Home page logo
/

815 messages starting Mar 04 12 and ending Mar 21 12
Date index | Thread index | Author index

Adam D. Barratt

Re: CVE request: XML::Atom Perl module Adam D. Barratt (Mar 04)
Re: CVE Requests Adam D. Barratt (Mar 16)

Agostino Sarubbo

CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Agostino Sarubbo (Jan 02)
CVE request: TORQUE Munge Authentication Security Bypass Agostino Sarubbo (Jan 05)
CVE request: Wireshark multiple vulnerabilities Agostino Sarubbo (Jan 11)
CVE Request for spamdyke "STARTTLS" Plaintext Agostino Sarubbo (Jan 15)
CVE request: spamdyke buffer overflow vulnerability Agostino Sarubbo (Jan 20)
Re: Subscribe to linux-distros Agostino Sarubbo (Feb 01)
CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Agostino Sarubbo (Feb 02)

akuster

Re: CVE Request -- kernel: futex: clear robust_list on execve akuster (Jan 05)

Alexander Pletnev

pdf attacks vectors Alexander Pletnev (Jan 20)
Re: pdf attacks vectors Alexander Pletnev (Jan 20)

Alex Legler

Re: Subscribe to linux-distros Alex Legler (Feb 01)

Alistair Crooks

Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 08)
Re: Malicious devices & vulnerabilties Alistair Crooks (Jan 09)

Andreas Ericsson

Re: CVE Requests Andreas Ericsson (Mar 16)
Re: CVE Requests Andreas Ericsson (Mar 19)

Andres Gomez

TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Feb 18)
Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 05)
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 06)
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Andres Gomez (Mar 09)

Andrew Alexeev

CVE Request: nginx fix for malformed HTTP responses from upstream servers Andrew Alexeev (Mar 15)

ArkanoiD

Re: Attack on badly configured Netfilter-based firewalls ArkanoiD (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls ArkanoiD (Mar 09)

Berke Viktor

Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Berke Viktor (Feb 01)

Carsten Eiram

RE: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Carsten Eiram (Feb 02)

CERT(R) Coordination Center

Bugs in "file" program VU#621745 CERT(R) Coordination Center (Feb 20)

Chong Yidong

Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Chong Yidong (Jan 10)

Christian Boltz

CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 27)

Christian Hoffmann

Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Christian Hoffmann (Jan 26)

cve-assign

Re: CVE request: XSS in wordpress 3.3 cve-assign (Jan 04)
Re: CVE-2011-4858 confusion cve-assign (Jan 04)
Re: CVE-2011-4858 confusion cve-assign (Jan 06)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)

Daniel Kahn Gillmor

CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Daniel Kahn Gillmor (Mar 15)

Daniel Suarez

RE: CVE request: surf Daniel Suarez (Feb 10)

Dan Rosenberg

Android CVE identifiers Dan Rosenberg (Mar 15)

David Black

CVE request for bitlebee David Black (Mar 19)

David Engster

Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability David Engster (Jan 11)

David Hicks

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) David Hicks (Jan 05)
Re: CVE request: mantisbt before 1.2.9 David Hicks (Mar 06)

David Jorm

CVE request: Struts2 xsltResult local code execution flaw David Jorm (Mar 28)

David Malcolm

Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request David Malcolm (Feb 14)

Djalal Harouni

Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni (Feb 08)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Djalal Harouni (Feb 09)

Dmitry Butskoy

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Dmitry Butskoy (Mar 06)

Eitan Adler

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Eitan Adler (Jan 02)
Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
Re: Malicious devices & vulnerabilties Eitan Adler (Jan 08)
Re: CVE-request: Webcalendar 1.2.4 location XSS Eitan Adler (Feb 12)

Emilien Girault

[vs] CVE-2012-1037 GLPI <= 0.80.61 LFI/RFI Emilien Girault (Feb 10)

Eric Leblond

Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 25)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Feb 28)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Mar 09)
Re: Attack on badly configured Netfilter-based firewalls Eric Leblond (Mar 09)

Eugene Teo

Re: Malicious devices & vulnerabilties Eugene Teo (Jan 08)
Re: Malicious devices & vulnerabilties Eugene Teo (Jan 09)
CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo (Jan 10)
CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Eugene Teo (Jan 11)
CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Eugene Teo (Jan 18)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 18)
CVE request: kernel: Unused iocbs in a batch should not be accounted as active Eugene Teo (Jan 18)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 19)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 20)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 23)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Eugene Teo (Jan 24)
Re: Attack on badly configured Netfilter-based firewalls Eugene Teo (Feb 27)
CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets Eugene Teo (Mar 05)
CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482 Eugene Teo (Mar 05)
CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames Eugene Teo (Mar 05)
Re: CVE Requests Eugene Teo (Mar 19)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Eugene Teo (Mar 20)

Filippo Cavallarin

Re: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Filippo Cavallarin (Feb 02)

Florian Weimer

Re: Malicious devices & vulnerabilties Florian Weimer (Jan 08)
Re: Malicious devices & vulnerabilties Florian Weimer (Jan 09)
Re: Screen locking programs on Xorg 1.11 Florian Weimer (Jan 19)
CVE request: surf Florian Weimer (Feb 10)
Re: CVE request: surf Florian Weimer (Feb 10)
Re: Attack on badly configured Netfilter-based firewalls Florian Weimer (Feb 27)
Re: CVE request: smokeping XSS Florian Weimer (Feb 27)
Re: Bugs in "file" program VU#621745 Florian Weimer (Feb 29)
CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
Re: CVE request: notmuch Florian Weimer (Mar 05)
CVE request: quake3 reflective DoS Florian Weimer (Mar 26)
Re: Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Florian Weimer (Mar 29)
CVE request: TYPO3-CORE-SA-2012-001 Florian Weimer (Mar 29)
Re: postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Florian Weimer (Mar 30)

Gian Piero Carrubba

Re: Re: Yubiserver package ships with pre-filled identities Gian Piero Carrubba (Jan 31)

