Home page logo
/

578 messages starting Apr 02 12 and ending Jun 30 12
Date index | Thread index | Author index

Monday, 02 April

CVE request: OSClass directory traversal vulnerability Filippo Cavallarin
CVEs assigned for Movable Type 4.36 and 5.05 security updates Henri Salo
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried
Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kevin Grittner
Re: CVE request: OSClass directory traversal vulnerability Filippo Cavallarin
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried

Tuesday, 03 April

Re: CVE request: OSClass directory traversal vulnerability Henri Salo
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Henri Salo
CVE-request: Joomla 2012-04 398-20120307 399-20120308 Henri Salo
Fw: [vs] RPM issues Tomas Hoger
Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 Kurt Seifried
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 Kurt Seifried
fix to CVE-2009-4307 akuster
CVE request: privilege escalation in sectool Vincent Danen

Wednesday, 04 April

Re: fix to CVE-2009-4307 Kurt Seifried
Re: CVE request: privilege escalation in sectool Kurt Seifried
Re: fix to CVE-2009-4307 Xi Wang
Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 Ludwig Nussel
Re: Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Steffen Dettmer
CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259 Stefan Cornelius
Re: CVE request: OSClass directory traversal vulnerability Kurt Seifried
Re: fix to CVE-2009-4307 akuster
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kurt Seifried
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Kurt Seifried
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters Tom Lane

Thursday, 05 April

expat hash collision fix too predictable? Marcus Meissner
Re: expat hash collision fix too predictable? Andreas Ericsson
Re: expat hash collision fix too predictable? Kurt Seifried

Friday, 06 April

CVE Request: slock-0.9 displays modal box after locking Kurt Seifried
Re: CVE Request: slock-0.9 displays modal box after locking Kurt Seifried

Saturday, 07 April

CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried
libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Solar Designer
Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Moritz Muehlenhoff

Sunday, 08 April

CVE request: gajim - code execution and sql injection David Black
Re: CVE request: gajim - code execution and sql injection Kurt Seifried
CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface Kurt Seifried

Monday, 09 April

Re: CVE request: gajim - code execution and sql injection Carlos Alberto Lopez Perez
Re: CVE request: gajim - code execution and sql injection Kurt Seifried
Re: CVE request: gajim - code execution and sql injection Yves-Alexis Perez
Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface Kurt Seifried
Dispute Taggator Plugin for WordPress taggator.php tagid Parameter SQL Injection Henri Salo

Tuesday, 10 April

CVE id request for imagemagick, libpng and tiff Nico Golde
CVE id request for links2 Nico Golde
Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried
Re: CVE id request for imagemagick, libpng and tiff Nico Golde
Re: CVE id request for imagemagick, libpng and tiff Kurt Seifried
gajim insecure file creation when using latex Nico Golde
Re: CVE id request for links2 Huzaifa Sidhpurwala
CVE Request: cobbler (Ubuntu-specific) Marc Deslauriers
CVE Request: FlightGear and Simgear Multiple vulnerabilities Andres Gomez
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ISPConfig.org - Till Brehm
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried
Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities Kurt Seifried
Re: CVE Request: cobbler (Ubuntu-specific) Kurt Seifried
Re: gajim insecure file creation when using latex Kurt Seifried
Re: CVE id request for links2 Kurt Seifried

Wednesday, 11 April

Re: fix to CVE-2009-4307 Petr Matousek
CVE id request: wicd Nico Golde
Re: CVE id request: wicd Kurt Seifried
CVE Request for Drupal Contributed Advisories on 2012-04-11 Greg Knaddison
Re: fix to CVE-2009-4307 Xi Wang
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison

Thursday, 12 April

Re: CVE id request for links2 Nico Golde
Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 Kurt Seifried
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Kurt Seifried
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) Greg Knaddison
CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo
CVE request: cobbler lack of csrf protection, code execution David Black
Re: CVE request: cobbler lack of csrf protection, code execution Jan Lieskovsky
Re: CVE request: cobbler lack of csrf protection, code execution David Black
nginx security advisory: mp4 module vulnerability, CVE-2012-2089 Andrew Alexeev
Re: CVE request: cobbler lack of csrf protection, code execution Kurt Seifried
Re: fix to CVE-2009-4307 Kurt Seifried
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried

