Home page logo
/

591 messages starting Oct 05 11 and ending Nov 22 11
Date index | Thread index | Author index

akuster

Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images akuster (Oct 05)

Alex Legler

Re: non-Linux advance notification list Alex Legler (Nov 28)

Andrea Barisani

[oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 28)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Andrea Barisani (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Andrea Barisani (Dec 29)

Anthon Pang

Re: CVE request: piwik before 1.6 Anthon Pang (Oct 19)
Re: CVE request: piwik before 1.6 Anthon Pang (Oct 20)

Armin Burgmeier

Re: CVE request: 3 flaws in libobby and libnet6 Armin Burgmeier (Oct 30)

Aurelien Jarno

CVE Request: FreeBSD kernel Aurelien Jarno (Oct 19)

Ben Hawkes

CVE Request: nginx resolver heap overflow Ben Hawkes (Nov 17)

Benjamin Renaut

Re: Request for CVE Identifier: bzexe insecure temporary file Benjamin Renaut (Oct 28)

Billy Brumley

CVE-2011-4354 OpenSSL 0.9.8g (32-bit builds) bug leaks ECC private keys Billy Brumley (Dec 01)

Colin Percival

Re: CVE Request: FreeBSD kernel Colin Percival (Oct 24)

Colin Watson

Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Colin Watson (Nov 27)

cve-assign

Re: CVE Request -- Django: v1.3.1, v1.2.7 multiple security flaws cve-assign (Oct 19)
Re: More CVEs? (was Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) cve-assign (Dec 30)

Dan Rosenberg

Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Dan Rosenberg (Oct 27)
Re: Re: CVE request for Calibre Dan Rosenberg (Nov 03)
CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)
Re: CVE request: Android: vold stack buffer overflow Dan Rosenberg (Nov 08)

David Black

CVE request for Django-piston and Tastypie David Black (Nov 01)
Re: CVE request for Django-piston and Tastypie David Black (Nov 02)

David Hicks

Re: /proc/interrupts PoC: spy-interrupts David Hicks (Nov 08)

David Holland

caml-light insecure temporary files David Holland (Nov 06)
Re: caml-light insecure temporary files David Holland (Nov 08)

David Jorm

CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information David Jorm (Nov 16)
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm (Nov 29)
DOM based XSS in the JBoss AS 7 administration console - CVE-2011-3606 David Jorm (Dec 02)
CSRF in the JBoss AS 7 administration console & HTTP management API - CVE-2011-3609 David Jorm (Dec 02)
CVE Request for Apache ActiveMQ DoS David Jorm (Dec 25)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) David Jorm (Dec 29)

dishix

CVE request: CSRF in xt:commerce 3.04 SP2.1 dishix (Dec 03)

Eitan Adler

Re: CVE Request: FreeBSD kernel Eitan Adler (Oct 24)
Re: caml-light insecure temporary files Eitan Adler (Nov 07)

Elio Maldonado

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Elio Maldonado (Oct 24)

Ethan Blanton

libpurple vulnerability disclosure and fix Ethan Blanton (Oct 01)

Eugene Teo

Re: Wrong MLIST link in CVE-2011-3783 Eugene Teo (Oct 17)
Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Eugene Teo (Oct 24)
kernel; CVE-2011-2942 and CVE-2011-3209 Eugene Teo (Oct 24)
CVE request: kernel: crypto: ghash: null pointer deref if no key is set Eugene Teo (Oct 27)
CVE request: kernel: oom: fix integer overflow of points in oom_badness Eugene Teo (Nov 01)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 08)
Re: CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Eugene Teo (Nov 09)
CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0 Eugene Teo (Nov 21)
kernel: hfs: add sanity check for file name length Eugene Teo (Nov 21)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Eugene Teo (Nov 22)
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Eugene Teo (Nov 24)
CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Eugene Teo (Dec 15)
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)

Florian Weimer

PR attack against XML Encryption Florian Weimer (Oct 20)
Re: PR attack against XML Encryption Florian Weimer (Oct 21)
Re: caml-light insecure temporary files Florian Weimer (Nov 06)
CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 25)
Re: CVE-2011-4862 is not BSD-specific Florian Weimer (Dec 26)

Guido Berhoerster

Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 10)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released Guido Berhoerster (Nov 22)