Greg KH

Re: CVE Request -- kernel: futex: clear robust_list on execve Greg KH (Jan 04)
Re: Malicious devices & vulnerabilties Greg KH (Jan 08)

Greg Knaddison

Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison (Mar 16)
Re: Re: [security] Drupal CORE and Drupal Contrib Greg Knaddison (Mar 20)

Gu1

Screen locking programs on Xorg 1.11 Gu1 (Jan 19)
Re: Screen locking programs on Xorg 1.11 Gu1 (Jan 20)

Hadi Shiravi

New Intrusion Detection Evaluation Dataset Hadi Shiravi (Jan 08)

Hanno Böck

CVE request: XSS in wordpress 3.3 Hanno Böck (Jan 03)
Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution Hanno Böck (Jan 06)
Re: Malicious devices & vulnerabilties Hanno Böck (Jan 08)
Re: CVE-request: WordPress 3.1.1 Hanno Böck (Jan 15)
(maybe) CVE request: libvpx before 1.0 crasher Hanno Böck (Jan 28)
CVE request: mantisbt before 1.2.9 Hanno Böck (Mar 06)
CVE request: phppgadmin before 5.0.4 XSS Hanno Böck (Mar 28)
CVE request: egroupware before 1.8.002 various security issues Hanno Böck (Mar 28)
Re: CVE request: egroupware before 1.8.002 various security issues Hanno Böck (Mar 29)

Henri Salo

Re: CVE-request: Elxis CMS two XSS-vulnerabilities Henri Salo (Jan 01)
CVE-request: PHP Booking Calendar 10e XSS Henri Salo (Jan 03)
Re: CVE-request: PHP Booking Calendar 10e XSS Henri Salo (Jan 03)
Re: CVE request: maradns hash table collision cpu dos Henri Salo (Jan 03)
CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 03)
CVE-request: Multiple e107 vulnerabilities Henri Salo (Jan 03)
CVE-request: WordPress plugin Adminimize XSS Henri Salo (Jan 05)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Henri Salo (Jan 06)
Re: CVE request: znc Henri Salo (Jan 09)
Re: CVE request: znc Henri Salo (Jan 09)
Secunia looking for Linux Vulnerability Specialist Henri Salo (Jan 13)
CVE-request: WordPress 3.1.1 Henri Salo (Jan 15)
Re: CVE-request: WordPress 3.1.1 Henri Salo (Jan 15)
CVE-request: NGS00109 remote code execution in ImpressPages CMS Henri Salo (Jan 15)
Re: gpw password generator giving short password at low rate Henri Salo (Jan 17)
CVE-request: golismero symlink vulnerability Henri Salo (Jan 17)
Re: Re: pwgen: non-uniform distribution of passwords Henri Salo (Jan 17)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Henri Salo (Jan 19)
Re: pdf attacks vectors Henri Salo (Jan 21)
Re: CVE id assignment dates Henri Salo (Jan 24)
Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 25)
TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 25)
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Henri Salo (Jan 26)
Re: Fwd Joomla! Security News 2012-01 Henri Salo (Jan 26)
Mibew messenger multiple XSS Henri Salo (Jan 31)
CVE-request: Joomla! Security News 2012-02-03 Henri Salo (Feb 03)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 09)
Re: MySQL 0-day - does it need a CVE? Henri Salo (Feb 10)
imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Henri Salo (Feb 10)
CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 11)
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Henri Salo (Feb 20)
Case YVS Image Gallery Henri Salo (Feb 27)
Re: Case YVS Image Gallery Henri Salo (Feb 27)
CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 01)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 02)
Re: CVE-request: Joomla core information disclosure 1.7.1 Henri Salo (Mar 02)
CVE-request: systemd local denial of login or local users can create arbitrary services Henri Salo (Mar 04)
CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Henri Salo (Mar 06)
CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo (Mar 06)
CVE-request: Joomla! Security News 2012-03 Henri Salo (Mar 06)
Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Henri Salo (Mar 08)
CVE-request: phpMyFAQ index.php URI XSS Henri Salo (Mar 08)
CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo (Mar 08)
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Henri Salo (Mar 09)
CVE-request: Ariadne 2.7.6 XSS Henri Salo (Mar 09)
CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Henri Salo (Mar 09)
CVE-request: Drupal Finder SA-CONTRIB-2012-017 Henri Salo (Mar 16)
Joomla! Security News 2012-03-16 Henri Salo (Mar 16)
Re: CVE request: piwik before 1.6 Henri Salo (Mar 18)
MediaWiki security and maintenance release 1.18.2 Henri Salo (Mar 22)
CVE-request: ImpressPages CMS Unspecified Remote Code Execution Henri Salo (Mar 23)
CVE-request: MyBB 1.6 <= SQL Injection Henri Salo (Mar 23)
CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Henri Salo (Mar 23)
CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Mar 23)
Re: CVE-request: MyBB 1.6 <= SQL Injection Henri Salo (Mar 25)
CVE-request: e107 HTB23004 Henri Salo (Mar 28)
CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Henri Salo (Mar 28)
CVE-request: Joomla core information disclosure 372-20111003 Henri Salo (Mar 28)
CVE-request: Joomla 20120305 / 20120306 Henri Salo (Mar 28)
CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Henri Salo (Mar 29)
CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Mar 30)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo (Mar 30)
Re: CVE request: phppgadmin before 5.0.4 XSS Henri Salo (Mar 30)

Huzaifa Sidhpurwala

Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 13)
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 17)
Re: CVE request: Wireshark multiple vulnerabilities Huzaifa Sidhpurwala (Jan 20)
libxml2: hash table collisions CPU usage DoS Huzaifa Sidhpurwala (Feb 22)
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Huzaifa Sidhpurwala (Mar 13)
CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Huzaifa Sidhpurwala (Mar 28)

Ian Campbell

Adding Xen.org contact to linux-distros security list Ian Campbell (Feb 03)
Re: Adding Xen.org contact to linux-distros security list Ian Campbell (Feb 05)

Ian Jackson

Xen Security Advisory 6 (CVE-2012-0029) - HVM e1000, buffer overflow Ian Jackson (Feb 02)