Friday, 13 April

CVE Request: Heap corruption in openjpeg Huzaifa Sidhpurwala
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo
Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried
Re: CVE Request: Heap corruption in openjpeg Kurt Seifried
CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Stefan Cornelius
Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE Kurt Seifried

Sunday, 15 April

Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo
CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group

Monday, 16 April

CVE Requests: Multiple security flaws in csound5 Huzaifa Sidhpurwala
Re: CVE id request: wicd Sebastian Krahmer
CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Henri Salo
CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Henri Salo
CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried
Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Kurt Seifried
Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS Kurt Seifried
Re: CVE Requests: Multiple security flaws in csound5 Kurt Seifried
Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried

Tuesday, 17 April

CVE-request: OpenEMR 4.1.0 SQL-injection Henri Salo
Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne
Re: CVE-request: WordPress 3.1.1 Henri Salo
Re: CVE-request: WordPress 3.1.1 Henri Salo
CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Henri Salo
Acuity CMS 2.6.x <= Cross Site Scripting YGN Ethical Hacker Group

Wednesday, 18 April

Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core Kurt Seifried
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried
Re: CVE-request: WordPress 3.1.1 Kurt Seifried
Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne
Stack-based buffer overflow in musl libc 0.8.7 and earlier Rich Felker
Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier Kurt Seifried
Re: CVE-request: OpenEMR 4.1.0 SQL-injection Kurt Seifried
CVE request: Xorg input device format string flaw Kees Cook
Re: CVE request: Xorg input device format string flaw Kurt Seifried
Re: CVE request: Xorg input device format string flaw Kees Cook
CVE Request for Drupal Contributed Advisories on 2012-04-18 Greg Knaddison

Thursday, 19 April

Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 Kurt Seifried
Re: CVE request: Xorg input device format string flaw Kurt Seifried
Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph
Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen
Re: CVE-request: WordPress 3.1.1 Henri Salo
Re: CVE Requests: Multiple security flaws in csound5 john ffitch
CVE request -- kernel: kvm: device assignment page leak Petr Matousek
CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Jan Lieskovsky
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Caolán McNamara
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Miklos Vajna
CVE request: latex2man / texlive Matthias Weckbecker
CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages Petr Matousek
Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages Kurt Seifried
Re: CVE request: latex2man / texlive Kurt Seifried
Re: CVE request -- kernel: kvm: device assignment page leak Kurt Seifried
Re: CVE-request: WordPress 3.1.1 Kurt Seifried
Re: Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer Moritz Muehlenhoff
CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner

Friday, 20 April

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eugene Teo
CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Eugene Teo
Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used Kurt Seifried
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Andrew Morton
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Eric W. Biederman
OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com
R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 pinto.elia () gmail com
CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 Stefan Cornelius
CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Jan Lieskovsky
Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version Kurt Seifried
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Kurt Seifried

Saturday, 21 April

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Pavel Emelyanov

Sunday, 22 April

Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 Marcus Meissner
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer
CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Jan Lieskovsky

Monday, 23 April

Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data Kurt Seifried
Security vulnerabilities fixed in WordPress 3.3.2 Henri Salo
Re: Security vulnerabilities fixed in WordPress 3.3.2 cve-assign
Re: Re: Security vulnerabilities fixed in WordPress 3.3.2 Kurt Seifried
Asterisk AST-2012-004 AST-2012-005 AST-2012-006 cve-assign

Tuesday, 24 April

Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tomas Hoger
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer
CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Sebastian Krahmer
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and their definitions during initialization Florian Weimer
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Tavis Ormandy
CVE Request: use after free bug in "quota" handling in hugetlb code Marcus Meissner
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) Solar Designer
Re: CVE Request: use after free bug in "quota" handling in hugetlb code Kurt Seifried
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Kurt Seifried
CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Jan Lieskovsky
Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap Kurt Seifried

Wednesday, 25 April

CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Kurt Seifried
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Henri Salo
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Florian Weimer
CERT Linux Triage Tools 1.0 Released INFO#208126 CERT(R) Coordination Center
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated Henri Salo
CVE request: two flaws fixed in rubygem-mail 2.4.4 Vincent Danen