Hanno Böck

CVE request: serendipity freetag plugin before 3.30 and probably others Hanno Böck (Oct 08)
CVE request: CSRF and file inclusion in usebb before 1.0.12 Hanno Böck (Oct 09)
CVE request: vanilla forums cookie theft, plugin access control Hanno Böck (Oct 09)
CVE request: simple machines forum before 2.0.1 and 1.1.15 Hanno Böck (Oct 09)
CVE request: XSS in phorum before 5.2.18 Hanno Böck (Oct 10)
CVE request: fluxbb before 1.4.7 Hanno Böck (Oct 10)
CVE request: recursion level crash in clamav before 0.97.3 Hanno Böck (Oct 18)
CVE request: piwik before 1.6 Hanno Böck (Oct 19)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Hanno Böck (Oct 20)
CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file Hanno Böck (Oct 28)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Nov 03)
CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Hanno Böck (Nov 13)
CVE request: ResourceSpace before 4.2.2833 insufficient access check Hanno Böck (Nov 13)
CVE request: ejabberd before 2.1.9 Hanno Böck (Nov 19)
CVE request: joomla 1.5 before 1.5.25 password change vulnerability Hanno Böck (Nov 20)
CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Hanno Böck (Nov 20)
CVE request: drupal before 7.5 access bypass Hanno Böck (Nov 20)
CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 23)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Hanno Böck (Nov 24)
CVE request: mediawiki before 1.17.1 Hanno Böck (Nov 29)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Hanno Böck (Dec 04)
More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 29)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Hanno Böck (Dec 30)

Henrik Nordström

Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Henrik Nordström (Nov 01)

Henri Salo

Re: CVE request: fluxbb before 1.4.7 Henri Salo (Oct 13)
Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Oct 16)
Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
Re: Wrong MLIST link in CVE-2011-3783 Henri Salo (Oct 16)
CVE-request: Joomla 20111001 Core - Information Disclosure Henri Salo (Oct 18)
Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
Re: CVE request: piwik before 1.6 Henri Salo (Oct 28)
Jara 1.6 SQL injection and XSS Henri Salo (Oct 30)
Re: Jara 1.6 SQL injection and XSS Henri Salo (Oct 31)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 05)
Fwd: DSA 2338-1 moodle security update Henri Salo (Nov 07)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Henri Salo (Nov 08)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Henri Salo (Nov 17)
Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Henri Salo (Nov 21)
Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Henri Salo (Nov 21)
CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Henri Salo (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Henri Salo (Nov 21)
CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Henri Salo (Nov 21)
Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Henri Salo (Nov 22)
CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Henri Salo (Nov 22)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Henri Salo (Dec 01)
CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
C|Net Download.Com is now bundling Nmap with malware! Henri Salo (Dec 06)
CVE-request WordPress pretty-link plugin 1.5.2 XSS Henri Salo (Dec 08)
CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Henri Salo (Dec 18)
CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Henri Salo (Dec 22)
CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Henri Salo (Dec 24)
CVE-request for three 2009 Joomla issues Henri Salo (Dec 25)
CVE-request for three 2009 Joomla issues (second part) Henri Salo (Dec 25)
CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Henri Salo (Dec 25)
CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo (Dec 30)

Huzaifa Sidhpurwala

kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 05)
Re: kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images Huzaifa Sidhpurwala (Oct 07)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 14)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 21)
Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Huzaifa Sidhpurwala (Oct 24)
Re: CVE request: kernel: crypto: ghash: null pointer deref if no key is set Huzaifa Sidhpurwala (Oct 27)
libcap/capsh: does not chdir after chroot Huzaifa Sidhpurwala (Nov 01)
OpenIPMI: IPMI event daemon creates PID file with world writeable permissions Huzaifa Sidhpurwala (Dec 13)
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 26)
Re: CVE-2011-4862 is not BSD-specific Huzaifa Sidhpurwala (Dec 26)

Jamie Strandboge

Security issue in OpenStack (nova) Jamie Strandboge (Oct 03)
CVE request: nova Jamie Strandboge (Oct 25)
CVE Request: Security issue in backuppc Jamie Strandboge (Oct 27)
CVE request: jenkins Jamie Strandboge (Nov 23)
Security issue in icecast Jamie Strandboge (Dec 15)
Re: RE: [Icecast-dev] Security issue in icecast Jamie Strandboge (Dec 15)

Jan Lieskovsky

CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Jan Lieskovsky (Oct 03)
CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Jan Lieskovsky (Oct 04)
CVE-2011-3979 being duplicate of CVE-2011-3352 Jan Lieskovsky (Oct 04)
CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Jan Lieskovsky (Oct 05)
CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats Jan Lieskovsky (Oct 07)
CVE ASSIGNMENT CORRECTION -- USE CVE-2011-3590 instead of CVE-2011-2390 [was: Re: [oss-security] kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images] Jan Lieskovsky (Oct 10)
Re: PR attack against XML Encryption Jan Lieskovsky (Oct 20)
CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Jan Lieskovsky (Oct 24)
CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Jan Lieskovsky (Oct 26)
CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Jan Lieskovsky (Oct 27)
CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Jan Lieskovsky (Oct 31)
CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Jan Lieskovsky (Nov 03)
CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Jan Lieskovsky (Nov 04)
CVE Request -- pam_yubico -- Authentication bypass via NULL password Jan Lieskovsky (Nov 07)
CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Jan Lieskovsky (Nov 07)
CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Jan Lieskovsky (Nov 09)
CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Jan Lieskovsky (Nov 10)
CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Jan Lieskovsky (Nov 15)
CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Jan Lieskovsky (Nov 18)
CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Jan Lieskovsky (Nov 18)
CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Jan Lieskovsky (Nov 21)
CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Jan Lieskovsky (Nov 23)
Typo in description of CVE-2011-2708 and CVE-2011-4331? [was: Re: [oss-security] Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue] Jan Lieskovsky (Nov 23)
Re: CVE Request: colord sql injections Jan Lieskovsky (Nov 25)
CVE Request -- yaws -- Directory traversal flaw Jan Lieskovsky (Nov 25)
CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Jan Lieskovsky (Nov 27)
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky (Nov 28)
CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Jan Lieskovsky (Dec 09)
CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky (Dec 22)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Jan Lieskovsky (Dec 22)