Ignacio Espinosa

Re: CVE affected for PHP 5.3.9 ? Ignacio Espinosa (Jan 14)

Ivan Nestlerode

Re: openssl security issue or not? (CVE Request?) Ivan Nestlerode (Mar 23)

Jakub Wilk

Re: CVE request: distutils creates ~/.pypirc insecurely Jakub Wilk (Mar 27)

Jamie Strandboge

Re: Request for linux-distros () vs openwall org membership Jamie Strandboge (Jan 19)

Jan Lieskovsky

CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky (Jan 19)
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan Lieskovsky (Jan 19)
CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky (Jan 20)
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Jan Lieskovsky (Jan 20)
CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Jan Lieskovsky (Jan 21)
CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Jan Lieskovsky (Feb 01)
CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky (Feb 13)
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Jan Lieskovsky (Feb 14)
CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Jan Lieskovsky (Feb 23)
CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Jan Lieskovsky (Feb 27)
CVE Request -- Multiple instances of insecure temporary file use Jan Lieskovsky (Feb 27)
CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Jan Lieskovsky (Feb 28)
CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Jan Lieskovsky (Mar 02)
CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky (Mar 05)
CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Jan Lieskovsky (Mar 06)
CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Jan Lieskovsky (Mar 09)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Jan Lieskovsky (Mar 12)
CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Jan Lieskovsky (Mar 12)
CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Jan Lieskovsky (Mar 16)
[Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session Jan Lieskovsky (Mar 16)
Re: Bugs in "file" program VU#621745 Jan Lieskovsky (Mar 20)
Re: openssl security issue or not? (CVE Request?) Jan Lieskovsky (Mar 23)
CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Jan Lieskovsky (Mar 26)
CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Jan Lieskovsky (Mar 30)

Jan-Wijbrand Kolman

Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Jan-Wijbrand Kolman (Jan 19)

Jason A. Donenfeld

Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Jason A. Donenfeld (Jan 22)
Re: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Jason A. Donenfeld (Feb 08)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 09)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 09)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Jason A. Donenfeld (Feb 09)
Re: CVE request: init script x11-common creates directories in insecure manners Jason A. Donenfeld (Mar 01)

Jeff Law

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Jeff Law (Mar 30)

Joachim Fritschi

CVE Requests for phpCAS Joachim Fritschi (Mar 04)

John Johansen

Request for linux-distros () vs openwall org membership John Johansen (Jan 19)

Jonathan Wiltshire

Re: Yubiserver package ships with pre-filled identities Jonathan Wiltshire (Jan 30)

Josh Bressers

Closed list unsubscribe Josh Bressers (Jan 03)
Re: running the distros lists Josh Bressers (Mar 15)
Re: running the distros lists Josh Bressers (Mar 19)

Jussi Eronen

Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen (Mar 02)
Re: Attack on badly configured Netfilter-based firewalls Jussi Eronen (Mar 21)

Kees Cook

Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kees Cook (Jan 18)