Thursday, 26 April

Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 Kurt Seifried
CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Jan Lieskovsky
Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) Kurt Seifried
CVE Request: programming error in crypt(3) Xin Li

Friday, 27 April

Re: CVE Request: programming error in crypt(3) Kurt Seifried
Re: CVE Request: programming error in crypt(3) Eitan Adler
Re: CVE Request: programming error in crypt(3) Kurt Seifried
Re: CVE Request: programming error in crypt(3) Kurt Seifried
Re: CVE Request: programming error in crypt(3) Xin Li
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp
weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen

Saturday, 28 April

CVE request: webcalendar before 1.2.5 XSS Hanno Böck
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer
Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo

Sunday, 29 April

Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Kurt Seifried
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried
Page disclosure/cve updated in wiki Henri Salo

Monday, 30 April

CVE-request: SilverStripe before 2.4.4 Henri Salo
Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo
Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried
CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Hanno Böck
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Marc Deslauriers

Tuesday, 01 May

Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Florian Weimer
Re: CVE-request: SilverStripe before 2.4.4 Kurt Seifried
Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS Kurt Seifried

Wednesday, 02 May

Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Solar Designer
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Ludwig Nussel
Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca() Steve Grubb
CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Marcus Meissner
Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service Kurt Seifried
temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles cve-assign
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) Vincent Danen
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification Vincent Danen

Thursday, 03 May

CVE Request for Drupal contributed modules Greg Knaddison
Re: CVE Request for Drupal contributed modules Kurt Seifried
CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner
Security issue in libav/ffmpeg Jamie Strandboge

Friday, 04 May

CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo
Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Steve Beattie
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Ludwig Nussel
Debian/Ubuntu php_crypt_revamped.patch Solar Designer
Re: CVE Request: more tight ioctl permissions in dl2k driver Kurt Seifried
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried
CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Jan Lieskovsky
Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried
Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module Kurt Seifried
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried
Re: Debian/Ubuntu php_crypt_revamped.patch Solar Designer
Re: Debian/Ubuntu php_crypt_revamped.patch Daniel Kahn Gillmor
Re: Debian/Ubuntu php_crypt_revamped.patch Michael Gilbert
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Marcus Meissner
PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Solar Designer
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Marcus Meissner
Re: CVE Request: more tight ioctl permissions in dl2k driver Florian Weimer
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Mike O'Connor

Saturday, 05 May

[OSSA 2012-006] Horizon session fixation and reuse Russell Bryant
Re: Debian/Ubuntu php_crypt_revamped.patch Kurt Seifried
Re: CVE Request: evolution-data-server lacks SSL checking in its libsoup users Kurt Seifried

Sunday, 06 May

Re: CVE id request for links2 Kurt Seifried

Monday, 07 May

CVE request: A Pidgin remote crash Mark Doliner
connman heads up / CVE requests Sebastian Krahmer
CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Timo Warns
Re: CVE Request: more tight ioctl permissions in dl2k driver Marcus Meissner
Re: connman heads up / CVE requests Jan Lieskovsky
Re: connman heads up / CVE requests Sebastian Krahmer
Re: CVE request: A Pidgin remote crash Kurt Seifried
CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried
Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried
Re: connman heads up / CVE requests Kurt Seifried
Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem Kurt Seifried
Re: CVE Request: Pidgin XMPP remote crash (#62) Kurt Seifried
CVE request: mybb before 1.6.7 Hanno Böck
Re: CVE request: mybb before 1.6.7 Kurt Seifried

Tuesday, 08 May

Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer
Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer
CVE-request: MyBB before 1.6.1 Henri Salo
CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Alex Legler
CVE request: Piwik before 1.7 Hanno Böck
CVE request: XSS and SQL injection in serendipity before 1.7.1 Hanno Böck
Re: CVE-request: MyBB before 1.6.1 Kurt Seifried
Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure Kurt Seifried

Wednesday, 09 May

Re: CVE request: Piwik before 1.7 Kurt Seifried
Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 Kurt Seifried
Re: connman heads up / CVE requests Sebastian Krahmer
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Tomas Hoger
CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port Stefan Cornelius
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) cve-assign
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek
Re: CVE Request -- kernel: futex: clear robust_list on execve Petr Matousek
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Kurt Seifried
Re: PHP-CGI query string parameter vulnerability (CVE-2012-1823 / CVE-2012-2311, CERT VU#520827) Vincent Danen