Jason A. Donenfeld

CVE request for Calibre Jason A. Donenfeld (Nov 02)
Re: CVE request for Calibre Jason A. Donenfeld (Nov 02)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 04)
Re: Re: CVE request for Calibre Jason A. Donenfeld (Nov 07)

Jeff Mitchell

KDE Security Advisory 20111003-1 published Jeff Mitchell (Oct 03)
Disputing CVE-2011-4122 Jeff Mitchell (Dec 07)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 27)

jmm

Re: Fwd: DSA 2338-1 moodle security update jmm (Nov 07)

John Haxby

Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
Re: Re: [LightDM] Version 1.0.6 released John Haxby (Nov 11)

John Lightsey

CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules John Lightsey (Nov 04)

Joost Hoogendoorn

Re: non-Linux advance notification list Joost Hoogendoorn (Nov 26)

Josh Bressers

Re: libpurple vulnerability disclosure and fix Josh Bressers (Oct 04)
Re: CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities Josh Bressers (Oct 04)
Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Josh Bressers (Oct 04)
Re: Request for CVE Identifier for perl code injection vulnerability in Digest->new() Josh Bressers (Oct 04)
Re: CVE Request -- phpPgAdmin -- Multiple XSS flaws fixed in v5.0.3 Josh Bressers (Oct 04)
Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random Josh Bressers (Oct 05)
Re: Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Josh Bressers (Oct 05)
Re: Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Josh Bressers (Oct 05)
Re: CVE request: serendipity freetag plugin before 3.30 and probably others Josh Bressers (Oct 10)
Re: CVE request: CSRF and file inclusion in usebb before 1.0.12 Josh Bressers (Oct 10)
Re: CVE request: vanilla forums cookie theft, plugin access control Josh Bressers (Oct 10)
Re: CVE request: simple machines forum before 2.0.1 and 1.1.15 Josh Bressers (Oct 10)
Re: CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Josh Bressers (Oct 10)
Re: CVE requests: Tahoe-LAFS and atop Josh Bressers (Oct 10)
Re: CVE request: fluxbb before 1.4.7 Josh Bressers (Oct 18)
Re: CVE request: XSS in phorum before 5.2.18 Josh Bressers (Oct 18)
Re: CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Josh Bressers (Oct 18)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Josh Bressers (Oct 18)
Re: CVE request: mplayer SAMI subtitle parsing buffer overflow Josh Bressers (Oct 18)
Re: CVE request: double-free vulnerability in logsurfer Josh Bressers (Oct 18)
Re: CVE request: recursion level crash in clamav before 0.97.3 Josh Bressers (Oct 18)
Re: CVE Request: pam Josh Bressers (Oct 18)
Re: CVE-request: Joomla 20111001 Core - Information Disclosure Josh Bressers (Oct 18)
Re: MySQL executable comment execution on MySQL slave server (from 2009) Josh Bressers (Oct 18)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Josh Bressers (Oct 20)
Re: CVE Request: mplayer RDT parsing integer underlow Josh Bressers (Oct 20)
Re: CVE Request: FreeBSD kernel Josh Bressers (Oct 20)
Re: CVE request: piwik before 1.6 Josh Bressers (Oct 20)
Re: CVE Request: apt Josh Bressers (Oct 20)
Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Josh Bressers (Oct 20)
Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Josh Bressers (Oct 25)

Julien Cristau

Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)
Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Julien Cristau (Oct 07)

Juliusz Chroboczek

Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Juliusz Chroboczek (Oct 06)