Kurt Seifried

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 02)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 02)
Re: Two CVE requests Kurt Seifried (Jan 03)
Re: CVE request: maradns hash table collision cpu dos Kurt Seifried (Jan 03)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 03)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 03)
Re: CVE request: libfpx "Free_All_Memory()" Double-Free Vulnerability Kurt Seifried (Jan 03)
Re: CVE request: XSS in wordpress 3.3 Kurt Seifried (Jan 04)
Re: CVE-request: Multiple e107 vulnerabilities Kurt Seifried (Jan 04)
Re: CVE request: ghostscript: system initialization file uncontrolled search path element Kurt Seifried (Jan 04)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 04)
Re: CVE request: Pidgin Kurt Seifried (Jan 04)
Re: CVE Request: Security issue in backuppc Kurt Seifried (Jan 04)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 04)
Re: CVE Request -- kernel: futex: clear robust_list on execve Kurt Seifried (Jan 04)
Re: CVE request: TORQUE Munge Authentication Security Bypass Kurt Seifried (Jan 05)
Re: CVE-request: WordPress plugin Adminimize XSS Kurt Seifried (Jan 05)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Kurt Seifried (Jan 05)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Jan 05)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Jan 06)
Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003) Kurt Seifried (Jan 06)
Re: CVE request: redmine issues Kurt Seifried (Jan 06)
Re: CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Kurt Seifried (Jan 07)
Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 09)
Re: CVE request for OpenTTD Kurt Seifried (Jan 09)
Re: Malicious devices & vulnerabilties Kurt Seifried (Jan 09)
Re: CVE request: znc Kurt Seifried (Jan 10)
CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried (Jan 10)
Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability Kurt Seifried (Jan 10)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried (Jan 10)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Kurt Seifried (Jan 10)
Re: CVE request: kernel: xfs heap overflow Kurt Seifried (Jan 10)
Re: CVE request: kernel: xfs heap overflow Kurt Seifried (Jan 10)
glib2 hash dos oCert-2011-003 Kurt Seifried (Jan 10)
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Kurt Seifried (Jan 11)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 11)
Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() Kurt Seifried (Jan 12)
Re: CVE request -- kernel: kvm: syscall instruction induced guest panic Kurt Seifried (Jan 12)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 12)
Re: CVE request: Mediawiki Kurt Seifried (Jan 12)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 13)
Re: CVE request for OpenTTD Kurt Seifried (Jan 13)
Re: CVE request for OpenTTD - use CVE-2012-0049! Kurt Seifried (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 14)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 14)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 15)
Re: details about Tahoe-LAFS security problem #1654 Kurt Seifried (Jan 15)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 15)
Re: CVE-request: golismero symlink vulnerability Kurt Seifried (Jan 17)
Re: CVE Request: overlayfs Kurt Seifried (Jan 17)
Re: Re: pwgen: non-uniform distribution of passwords Kurt Seifried (Jan 17)
Re: gpw password generator giving short password at low rate Kurt Seifried (Jan 17)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Kurt Seifried (Jan 18)
Re: CVE affected for PHP 5.3.9 ? Kurt Seifried (Jan 18)
Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active Kurt Seifried (Jan 18)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 18)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 18)
Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS Kurt Seifried (Jan 18)
Re: CVE-request: WordPress 3.1.1 Kurt Seifried (Jan 18)
Re: CVE request: tucan insecure plugin update mechanism Kurt Seifried (Jan 19)
Re: Screen locking programs on Xorg 1.11 Kurt Seifried (Jan 19)
CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried (Jan 19)
Re: CVE request: usbmuxd 1.0.7 "receive_packet()" Buffer Overflow Vulnerability Kurt Seifried (Jan 19)
Potential security issues fixed in PHP 5.3.9 Kurt Seifried (Jan 20)
Re: CVE request: Wireshark multiple vulnerabilities Kurt Seifried (Jan 20)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Kurt Seifried (Jan 20)
Re: CVE Request for spamdyke "STARTTLS" Plaintext Kurt Seifried (Jan 20)
Re: CVE request: Jenkins Kurt Seifried (Jan 20)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Jan 20)
Re: Potential security issues fixed in PHP 5.3.9 Kurt Seifried (Jan 20)
Re: CVE request: smokeping XSS Kurt Seifried (Jan 21)
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried (Jan 21)
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Kurt Seifried (Jan 21)
Re: CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Kurt Seifried (Jan 22)
Re: CVE request: spamdyke buffer overflow vulnerability Kurt Seifried (Jan 23)
Re: CVE id assignment dates Kurt Seifried (Jan 24)
Re: XSLT issue in MoinMoin Kurt Seifried (Jan 24)
Re: CVE request: bip buffer overflow Kurt Seifried (Jan 24)
Re: CVE requests: Suhosin extension / as31 Kurt Seifried (Jan 24)
Re: TWSL2012-002: Multiple Vulnerabilities in WordPress Kurt Seifried (Jan 26)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Kurt Seifried (Jan 26)
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried (Jan 26)
Re: CVE request: wicd writes sensitive information in log files (password, passphrase...) Kurt Seifried (Jan 26)
CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 26)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 26)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 26)
Re: XSLT issue in MoinMoin Kurt Seifried (Jan 26)
Re: Subscribe to linux-distros Kurt Seifried (Jan 27)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 27)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 27)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Kurt Seifried (Jan 28)
Re: Fwd Joomla! Security News 2012-01 Kurt Seifried (Jan 30)
Re: (maybe) CVE request: libvpx before 1.0 crasher Kurt Seifried (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Kurt Seifried (Jan 31)
gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 31)
Re: gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 31)
Re: Fwd: Apache HTTP Server 2.2.22 Released Kurt Seifried (Feb 01)
Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Kurt Seifried (Feb 01)
Re: Mibew messenger multiple XSS Kurt Seifried (Feb 01)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Feb 01)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 02)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 02)
Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 02)
Re: CVE request: phpldapadmin "base" Cross-Site Scripting Vulnerability Kurt Seifried (Feb 03)
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried (Feb 03)
Re: Adding Xen.org contact to linux-distros security list Kurt Seifried (Feb 03)
Re: CVE-request: Joomla! Security News 2012-02-03 Kurt Seifried (Feb 03)
CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried (Feb 07)
Re: CVE request: Hash DoS vulnerability (ocert-2011-003) Kurt Seifried (Feb 07)
Re: CVE request: apr - Hash DoS vulnerability Kurt Seifried (Feb 09)
MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 09)
Re: CVE request: surf Kurt Seifried (Feb 10)
Re: CVE request: surf Kurt Seifried (Feb 11)
Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request Kurt Seifried (Feb 13)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 13)
Re: CVE-request: Webcalendar 1.2.4 location XSS Kurt Seifried (Feb 13)
Re: CVE Requests for FFmpeg 0.9.1 Kurt Seifried (Feb 14)
Re: CVE request: mumble local information disclosure Kurt Seifried (Feb 15)
Re: CVE request: mumble local information disclosure Kurt Seifried (Feb 16)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 17)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability Kurt Seifried (Feb 18)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Kurt Seifried (Feb 20)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 20)
Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 20)
Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Feb 20)
Re: CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root Kurt Seifried (Feb 23)
Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues Kurt Seifried (Feb 23)
Re: MySQL 0-day - does it need a CVE? Kurt Seifried (Feb 24)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Feb 26)
Re: Case YVS Image Gallery Kurt Seifried (Feb 27)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
Re: CVE Request -- Multiple instances of insecure temporary file use Kurt Seifried (Feb 27)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 27)
Re: Re: DesktopOnNet 3 Beta LFI Kurt Seifried (Feb 27)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Kurt Seifried (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Feb 28)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried (Feb 28)
Re: CVE request: init script x11-common creates directories in insecure manners Kurt Seifried (Feb 29)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
Re: Bugs in "file" program VU#621745 Kurt Seifried (Feb 29)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Kurt Seifried (Mar 02)
Re: CVE Request: NetworkManager arbitrary file access Kurt Seifried (Mar 02)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Mar 02)
Re: CVE-request: Joomla core information disclosure 1.7.1 Kurt Seifried (Mar 02)
Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws Kurt Seifried (Mar 03)
Re: CVE-request: systemd local denial of login or local users can create arbitrary services Kurt Seifried (Mar 05)
Re: CVE Request: XML entity expansion in the XML::Atom Perl module Kurt Seifried (Mar 05)
Re: CVE request: notmuch Kurt Seifried (Mar 05)
Re: CVE Requests for phpCAS Kurt Seifried (Mar 05)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 05)
Ruby on Rails github compromise Kurt Seifried (Mar 05)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 05)
Re: CVE request: mwlib < 0.13.5 DoS flaw Kurt Seifried (Mar 05)
Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities Kurt Seifried (Mar 05)
Re: CVE Request: lightdm Kurt Seifried (Mar 05)
Re: Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability Kurt Seifried (Mar 05)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Kurt Seifried (Mar 05)
Re: CVE request: mantisbt before 1.2.9 Kurt Seifried (Mar 06)
Re: CVE-request: phxEventManager search.php search_terms Parameter SQL Injection Kurt Seifried (Mar 06)
Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution Kurt Seifried (Mar 06)
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried (Mar 06)
Re: CVE-request: Joomla! Security News 2012-03 Kurt Seifried (Mar 06)
Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Kurt Seifried (Mar 06)
Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Kurt Seifried (Mar 07)
CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern Kurt Seifried (Mar 08)
Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection Kurt Seifried (Mar 08)
Re: CVE-request: phpMyFAQ index.php URI XSS Kurt Seifried (Mar 08)
expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried (Mar 09)
Re: expat 2.1.0beta fixes 5 Denial of Service attacks, CVE's/details inside Kurt Seifried (Mar 09)
CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried (Mar 10)
Re: Attack on badly configured Netfilter-based firewalls Kurt Seifried (Mar 10)
Re: CVE Request: Python Hash DoS (Issue 13703) Kurt Seifried (Mar 10)
Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws Kurt Seifried (Mar 10)
Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Kurt Seifried (Mar 10)
Re: CVE-request: Ariadne 2.7.6 XSS Kurt Seifried (Mar 10)
Re: CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry Kurt Seifried (Mar 12)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
Re: CVE request: openssl: null pointer dereference issue Kurt Seifried (Mar 12)
Re: CVE Request: ldm (LTSP display manager) Kurt Seifried (Mar 12)
Re: CVE request: gnash integer overflow Kurt Seifried (Mar 14)
Re: CVE request: Two Pidgin crashes Kurt Seifried (Mar 14)
Re: CVE Request: libgdata did not verify SSL certificates Kurt Seifried (Mar 14)
Re: CVE request: pyfribidi buffer overflow flaw Kurt Seifried (Mar 14)
Re: running the distros lists Kurt Seifried (Mar 14)
Re: Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Kurt Seifried (Mar 15)
Re: running the distros lists Kurt Seifried (Mar 15)
Re: CVE request: eZ Publish: unspecified vulnerability Kurt Seifried (Mar 15)
Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers Kurt Seifried (Mar 15)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Kurt Seifried (Mar 16)
Drupal CORE and Drupal Contrib Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE Requests Kurt Seifried (Mar 16)
Re: CVE request for bitlebee Kurt Seifried (Mar 19)
Re: CVE request: piwik before 1.6 Kurt Seifried (Mar 19)
Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017 Kurt Seifried (Mar 19)
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried (Mar 19)
Re: Joomla! Security News 2012-03-16 Kurt Seifried (Mar 19)
Re: Case YVS Image Gallery Kurt Seifried (Mar 19)
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried (Mar 19)
LinuxMint - temp file creation vulns in mintNanny and mintUpdate Kurt Seifried (Mar 19)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Kurt Seifried (Mar 20)
Re: CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Kurt Seifried (Mar 20)
Re: CVE request: eZ Publish: insecure direct object reference Kurt Seifried (Mar 20)
Re: CVE request: maradns deleted domain record cache persistance flaw Kurt Seifried (Mar 20)
Re: Re: Bugs in "file" program VU#621745 Kurt Seifried (Mar 20)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 21)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried (Mar 22)
Re: Re: [security] Drupal CORE and Drupal Contrib Kurt Seifried (Mar 22)
CVE for OpenBSD random() bug? Kurt Seifried (Mar 22)
Re: MediaWiki security and maintenance release 1.18.2 Kurt Seifried (Mar 23)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour Kurt Seifried (Mar 23)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (Mar 23)
Re: CVE-request: MyBB 1.6 <= SQL Injection Kurt Seifried (Mar 23)
Re: CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability Kurt Seifried (Mar 23)
Re: CVE for OpenBSD random() bug? Kurt Seifried (Mar 23)
Re: CVE-request: ImpressPages CMS Unspecified Remote Code Execution Kurt Seifried (Mar 23)
CVEs for MediaWiki security and maintenance release 1.18.2 Kurt Seifried (Mar 24)
Re: CVE-Request taglib vulnerabilities Kurt Seifried (Mar 26)
Re: CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Kurt Seifried (Mar 26)
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
Re: CVE id request: cifs-utils Kurt Seifried (Mar 27)
Re: CVE request: distutils creates ~/.pypirc insecurely Kurt Seifried (Mar 27)
Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Kurt Seifried (Mar 28)
Re: CVE request: Struts2 xsltResult local code execution flaw Kurt Seifried (Mar 28)
Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 Kurt Seifried (Mar 28)
Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried (Mar 29)
Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007) Kurt Seifried (Mar 29)
Re: CVE-request: e107 HTB23004 Kurt Seifried (Mar 29)
Re: CVE request: eZ Publish XSS Kurt Seifried (Mar 29)
Re: CVE-request: Joomla 20120305 / 20120306 Kurt Seifried (Mar 29)
Re: CVE request: phppgadmin before 5.0.4 XSS Kurt Seifried (Mar 29)
Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa Kurt Seifried (Mar 29)
Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Kurt Seifried (Mar 30)
Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080 Kurt Seifried (Mar 30)
Re: CVE request: egroupware before 1.8.002 various security issues Kurt Seifried (Mar 30)
Re: CVE request: TYPO3-CORE-SA-2012-001 Kurt Seifried (Mar 30)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried (Mar 30)
Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Kurt Seifried (Mar 31)