Thursday, 10 May

Re: CVE Request -- kernel: futex: clear robust_list on execve Solar Designer
Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port Solar Designer
CVE-request: phpMyFAQ default password 1.3.2 Henri Salo
Re: CVE-request: phpMyFAQ default password 1.3.2 Kurt Seifried
CVE-request: galette sql injection Johan Cwiklinski
CVE Request for Drupal contributed modules - 2012-05-10 Greg Knaddison
CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Henri Salo

Friday, 11 May

Re: CVE-request: galette sql injection Kurt Seifried
Re: CVE Request for Drupal contributed modules - 2012-05-10 Kurt Seifried
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried
OpenSSL invalid TLS/DTLS record attack (CVE-2012-2333) Solar Designer
bug in OpenSSL's CVE-2012-0884 fix Solar Designer
CVE-2012-1597: XSS in eZ Publish Luc ABRIC
CVE request: sympa micah anderson
CVE request: sympa (try again) micah
CVE request: mahara Moritz Muehlenhoff
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Moritz Muehlenhoff
CVE request: pam_shield Jonathan Niehof

Saturday, 12 May

ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor
Re: CVE request: sympa (try again) Kurt Seifried
Re: CVE request: pam_shield Kurt Seifried
Re: CVE request: mahara Kurt Seifried
Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE Kurt Seifried
Re: CVE request: sympa (try again) micah anderson
Re: ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Solar Designer
Re: CVE request: sympa (try again) Kurt Seifried

Sunday, 13 May

Re: CVE request: Piwik before 1.7 Henri Salo
Re: CVE request: Piwik before 1.7 Hanno Böck
Re: CVE request: Piwik before 1.7 Kurt Seifried
Re: CVE request: Piwik before 1.7 Nicob

Monday, 14 May

CVE request: Bytemark Symbiosis Steve Kemp
socat security advisory Gerhard Rieger
Re: CVE request: Bytemark Symbiosis Kurt Seifried

Tuesday, 15 May

Automatic binary hardening with Autoconf Solar Designer
Using FreeBSD Capsicum for program and library sandboxing Solar Designer
Re: Using FreeBSD Capsicum for program and library sandboxing Ben Laurie
Re: Automatic binary hardening with Autoconf Steve Grubb
Re: Automatic binary hardening with Autoconf Steve Grubb
Re: Automatic binary hardening with Autoconf Marcus Meissner
Re: Automatic binary hardening with Autoconf Sebastian Krahmer
CVE Request: gdk-pixbuf Integer overflow in XBM file loader Sean Amoss
Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader Kurt Seifried
Re: CVE request: sympa (try again) micah anderson
Re: CVE request: sympa (try again) Kurt Seifried
CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Henri Salo

Wednesday, 16 May

Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability Kurt Seifried
Format string security flaw in pidgin-otr Ian Goldberg

Thursday, 17 May

CVE Request: Planeshift buffer overflow Andres Gomez
Re: CVE Request: Planeshift buffer overflow Kurt Seifried
Re: CVE Request: Planeshift buffer overflow Andres Gomez

Friday, 18 May

Re: CVE Request: Planeshift buffer overflow Kurt Seifried
100 bugs in Open Source C/C++ projects Eugene Teo
Re: CVE Request: Planeshift buffer overflow Andres Gomez
Re: CVE Request: Planeshift buffer overflow Kurt Seifried
CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Petr Matousek
CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection Jan Lieskovsky
CVE Request -- kernel: incomplete fix for CVE-2011-4131 Petr Matousek
sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Solar Designer
Re: sudo: IP addresses in sudoers with netmask may match additional hosts (CVE-2012-2337) Jan Lieskovsky
CVE-2012-2759 WordPress Login With Ajax plugin re-enlistment XSS cve-assign
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Kurt Seifried
Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection Kurt Seifried
Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 Kurt Seifried
CVE-2012-2762 Serendipity include/functions_trackbacks.inc.php SQL injection cve-assign
CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried

Saturday, 19 May

Re: libupnp buffer overflows Henri Salo
RE: libupnp buffer overflows fabrice.fontaine