Kurt Seifried

Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 18)
MySQL executable comment execution on MySQL slave server (from 2009) Kurt Seifried (Oct 18)
Re: CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Kurt Seifried (Oct 25)
Re: CVE request: nova Kurt Seifried (Oct 25)
Re: CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Kurt Seifried (Oct 26)
Re: CVE Request -- Round Cube Webmail -- DoS (unavailability to access user's INBOX) after receiving an email message with the URL in the Subject Kurt Seifried (Oct 26)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Kurt Seifried (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 26)
Re: CVE Request -- phpLDAPadmin -- Local file inclusion flaw in "common.php" via "Accept-Language" HTTP header leading to DoS Kurt Seifried (Oct 27)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Kurt Seifried (Oct 27)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
Re: CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Kurt Seifried (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file Kurt Seifried (Oct 28)
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 30)
Re: CVE request: 3 flaws in libobby and libnet6 Kurt Seifried (Oct 31)
Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Kurt Seifried (Oct 31)
Re: CVE request: kernel: oom: fix integer overflow of points in oom_badness Kurt Seifried (Nov 01)
Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
Re: CVE request for wireshark flaws Kurt Seifried (Nov 01)
Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
Re: Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released Kurt Seifried (Nov 02)
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Kurt Seifried (Nov 03)
Re: CVE Request -- phpMyAdmin -- Arbitrary local file read flaw by loading XML strings / importing XML files Kurt Seifried (Nov 03)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 03)
Re: CVE Request -- Drupal (v6.x based) Views module - SQL injection due improper escaping of database parameters for certain filters / arguments (SA-CONTRIB-2011-052) Kurt Seifried (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Kurt Seifried (Nov 04)
Re: CVE request: Mahara Kurt Seifried (Nov 04)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 07)
Re: caml-light insecure temporary files Kurt Seifried (Nov 07)
Re: CVE Request -- pam_yubico -- Authentication bypass via NULL password Kurt Seifried (Nov 07)
Re: CVE Request -- Ruby (OpenSSL extension) -- Insecure way of creation exponent value by private RSA key generation Kurt Seifried (Nov 07)
Re: potential OpenPAM vulnerability Kurt Seifried (Nov 08)
Re: Re: CVE request: Android: vold stack buffer overflow Kurt Seifried (Nov 08)
Re: Re: CVE request for Calibre Kurt Seifried (Nov 08)
Re: CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Kurt Seifried (Nov 09)
Re: CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus Kurt Seifried (Nov 09)
Re: CVE Request -- ProFTPD -- Response pool use-after-free flaw (ZDI-CAN-1420) Kurt Seifried (Nov 10)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 12)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 12)
Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops Kurt Seifried (Nov 13)
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Kurt Seifried (Nov 13)
Re: Fwd: DSA 2338-1 moodle security update Kurt Seifried (Nov 14)
Re: CVE request: cmsmadesimple before 1.9.4.3 - remote database corruption Kurt Seifried (Nov 14)
Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check Kurt Seifried (Nov 14)
Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 14)
Arch Linux Shaman issue Kurt Seifried (Nov 14)
Re: CVE Request -- ReviewBoard v1.5.7 && v1.6.3 -- XSS in the commenting system (diff viewer and screenshot pages components) Kurt Seifried (Nov 15)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Kurt Seifried (Nov 15)
Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information Kurt Seifried (Nov 17)
Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
Re: CVE Request: nginx resolver heap overflow Kurt Seifried (Nov 17)
Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Kurt Seifried (Nov 18)
Re: CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method Kurt Seifried (Nov 18)
Re: CVE request: ejabberd before 2.1.9 Kurt Seifried (Nov 19)
Re: CVE request: joomla 1.5 before 1.5.25 password change vulnerability Kurt Seifried (Nov 21)
Re: CVE request: websitebaker 2.8.1 and earlier: authentication error in backup module Kurt Seifried (Nov 21)
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 21)
Re: CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Kurt Seifried (Nov 21)
Re: CVE Request: openssh 5.8p2 Kurt Seifried (Nov 21)
Re: CVE Request (minor) -- gnash -- Unsafe management of HTTP cookies Kurt Seifried (Nov 21)
Fwd: Fwd: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Kurt Seifried (Nov 21)
Re: kernel: hfs: add sanity check for file name length Kurt Seifried (Nov 21)
Re: CVE request: drupal before 7.5 access bypass Kurt Seifried (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Kurt Seifried (Nov 21)
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 Kurt Seifried (Nov 21)
Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability Kurt Seifried (Nov 22)
Re: CVE-request: XSS in Tiki Wiki CMS Groupware (HTB23027) Kurt Seifried (Nov 22)
Re: Fwd: Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability Kurt Seifried (Nov 22)