Larry Stefonic

Re: MySQL 0-day - does it need a CVE? Larry Stefonic (Feb 24)

Luc ABRIC

CVE request: eZ Publish: unspecified vulnerability Luc ABRIC (Mar 15)
CVE request: eZ Publish: insecure direct object reference Luc ABRIC (Mar 19)
RE: CVE request: eZ Publish: insecure direct object reference Luc ABRIC (Mar 20)
CVE request: eZ Publish XSS Luc ABRIC (Mar 28)
CVE 2012-1565 Insecure object reference Luc ABRIC (Mar 28)

Luciano Bello

CVE request: bip buffer overflow Luciano Bello (Jan 24)

Ludwig Nussel

Re: Malicious devices & vulnerabilties Ludwig Nussel (Jan 09)
Re: CVE request: mumble local information disclosure Ludwig Nussel (Feb 16)
CVE Request: NetworkManager arbitrary file access Ludwig Nussel (Feb 29)
CVE Request: libgdata did not verify SSL certificates Ludwig Nussel (Mar 14)
Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 21)
Re: CVE-Request taglib vulnerabilities Ludwig Nussel (Mar 26)
postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel (Mar 30)

Marc Deslauriers

CVE Request: overlayfs Marc Deslauriers (Jan 17)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Marc Deslauriers (Jan 27)
Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 02)
CVE Request: lightdm Marc Deslauriers (Mar 05)
CVE Request: ldm (LTSP display manager) Marc Deslauriers (Mar 12)
Re: CVE Request: libgdata did not verify SSL certificates Marc Deslauriers (Mar 14)

Marcus Meissner

CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Marcus Meissner (Feb 03)
Re: Subscribe to linux-distros? Marcus Meissner (Feb 13)
Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status Marcus Meissner (Feb 29)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Marcus Meissner (Mar 20)
openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)
Re: Re: openssl security issue or not? (CVE Request?) Marcus Meissner (Mar 23)

Mark Doliner

CVE request: Two Pidgin crashes Mark Doliner (Mar 14)

Mark Stanislav

CVE Requests Mark Stanislav (Mar 15)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 16)
Re: CVE Requests Mark Stanislav (Mar 16)

Mark Thomas

Re: Re: CVE-2011-4858 confusion Mark Thomas (Jan 05)

Mateusz Goik

Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)

Matthew Jordan

Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws Matthew Jordan (Mar 16)

Matthias Weckbecker

Subscribe to linux-distros? Matthias Weckbecker (Feb 13)
CVE request: openssl: null pointer dereference issue Matthias Weckbecker (Feb 27)

Matt Watchinski

Re: Vulnerabilities reported in ClamAV 0.96.4 Matt Watchinski (Mar 22)

Michael Gilbert

Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 19)
Re: Screen locking programs on Xorg 1.11 Michael Gilbert (Jan 19)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Jan 23)
Re: CVE id assignment dates Michael Gilbert (Jan 24)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 04)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 04)
Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 04)

Michael Harrison

CVE Request for spamdyke "STARTTLS" Plaintext Injection Vulnerability Michael Harrison (Jan 06)
Re: CVE request: spamdyke buffer overflow vulnerability Michael Harrison (Jan 23)

Michael Niedermayer

CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)
Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)
Re: CVE Requests for FFmpeg 0.9.1 Michael Niedermayer (Jan 05)
Re: Re: pwgen: non-uniform distribution of passwords Michael Niedermayer (Jan 20)

Mike O'Connor

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Mike O'Connor (Jan 02)

Moritz Muehlenhoff

Two CVE requests Moritz Muehlenhoff (Jan 02)
CVE request: Pidgin Moritz Muehlenhoff (Jan 04)
Re: CVE Request: Security issue in backuppc Moritz Muehlenhoff (Jan 04)
CVE request: redmine issues Moritz Muehlenhoff (Jan 06)
CVE request: znc Moritz Muehlenhoff (Jan 08)
Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries Moritz Muehlenhoff (Jan 10)
CVE request: Mediawiki Moritz Muehlenhoff (Jan 12)
CVE request: Jenkins Moritz Muehlenhoff (Jan 16)
CVE requests: Suhosin extension / as31 Moritz Muehlenhoff (Jan 24)
CVE request: apr - Hash DoS vulnerability Moritz Muehlenhoff (Feb 08)
CVE request: XML::Atom Perl module Moritz Muehlenhoff (Mar 04)
Re: Re: [security] Drupal CORE and Drupal Contrib Moritz Muehlenhoff (Mar 21)

Moritz Mühlenhoff

Re: CVE Request: Security issue in backuppc Moritz Mühlenhoff (Jan 03)
CVE request: notmuch Moritz Mühlenhoff (Mar 04)

muuratsalo experimental hack lab

Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. muuratsalo experimental hack lab (Feb 20)

Nanakos Chrysostomos

Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 30)
Re: Re: Yubiserver package ships with pre-filled identities Nanakos Chrysostomos (Jan 31)

Nanakos V. Chrysostomos

Re: Yubiserver package ships with pre-filled identities Nanakos V. Chrysostomos (Jan 30)

Netsparker Advisories

Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Netsparker Advisories (Jan 03)

Nick Kralevich

Re: CVE request -- kernel: execshield: predictable ascii armour base address Nick Kralevich (Mar 20)

Nico Golde

speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 01)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 02)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Nico Golde (Jan 03)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde (Feb 20)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Nico Golde (Feb 20)
CVE id request: cifs-utils Nico Golde (Mar 27)

Nicolas Grégoire

CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 13)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 15)
Re: CVE affected for PHP 5.3.9 ? Nicolas Grégoire (Jan 15)
XSLT issue in MoinMoin Nicolas Grégoire (Jan 24)
Re: XSLT issue in MoinMoin Nicolas Grégoire (Jan 24)

nicolas vigier

Sudo format string vulnerability (CVE 2012-0809) nicolas vigier (Jan 30)

Oswald Buddenhagen

Re: Disputing CVE-2011-4122 Oswald Buddenhagen (Jan 02)

Patrick R McDonald

Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald (Jan 26)
Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0 Patrick R McDonald (Jan 26)

Petr Matousek

CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 04)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 05)
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek (Jan 05)
CVE request -- kernel: kvm: syscall instruction induced guest panic Petr Matousek (Jan 11)
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Petr Matousek (Feb 07)
CVE request -- kernel: block: CLONE_IO io_context refcounting issues Petr Matousek (Feb 23)
CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount Petr Matousek (Feb 28)
CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops Petr Matousek (Mar 07)
CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON() Petr Matousek (Mar 15)
CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek (Mar 20)
Re: CVE request -- kernel: execshield: predictable ascii armour base address Petr Matousek (Mar 21)
CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency Petr Matousek (Mar 29)

