in various X GLX calls Josh Bressers (Sep 23)
- Re: CVE Request: Missing input sanitation in various X GLX calls Vincent Danen (Sep 23)
CVE Request: X.org ProcRenderGlyps input sanitation issue Marcus Meissner (Sep 22)
- Re: CVE Request: X.org ProcRenderGlyps input sanitation issue Josh Bressers (Sep 23)
CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 24)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
  - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Stas Malyshev (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
    - RE: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Zeev Suraski (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Rasmus Lerdorf (Sep 25)
    - Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
    - Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Vincent Danen (Sep 26)
    - Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Johannes Schlüter (Sep 26)
    - Re: Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 26)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Pierre Joye (Sep 25)
- Re: CVE request: is_a() function may allow arbitrary code execution in PHP 5.3.7/5.3.8 Josh Bressers (Sep 27)
CVE request: heap-based buffer overflow in ldns Vincent Danen (Sep 24)
- Re: CVE request: heap-based buffer overflow in ldns Josh Bressers (Sep 30)
CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability YGN Ethical Hacker Group (Sep 26)
- Re: CVE Request: Advanced Electron Forums (AEF) 1.0.9 <= Cross Site Request Forgery (CSRF) Vulnerability Josh Bressers (Sep 30)
CVE requests: Typo3 Moritz Muehlenhoff (Sep 26)
- Re: CVE requests: Typo3 Josh Bressers (Sep 30)
CVE Request: samba, cifs-utils Marc Deslauriers (Sep 27)
- Re: CVE Request: samba, cifs-utils Josh Bressers (Sep 30)
rpm/librpm/rpm-python memory corruption pre-verification Tavis Ormandy (Sep 27)
- Re: rpm/librpm/rpm-python memory corruption pre-verification yersinia (Sep 28)
- Re: rpm/librpm/rpm-python memory corruption pre-verification nicolas vigier (Sep 29)
CVE Request: ffmpeg/libav Marc Deslauriers (Sep 27)
- Re: CVE Request: ffmpeg/libav Josh Bressers (Sep 30)
  - Re: CVE Request: ffmpeg/libav Marc Deslauriers (Sep 30)
CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Jan Lieskovsky (Sep 29)
- Re: CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution Josh Bressers (Sep 30)
Firefox: CVE-2011-3867 a dupe of CVE-2011-2998 Moritz Muehlenhoff (Sep 30)

Previous period

Next period