Re: Did this ArchLinux/shaman thing ever get a CVE? Kurt Seifried (Nov 22)
Re: CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Kurt Seifried (Nov 22)
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Kurt Seifried (Nov 22)
Re: Fwd: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003 Kurt Seifried (Nov 22)
Re: CVE request: jenkins Kurt Seifried (Nov 23)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 23)
Re: CVE Request -- 1) Namazu v2.0.21: XSS flaw by processing HTTP cookies 2) Namazu v2.0.20: Stack-based buffer overflow by replacing blank "uri" field value Kurt Seifried (Nov 23)
Re: CVE request -- kernel: kvm: device assignment DoS Kurt Seifried (Nov 24)
Re: CVE Request: colord sql injections Kurt Seifried (Nov 25)
Re: CVE Request -- yaws -- Directory traversal flaw Kurt Seifried (Nov 25)
Re: CVE request: ffmpeg before 0.7.8 and 0.8.7 2 buffer overflows and out-of-bounds read Kurt Seifried (Nov 25)
Re: CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Kurt Seifried (Nov 28)
Re: CVE Request -- ClearSilver (neo_cgi) -- Format string flaw by processing CGI error messages in Python module Kurt Seifried (Nov 28)
CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts Kurt Seifried (Nov 28)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried (Nov 29)
Re: Fwd: Bug script install slackware Kurt Seifried (Nov 29)
Re: CVE request: mediawiki before 1.17.1 Kurt Seifried (Nov 29)
Re: CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Kurt Seifried (Nov 29)
Re: CVE request: Proc::ProcessTable perl module Kurt Seifried (Nov 30)
Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
Re: CVE id request: ffmpeg Kurt Seifried (Nov 30)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
Re: CVE Request: ffmpeg Kurt Seifried (Dec 04)
Re: CVE request: CSRF in xt:commerce 3.04 SP2.1 Kurt Seifried (Dec 04)
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 04)
Re: CVE request: acpid Kurt Seifried (Dec 06)
acpid - possible issue in socket handling Kurt Seifried (Dec 06)
Re: CVE Request: ffmpeg Kurt Seifried (Dec 07)
Re: CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces Kurt Seifried (Dec 07)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
Re: CVE request: glibc: timezone integer overflow Kurt Seifried (Dec 07)
Re: CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Kurt Seifried (Dec 07)
Re: CVE Request -- kernel: send(m)msg: user pointer dereferences Kurt Seifried (Dec 08)
Re: CVE-request WordPress pretty-link plugin 1.5.2 XSS Kurt Seifried (Dec 08)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014 Kurt Seifried (Dec 09)
Re: CVE Request: icu out of bounds access Kurt Seifried (Dec 09)
Re: CVE request: Pidgin crash Kurt Seifried (Dec 10)
Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 10)
Fwd: Re: cve request: bat_socket_read memory corruption Kurt Seifried (Dec 12)
Re: CVE request: rocksndiamonds world-writable working/config directory Kurt Seifried (Dec 12)
Re: CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Kurt Seifried (Dec 12)
Re: CVE request - kernel: perf, powerpc: Handle events that raise an exception without overflowing Kurt Seifried (Dec 15)
Re: Security issue in icecast Kurt Seifried (Dec 15)
Re: CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) Kurt Seifried (Dec 15)
TYPO3 typo3-core-sa-2011-004 Kurt Seifried (Dec 16)
Re: CVE request: zabbix persistent XSS flaw Kurt Seifried (Dec 16)
CVE for HTML-Template-Pro 0.9506 XSS Kurt Seifried (Dec 19)
Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
Re: CVE id request: python-virtualenv Kurt Seifried (Dec 19)
Re: CVE-request: WordPress advanced-text-widget XSS advancedtext.php?page= Kurt Seifried (Dec 19)
CVE request -- coreutils -- tty hijacking possible in "su" via TIOCSTI, ioctl Kurt Seifried (Dec 20)
Re: CVE assignment from previous years Kurt Seifried (Dec 20)
Re: CVE assignment from previous years Kurt Seifried (Dec 21)
plib ulSetError() buffer overflow - CVE-2011-4620 Kurt Seifried (Dec 21)
Re: CVE Request -- kernel: tight loop and no preemption can cause system stall Kurt Seifried (Dec 21)
Re: kernel: kvm: pit timer with no irqchip crashes the system Kurt Seifried (Dec 21)
Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kurt Seifried (Dec 22)
Re: CVE-request: WordPress flash-album-gallery plugin facebook.php XSS Kurt Seifried (Dec 23)
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 23)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
Re: CVE request: simplesamlphp / Typo3 Kurt Seifried (Dec 24)
Re: CVE-request 2006: Joomla Web Link Submission title Parameter SQL injection Kurt Seifried (Dec 24)
Re: CVE Request for Apache ActiveMQ DoS Kurt Seifried (Dec 25)
Re: CVE-request for three 2009 Joomla issues Kurt Seifried (Dec 25)
Re: CVE-request for three 2009 Joomla issues (second part) Kurt Seifried (Dec 25)
Re: CVE-request: Joomla com_mailto automated mail timeout bypass (2009) Kurt Seifried (Dec 25)
Re: CVE-2011-4862 is not BSD-specific Kurt Seifried (Dec 25)
Re: closed-list Kurt Seifried (Dec 28)
Re: CVE request: kernel: multiple issues in ROSE Kurt Seifried (Dec 28)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 28)
Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 28)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Kurt Seifried (Dec 29)
Re: CVE-request: Elxis CMS two XSS-vulnerabilities Kurt Seifried (Dec 31)
Re: mpack 1.6 allows eavesdropping on mails sent by other users Kurt Seifried (Dec 31)