Pierre Joye

Re: Potential security issues fixed in PHP 5.3.9 Pierre Joye (Jan 20)
Re: PHP remote code execution introduced via HashDoS fix Pierre Joye (Feb 03)

Rafał Malinowski

Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)

Ramon de C Valle

CVE request: ghostscript: system initialization file uncontrolled search path element Ramon de C Valle (Jan 04)
Subscribe to linux-distros Ramon de C Valle (Jan 27)
Re: Subscribe to linux-distros Ramon de C Valle (Jan 27)

Robert Haas

Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas (Mar 30)
Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Robert Haas (Mar 30)

Roland Gruber

Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber (Mar 06)
Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Roland Gruber (Mar 12)
CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 18)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 19)
Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php Ronald van den Blink (Jan 19)

Rubidium

CVE request for OpenTTD Rubidium (Jan 07)

Samuel J. Greear

Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Samuel J. Greear (Jan 20)

Sebastian Krahmer

CVE-2011-4858 confusion Sebastian Krahmer (Jan 04)
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer (Feb 27)
Re: Attack on badly configured Netfilter-based firewalls Sebastian Krahmer (Feb 27)

Sebastian Pipping

Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Jan 01)
Re: mpack 1.6 allows eavesdropping on mails sent by other users Sebastian Pipping (Jan 19)
Re: Screen locking programs on Xorg 1.11 Sebastian Pipping (Jan 19)

Solar Designer

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 01)
OpenSSL and *BSD *_Final context struct zeroization (was: weird crypt-sha* in DragonFly BSD) Solar Designer (Jan 01)
Re: OpenBSD bcrypt error return Solar Designer (Jan 02)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Jan 02)
Re: *BSD's DES-based crypt(3) treats all invalid salt chars as '.' Solar Designer (Jan 02)
OpenBSD bcrypt 8-bit key_len wraparound Solar Designer (Jan 02)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 02)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 02)
Re: Disputing CVE-2011-4122 Solar Designer (Jan 02)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 03)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 03)
Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) Solar Designer (Jan 12)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 16)
pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 17)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 19)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 19)
Re: Request for linux-distros () vs openwall org membership Solar Designer (Jan 20)
distros & linux-distros embargo period and message format Solar Designer (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 20)
Re: distros & linux-distros embargo period and message format Solar Designer (Jan 20)
Re: pdf attacks vectors Solar Designer (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 20)
Re: pdf attacks vectors Solar Designer (Jan 20)
Re: weird crypt-sha* in DragonFly BSD Solar Designer (Jan 21)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling Solar Designer (Jan 22)
Re: pwgen: non-uniform distribution of passwords Solar Designer (Jan 22)
CVE id assignment dates Solar Designer (Jan 23)
testing pwqgen Solar Designer (Jan 27)
Re: Subscribe to linux-distros Solar Designer (Jan 27)
Re: non-Linux advance notification list Solar Designer (Jan 27)
Re: non-Linux advance notification list Solar Designer (Jan 27)
Re: non-Linux advance notification list Solar Designer (Jan 28)
Fwd: Apache HTTP Server 2.2.22 Released Solar Designer (Feb 01)
Re: Fwd: Apache HTTP Server 2.2.22 Released Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: Subscribe to linux-distros Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 02)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 02)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 02)
Re: PHP remote code execution introduced via HashDoS fix Solar Designer (Feb 02)
Re: Subscribe to linux-distros Solar Designer (Feb 03)
Re: Adding Xen.org contact to linux-distros security list Solar Designer (Feb 03)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 04)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 04)
Re: distros & linux-distros embargo period and message format Solar Designer (Feb 04)
CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access Solar Designer (Feb 06)
Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Solar Designer (Feb 06)
Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS Solar Designer (Feb 06)
CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer (Feb 06)
Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 08)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 09)
Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/<pid>/maps access) Solar Designer (Feb 09)
Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client Solar Designer (Feb 09)
Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 09)
Re: MySQL 0-day - does it need a CVE? Solar Designer (Feb 11)
Re: Subscribe to linux-distros? Solar Designer (Feb 14)
Re: Attack on badly configured Netfilter-based firewalls Solar Designer (Feb 26)
Re: Attack on badly configured Netfilter-based firewalls Solar Designer (Feb 27)
running the distros lists Solar Designer (Mar 12)
Re: running the distros lists Solar Designer (Mar 13)
Re: running the distros lists Solar Designer (Mar 13)
Re: running the distros lists Solar Designer (Mar 14)
Re: CVE request: eZ Publish: unspecified vulnerability Solar Designer (Mar 15)
Re: running the distros lists Solar Designer (Mar 16)
Re: CVE Requests Solar Designer (Mar 16)
Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 27)
Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Solar Designer (Mar 29)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer (Mar 30)

Stefan Cornelius

CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via "nargs" integer overflow Stefan Cornelius (Feb 17)
CVE-2012-1106 assignment notification -- abrt: Setuid process core dump archived with unsafe GID permissions Stefan Cornelius (Mar 05)
CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 Stefan Cornelius (Mar 19)
CVE request: libtasn1 "asn1_get_length_der()" DER decoding issue Stefan Cornelius (Mar 20)
CVE request: GnuTLS TLS record handling issue / MU-201202-01 Stefan Cornelius (Mar 21)

Steffen Dettmer

SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver Steffen Dettmer (Mar 31)

Steven M. Christey

Re: CVE-request: PHP Booking Calendar 10e XSS Steven M. Christey (Jan 03)
Re: CVE Request: Security issue in backuppc Steven M. Christey (Jan 04)
Re: CVE request: Pidgin Steven M. Christey (Jan 04)
Re: CVE Requests for FFmpeg 0.9.1 Steven M. Christey (Jan 05)
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 12)
Re: CVE request: Wireshark multiple vulnerabilities Steven M. Christey (Jan 12)
Re: Re: pwgen: non-uniform distribution of passwords Steven M. Christey (Jan 17)
Re: gpw password generator giving short password at low rate Steven M. Christey (Jan 17)
Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP Steven M. Christey (Jan 20)
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Steven M. Christey (Jan 20)
Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18 Steven M. Christey (Jan 22)
Re: CVE id assignment dates Steven M. Christey (Jan 23)
Re: CVE id assignment dates Steven M. Christey (Jan 24)
Re: Re: Yubiserver package ships with pre-filled identities Steven M. Christey (Jan 31)
XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS) Steven M. Christey (Feb 01)
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2. Steven M. Christey (Feb 23)