Sunday, 20 May

CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried
Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) Kurt Seifried
Acuity CMS 2.6.x <= Path Traversal Arbitrary File Access YGN Ethical Hacker Group
Acuity CMS 2.6.x <= Arbitrary File Upload YGN Ethical Hacker Group
CVE request: PHP Phar - arbitrary code execution Felipe Pena

Monday, 21 May

CVE Request: some drm overflow checks Marcus Meissner
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Michael Gilbert
CVE-2011-3102 / libxml2 Moritz Muehlenhoff

Tuesday, 22 May

CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck
Re: CVE-2011-3102 / libxml2 Jan Lieskovsky
Re: CVE request: Serendipity before 1.6.2 SQL Injection Henri Salo
Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options maximilian attems
Re: CVE request: Serendipity before 1.6.2 SQL Injection Hanno Böck
CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options Kurt Seifried
Re: CVE Request: some drm overflow checks Kurt Seifried
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried
Re: CVE request: PHP Phar - arbitrary code execution Kurt Seifried
Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions Kurt Seifried
Re: Re: [klibc] [oss-security] CVE request: klibc: ipconfig sh script with unescaped DHCP options Kurt Seifried
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein

Wednesday, 23 May

Re: Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried
Moodle security notifications public Michael de Raadt
CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker
CVE request: cobbler command injection David Black
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Jan Lieskovsky
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod
CVE Request -- kernel: huge pages: memory leak on mmap failure Petr Matousek
CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin
CVE request: Multiple vulnerabilities in LogAnalyzer Filippo Cavallarin
CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Jan Lieskovsky
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Matthias Weckbecker
CVE request: haproxy trash buffer overflow flaw Vincent Danen
Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials Kurt Seifried
Re: CVE Request -- kernel: huge pages: memory leak on mmap failure Kurt Seifried
Re: CVE request: haproxy trash buffer overflow flaw Kurt Seifried
Re: CVE request: Multiple vulnerabilities in LogAnalyzer Kurt Seifried
Re: CVE Request -- wireshark: wnpa-sec-2012-08, wnpa-sec-2012-09, wnpa-sec-2012-10 Kurt Seifried
Re: CVE request: cobbler command injection Kurt Seifried

Thursday, 24 May

CVE-2012-2216 - Social Engine Multiples Vulnerabilities (XSS and CSRF) Tiago Natel de Moura
CVE Request: powerdns does not clear supplementary groups David Black
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition akuster
Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition Petr Matousek
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb
Re: CVE Request: powerdns does not clear supplementary groups Miloslav Trmac
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried
Re: CVE Request: powerdns does not clear supplementary groups Solar Designer
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried
Re: CVE Request: powerdns does not clear supplementary groups Solar Designer
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb
Re: CVE Request: powerdns does not clear supplementary groups Solar Designer
Re: CVE Request: powerdns does not clear supplementary groups Steve Grubb

Friday, 25 May

CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation Dwayne C. Litzenberger
Re: CVE Request: powerdns does not clear supplementary groups Christos Zoulas
CVE-2011-2906 should have been rejected (kernel non-security issue) Vincent Danen
Re: CVE Request: powerdns does not clear supplementary groups David Black
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried
Re: CVE Request: powerdns does not clear supplementary groups Peter van Dijk
Re: CVE Request: powerdns does not clear supplementary groups Kurt Seifried

Monday, 28 May

Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue Jan Lieskovsky
Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky

Tuesday, 29 May

Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky
linux-distros unsubscriptions Mark J Cox
Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Caolán McNamara
CVE Request: XXE vulnerability in Restlet Nicolas Grégoire
Re: linux-distros unsubscriptions Solar Designer
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations John Haxby
CVE id request: Multiple buffer overflow in unixODBC Felipe Pena
Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations Kurt Seifried
Re: CVE Request: XXE vulnerability in Restlet Kurt Seifried
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried
Re: CVE Request: XXE vulnerability in Restlet Nicolas Grégoire