Kyle Creyts

Re: CVE Request -- rsyslog -- DoS due integer signedness error while extending rsyslog counted string buffer Kyle Creyts (Dec 22)

Ludwig Nussel

CVE Request: colord sql injections Ludwig Nussel (Nov 25)
Re: CVE Request: colord sql injections Ludwig Nussel (Nov 25)
CVE Request: icu out of bounds access Ludwig Nussel (Dec 09)

Marc Deslauriers

CVE Request: pam Marc Deslauriers (Oct 18)
CVE Request: apt Marc Deslauriers (Oct 19)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 09)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 11)
Re: Re: [LightDM] Version 1.0.6 released Marc Deslauriers (Nov 22)
CVE Request: ffmpeg Marc Deslauriers (Dec 04)
Re: CVE Request: ffmpeg Marc Deslauriers (Dec 05)

Marcus Meissner

Re: CVE request: double-free vulnerability in logsurfer Marcus Meissner (Oct 17)
CVE request: kernel/AppArmor local denial of service Marcus Meissner (Oct 17)
CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Marcus Meissner (Oct 26)
CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Marcus Meissner (Oct 26)
CVE Request: Multiple remote denial of service in Linux bridge networking code 2.6.37-3.0 Marcus Meissner (Oct 28)
Re: Duplicate CVE assigned: CVE-2011-2708 CVE-2011-2710 Marcus Meissner (Nov 06)
CVE Request: openssh 5.8p2 Marcus Meissner (Nov 21)

Mark Doliner

CVE request: Pidgin crash Mark Doliner (Dec 10)

Matthias Weckbecker

Re: Ruby 1.9.2-p290 WEBrick::HTTPRequest X-Forwarded-* Matthias Weckbecker (Oct 18)
CVE request: glibc: timezone integer overflow Matthias Weckbecker (Dec 05)

Matthieu Herrb

Fwd: X.Org security advisory: xserver locking code issues Matthieu Herrb (Oct 18)

Michael Gilbert

Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)

Michael Harrison

CVE requests: <media-video/vlc-1.0.2: Multiple stack-based buffer overflows in ASF, AVI, MP4 demuxers and https://bugs.gentoo.org/show_bug.cgi?id=279340 Michael Harrison (Oct 10)
Re: non-Linux advance notification list Michael Harrison (Nov 27)
Re: non-Linux advance notification list Michael Harrison (Nov 28)

Moritz Muehlenhoff

CVE requests: Tahoe-LAFS and atop Moritz Muehlenhoff (Oct 09)
Re: CVE Request: FreeBSD kernel Moritz Muehlenhoff (Oct 20)
Re: CVE Request: mplayer RDT parsing integer underlow Moritz Muehlenhoff (Oct 20)
CVE request: Mahara Moritz Muehlenhoff (Nov 04)
Re: CVE request: drupal before 7.5 access bypass Moritz Muehlenhoff (Nov 21)
CVE request: Proc::ProcessTable perl module Moritz Muehlenhoff (Nov 30)
CVE request: acpid Moritz Muehlenhoff (Dec 06)
Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
CVE request: simplesamlphp / Typo3 Moritz Muehlenhoff (Dec 23)

Moritz Mühlenhoff

Re: CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Moritz Mühlenhoff (Oct 20)
Re: CVE request: simplesamlphp / Typo3 Moritz Mühlenhoff (Dec 23)

MustLive

Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 07)
Re: CVE Request -- Multiple security issues in various versions of AWStats MustLive (Oct 10)

Nick Kralevich

Re: Re: CVE request: Android: vold stack buffer overflow Nick Kralevich (Nov 10)

Nico Golde

CVE id request: ffmpeg Nico Golde (Nov 30)
CVE id request: python-virtualenv Nico Golde (Dec 19)
Re: CVE id request: python-virtualenv Nico Golde (Dec 19)

Patrick J. Volkerding

linux-distros Slackware membership Patrick J. Volkerding (Nov 28)
Re: Fwd: Bug script install slackware Patrick J. Volkerding (Nov 29)

Paul

cve request: bat_socket_read memory corruption Paul (Dec 10)
Re: cve request: bat_socket_read memory corruption Paul (Dec 11)

Petr Lautrbach

Re: CVE Request -- Multiple security issues in various versions of AWStats Petr Lautrbach (Oct 10)

Petr Matousek

Please REJECT CVE-2011-1161 Petr Matousek (Oct 11)
Re: CVE request: kernel/AppArmor local denial of service Petr Matousek (Oct 17)
qemu: CVE-2011-3346 Petr Matousek (Oct 20)
CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Petr Matousek (Oct 21)
CVE Request -- kernel: xfs: potential buffer overflow in xfs_readlink() Petr Matousek (Oct 26)
CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Petr Matousek (Oct 27)
CVE Request -- kernel: nfs4_getfacl decoding kernel oops Petr Matousek (Nov 11)
CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Petr Matousek (Nov 11)
CVE Request -- kernel: wrong headroom check in udp6_ufo_fragment() Petr Matousek (Nov 21)
CVE-2011-4110 kernel: keys: NULL pointer deref in the user-defined key type Petr Matousek (Nov 21)
Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
Re: Re: Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
CVE request -- kernel: kvm: device assignment DoS Petr Matousek (Nov 24)
CVE Request -- kernel: send(m)msg: user pointer dereferences Petr Matousek (Dec 08)
CVE Request -- kernel: tight loop and no preemption can cause system stall Petr Matousek (Dec 21)
kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
Re: kernel: kvm: pit timer with no irqchip crashes the system Petr Matousek (Dec 21)
CVE-2011-4127 kernel: possible privilege escalation via SG_IO ioctl Petr Matousek (Dec 22)

psy

XSSer v1.6 -beta- aka "Grey Swarm!" released. psy (Nov 30)