Stuart Henderson

Re: non-Linux advance notification list Stuart Henderson (Jan 28)

The Fungi

Re: speaking of DoS, openssh and dropbear (CVE-2006-1206) The Fungi (Jan 05)
Re: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour The Fungi (Mar 23)

Thijs Kinkhorst

CVE request: simpleSAMLphp 1.8.2 cross site scripting Thijs Kinkhorst (Jan 11)

Thomas Klausner

Re: distros & linux-distros embargo period and message format Thomas Klausner (Feb 01)
Re: running the distros lists Thomas Klausner (Mar 13)

Tim Brown

Partial ASLR bypass Tim Brown (Mar 02)
Re: running the distros lists Tim Brown (Mar 14)
Re: CVE Requests Tim Brown (Mar 16)
Re: CVE Requests Tim Brown (Mar 16)

Timothy D. Morgan

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) Timothy D. Morgan (Mar 27)

Timo Warns

CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 21)
Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 29)

Tim Sammut

CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Tim Sammut (Mar 28)

Tim Zingelman

Re: Screen locking programs on Xorg 1.11 Tim Zingelman (Jan 19)

Todd C. Miller

Re: CVE for OpenBSD random() bug? Todd C. Miller (Mar 22)

Tomas Hoger

PHP remote code execution introduced via HashDoS fix Tomas Hoger (Feb 02)
Re: MySQL 0-day - does it need a CVE? Tomas Hoger (Feb 24)
Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189 Tomas Hoger (Mar 06)
Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 12)
Re: CVE request: openssl: null pointer dereference issue Tomas Hoger (Mar 13)
Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 Tomas Hoger (Mar 21)
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Tomas Hoger (Mar 30)

Török Edwin

Re: Vulnerabilities reported in ClamAV 0.96.4 Török Edwin (Mar 22)

valentino.angeletti

R: pwgen: non-uniform distribution of passwords valentino.angeletti (Jan 19)

Vasiliy Kulikov

Re: Malicious devices & vulnerabilties Vasiliy Kulikov (Jan 09)

Vincent Danen

CVE request: maradns hash table collision cpu dos Vincent Danen (Jan 03)
Re: CVE request: maradns hash table collision cpu dos Vincent Danen (Jan 03)
Re: Re: CVE-2011-4858 confusion Vincent Danen (Jan 04)
CVE request: tucan insecure plugin update mechanism Vincent Danen (Jan 19)
CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities Vincent Danen (Jan 20)
CVE request: smokeping XSS Vincent Danen (Jan 20)
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478 Vincent Danen (Feb 10)
CVE request: mumble local information disclosure Vincent Danen (Feb 15)
CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data Vincent Danen (Feb 22)
CVE request: mwlib < 0.13.5 DoS flaw Vincent Danen (Mar 05)
Re: CVE request: smokeping XSS Vincent Danen (Mar 06)
CVE request: pyfribidi buffer overflow flaw Vincent Danen (Mar 14)
CVE request: gnash integer overflow Vincent Danen (Mar 14)
Was a CVE ever assigned for Python SimpleHTTPServer.py XSS? Vincent Danen (Mar 14)
CVE request: maradns deleted domain record cache persistance flaw Vincent Danen (Mar 20)
Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen (Mar 21)
Re: Vulnerabilities reported in ClamAV 0.96.4 Vincent Danen (Mar 21)
CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)
Re: CVE request: distutils creates ~/.pypirc insecurely Vincent Danen (Mar 27)

vladz

CVE request: init script x11-common creates directories in insecure manners vladz (Feb 28)
Re: CVE request: init script x11-common creates directories in insecure manners vladz (Mar 01)

VSR Advisories

Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) VSR Advisories (Mar 27)

Werner LEMBERG

Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 Werner LEMBERG (Mar 07)

Whitney Houston

DesktopOnNet 3 Beta LFI Whitney Houston (Feb 27)
Re: DesktopOnNet 3 Beta LFI Whitney Houston (Feb 27)

William Pitcock

atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock (Mar 22)
Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour William Pitcock (Mar 22)

Xi Wang

Malicious devices & vulnerabilties Xi Wang (Jan 07)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
Re: Malicious devices & vulnerabilties Xi Wang (Jan 08)
CVE request: kernel: xfs heap overflow Xi Wang (Jan 10)

yersinia

Re: Attack on badly configured Netfilter-based firewalls yersinia (Feb 27)

YGN Ethical Hacker Group

CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 12)
Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability YGN Ethical Hacker Group (Feb 16)
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Feb 20)
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability YGN Ethical Hacker Group (Mar 05)
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Mar 05)

Yves-Alexis Perez

Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez (Jan 15)
gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
Re: gpw password generator giving short password at low rate Yves-Alexis Perez (Jan 17)
Re: Screen locking programs on Xorg 1.11 Yves-Alexis Perez (Jan 19)
Re: CVE-request: WordPress 3.1.1 Yves-Alexis Perez (Jan 19)
Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue Yves-Alexis Perez (Jan 19)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez (Jan 27)
Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients Yves-Alexis Perez (Jan 27)
Re: Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP Yves-Alexis Perez (Feb 01)
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Re: MySQL 0-day - does it need a CVE? Yves-Alexis Perez (Feb 09)
Re: Attack on badly configured Netfilter-based firewalls Yves-Alexis Perez (Feb 25)

Zooko Wilcox-O'Hearn

details about Tahoe-LAFS security problem #1654 Zooko Wilcox-O'Hearn (Jan 13)
ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1 Zooko Wilcox-O'Hearn (Jan 15)

Zubin Mithra

CVE-Request taglib vulnerabilities Zubin Mithra (Mar 04)
Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 05)
Re: CVE-Request taglib vulnerabilities Zubin Mithra (Mar 21)
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]