Ramon de C Valle

Request for CVE Identifier for perl code injection vulnerability in Digest->new() Ramon de C Valle (Oct 04)
Request for a CVE identifier: XML-RPC SAX Parser Information Exposure Ramon de C Valle (Oct 05)
Request for CVE identifier: Libvoikko NULL Character Improper Input Validation Ramon de C Valle (Oct 05)
Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file Ramon de C Valle (Oct 28)
Re: CVE Request: openldap2 UTF8StringNormalize() can cause a (one-byte) buffer overflow Ramon de C Valle (Oct 28)

Raphael Bastos

Fwd: Bug script install slackware Raphael Bastos (Nov 29)
Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)
Re: Fwd: Bug script install slackware Raphael Bastos (Nov 29)

Reed Loden

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Reed Loden (Oct 24)

Rémi Denis-Courmont

[CVE REQUEST] VLC media player: NULL dereference in HTTP server Rémi Denis-Courmont (Oct 06)

Reuben Hawkins

Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 12)
Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 15)

Robert Ancell

Re: Re: [LightDM] Version 1.0.6 released Robert Ancell (Nov 11)

Robert Relyea

Re: CVE Request -- nss: Did honour /pkcs11.txt and /secmod.db files by initialization Robert Relyea (Oct 24)

Robert Święcki

Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)

Rob Keith

Re: CVE Request -- yaws -- Directory traversal flaw Rob Keith (Nov 25)

Sean Amoss

CVE Request -- Conky 1.8.1 "/tmp/.cesf" Insecure Temporary File Security Issue Sean Amoss (Oct 09)
CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Sean Amoss (Oct 28)

Sebastian Krahmer

CVE Request: slapd off by one Sebastian Krahmer (Oct 26)
potential OpenPAM vulnerability Sebastian Krahmer (Nov 08)
Re: Disputing CVE-2011-4122 Sebastian Krahmer (Dec 28)

Sebastian Pipping

mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Dec 31)

Secunia Research

RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Secunia Research (Dec 02)

Solar Designer

Re: rpm/librpm/rpm-python memory corruption pre-verification Solar Designer (Oct 01)
Re: Request for linux-distros list membership Solar Designer (Oct 04)
radvd 1.8.2 released with security fixes Solar Designer (Oct 06)
Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 15)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 22)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 22)
Re: hardlink(1) has buffer overflows, is unsafe on changing trees Solar Designer (Oct 22)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Oct 26)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 04)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Solar Designer (Nov 04)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
Re: CVE request: unsafe use of /tmp in multiple CPAN modules Solar Designer (Nov 05)
glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 15)
weird crypt-sha* in DragonFly BSD Solar Designer (Nov 15)
OpenBSD bcrypt error return Solar Designer (Nov 15)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 15)
*BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 15)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Nov 15)
Re: OpenBSD bcrypt error return Solar Designer (Nov 15)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Nov 15)
CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 16)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Solar Designer (Nov 17)
linux-distros list setup update Solar Designer (Nov 18)
non-Linux advance notification list Solar Designer (Nov 18)
Re: closed-list membership transition Solar Designer (Nov 19)
Re: non-Linux advance notification list Solar Designer (Nov 26)
Re: non-Linux advance notification list Solar Designer (Nov 26)
Re: non-Linux advance notification list Solar Designer (Nov 27)
Re: non-Linux advance notification list Solar Designer (Nov 27)
Re: linux-distros Slackware membership Solar Designer (Nov 28)
Re: Fwd: Bug script install slackware Solar Designer (Nov 29)
Re: Fwd: Bug script install slackware Solar Designer (Nov 29)
Re: XSSer v1.6 -beta- aka "Grey Swarm!" released. Solar Designer (Dec 01)
Re: non-Linux advance notification list Solar Designer (Dec 09)
Re: linux-distros list setup update Solar Designer (Dec 13)
Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
Re: Disputing CVE-2011-4122 Solar Designer (Dec 23)
Re: Disputing CVE-2011-4122 Solar Designer (Dec 27)
Re: closed-list Solar Designer (Dec 29)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Dec 29)
Re: Closed list Solar Designer (Dec 29)
Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision Solar Designer (Jan 01)

Stefan Bühler

CVE Request: lighttpd/mod_auth out-of-bounds read due to signedness error Stefan Bühler (Nov 29)

Steve Grubb

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb (Nov 17)

Steven M. Christey

Re: Wrong MLIST link in CVE-2011-3783 Steven M. Christey (Oct 17)
Re: CVE request: piwik before 1.6 Steven M. Christey (Oct 19)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Steven M. Christey (Oct 28)
Re: Re: CVE request for Calibre Steven M. Christey (Nov 04)
Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record Steven M. Christey (Nov 14)
Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710 / CVE-2011-2708 issue Steven M. Christey (Nov 23)
Re: CVE assignment from previous years Steven M. Christey (Dec 20)

Tavis Ormandy

Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)

The Fungi

Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c The Fungi (Nov 17)

Thomas Biege

kiwi shell meta char injection Thomas Biege (Nov 02)
Re: kiwi shell meta char injection Thomas Biege (Nov 02)

Thomas.Rucker

RE: [Icecast-dev] Security issue in icecast Thomas.Rucker (Dec 15)

Timo Sirainen

Re: CVE Request -- Dovecot -- Validate certificate's CN against requested remote server hostname when proxying Timo Sirainen (Nov 18)

Timo Warns

CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)
Re: CVE request: double-free vulnerability in logsurfer Timo Warns (Oct 17)

Tim Sammut

CVE request: mplayer SAMI subtitle parsing buffer overflow Tim Sammut (Oct 14)
CVE Request: mplayer RDT parsing integer underlow Tim Sammut (Oct 19)
CVE assignment from previous years Tim Sammut (Dec 20)

Tim Zingelman

Re: non-Linux advance notification list Tim Zingelman (Nov 18)

Tomas Hoger

Re: CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability Tomas Hoger (Oct 05)
Re: More CVEs? (was Re: [oss-security] [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision) Tomas Hoger (Dec 30)

Tyler Hicks

Request for linux-distros list membership Tyler Hicks (Oct 04)

Vasiliy Kulikov

Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
Re: CVE Request -- kernel: sysctl: restrict write access to dmesg_restrict Vasiliy Kulikov (Oct 26)
CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)
Re: CVE request: 3 flaws in libobby and libnet6 Vasiliy Kulikov (Oct 30)
/proc/$PID/sched PoC: spy-gksu Vasiliy Kulikov (Nov 05)
/proc/interrupts PoC: spy-interrupts Vasiliy Kulikov (Nov 07)
CVE request: kernel: multiple flaws allowing to sniff keystrokes timings Vasiliy Kulikov (Nov 08)
Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)

Vincent Danen

Re: Re: CVE Request -- Polipo -- Assertion failure by processing certain HTTP POST / PUT requests Vincent Danen (Oct 07)
CVE request: moodle 2.1.2, 2.0.5, 1.9.14 fixes Vincent Danen (Oct 19)
CVE request: phpldapadmin <= 1.2.1.1 XSS and and code injection flaws Vincent Danen (Oct 24)
CVE request for wireshark flaws Vincent Danen (Nov 01)
Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
CVE request: gnutls possible DoS (GNUTLS-SA-2011-2) Vincent Danen (Nov 09)
Re: CVE-2011-3368 suggested patch incomplete for apache2 < 2.2.18 Vincent Danen (Nov 15)
Re: CVE-2011-4313: BIND 9 Resolver crashes after logging an error in query.c Vincent Danen (Nov 17)
CVE request: Moodle 1.9.15/2.0.6/2.1.3 releases Vincent Danen (Dec 07)
CVE request: rocksndiamonds world-writable working/config directory Vincent Danen (Dec 12)
CVE request: putty does not wipe keyboard-interactive replies from memory after authentication Vincent Danen (Dec 12)
CVE request: zabbix persistent XSS flaw Vincent Danen (Dec 16)

vladz

Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Oct 28)
Re: Request for CVE Identifier: bzexe insecure temporary file vladz (Nov 06)
CVE request: bypass default security level of the X wrapper (xserver-xorg <= 1:7.5+8) vladz (Dec 15)

YGN Ethical Hacker Group

CVE Request: Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities YGN Ethical Hacker Group (Oct 02)
CVE Request: vTiger CRM 5.2.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Oct 04)
CVE Request: vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability YGN Ethical Hacker Group (Oct 05)
CVE Request: vTiger CRM 5.2.x <= Remote Code Execution Vulnerability YGN Ethical Hacker Group (Oct 05)

Yves-Alexis Perez

Re: PR attack against XML Encryption Yves-Alexis Perez (Oct 20)
Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
Re: CVE Request -- Opera Manipulating fonts in SVG can allow execution of arbitrary code Yves-Alexis Perez (Oct 28)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
Re: CVE request: ffmpeg/libav insufficuent boundary check in CAVS decoding Yves-Alexis Perez (Oct 29)
Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 02)
Re: Re: [LightDM] Version 1.0.6 released Yves-Alexis Perez (Nov 22)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]