Wednesday, 30 May

Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger
CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Update of upstream patch links for AST-2012-007 / CVE-2012-2947 advisory needed Jan Lieskovsky
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Re: CVE id request: Multiple buffer overflow in unixODBC Henri Salo
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried
Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Florian Weimer
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
Re: CVE id request: Multiple buffer overflow in unixODBC Felipe Pena
CVE Request for Drupal contributed modules Greg Knaddison

Thursday, 31 May

ScriptFu Server Buffer Overflow in GIMP <= 2.6 Joseph Sheridan
Re: CVE id request: Multiple buffer overflow in unixODBC Tomas Hoger
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
SQL Injection Vulnerability in Ruby on Rails (CVE-2012-2661) Aaron Patterson
Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) Aaron Patterson

Friday, 01 June

Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried

Saturday, 02 June

Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Stefan Behte

Monday, 04 June

CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Jan Lieskovsky
Re: fix to CVE-2009-4307 Xi Wang
Re: CVE Request for Drupal contributed modules Greg Knaddison
Re: CVE Request for Drupal contributed modules Solar Designer
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Kurt Seifried
Re: CVE Request for Drupal contributed modules Greg Knaddison

Tuesday, 05 June

memory allocator upstream patches Xi Wang
Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version Kurt Seifried
BIND: Handling of zero length rdata can cause named to terminate unexpectedly Solar Designer
CVE request: openldap does not honor TLSCipherSuite configuration option Vincent Danen

Wednesday, 06 June

Re: CVE request: openldap does not honor TLSCipherSuite configuration option Kurt Seifried
Re: CVE request: openldap does not honor TLSCipherSuite configuration option Henri Salo
Re: CVE id request: Multiple buffer overflow in unixODBC Kurt Seifried
CVE request: rack-cache caches sensitive headers (Set-Cookie) Matthias Weckbecker
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Jan Lieskovsky
Arbitrary File Upload/Execution in Collabtive Mark Hoopes
CVE-Request: hyper-v daemon Sebastian Krahmer
Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) Kurt Seifried
Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried
Re: Arbitrary File Upload/Execution in Collabtive Kurt Seifried
Re: CVE-Request: hyper-v daemon Kurt Seifried
Re: CVE-Request: hyper-v daemon Kurt Seifried

Thursday, 07 June

Re: CVE-Request: hyper-v daemon Greg KH
CVE request: Mojarra allows deployed web applications to read FacesContext from other applications David Jorm
Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications Kurt Seifried
Some notes on CVE's and group privilege dropping Kurt Seifried
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby
Re: CVE-Request: hyper-v daemon Marcus Meissner
Re: CVE-Request: hyper-v daemon Greg KH
Re: CVE-Request: hyper-v daemon Marcus Meissner
Re: memory allocator upstream patches Jan Lieskovsky
WHMCS 5.0.2> SQLi CVE Request Dex
Re: WHMCS 5.0.2> SQLi CVE Request Dex
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages Kurt Seifried
Re: memory allocator upstream patches Kurt Seifried

Friday, 08 June

Re: CVE request: Piwik before 1.7 Henri Salo
Re: CVE Request -- kernel: tcp: drop SYN+FIN messages John Haxby

Saturday, 09 June

CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 David Hicks
Security vulnerability in MySQL/MariaDB sql/password.c Sergei Golubchik

Monday, 11 June

CVE request -- libguestfs: virt-edit doesn't preserve file permissions Petr Matousek
CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Petr Matousek
Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored Kurt Seifried
Re: Re: WHMCS 5.0.2> SQLi CVE Request Kurt Seifried
Re: CVE request -- libguestfs: virt-edit doesn't preserve file permissions Kurt Seifried
Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 Kurt Seifried

Tuesday, 12 June

Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation Xen . org security team
Xen Security Advisory 8 (CVE-2012-0218) - syscall/enter guest DoS Xen . org security team
Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Xen . org security team
Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694) Aaron Patterson
Ruby on Rails SQL Injection (CVE-2012-2695) Aaron Patterson

Thursday, 14 June

CVE request: XSS in uselang http parameter (mediawiki) Vincent Danen
Re: CVE request: XSS in uselang http parameter (mediawiki) Kurt Seifried
Re: CVE Request for Drupal contributed modules Kurt Seifried
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer

Friday, 15 June

CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Huzaifa Sidhpurwala
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried
CVE-2012-3345: symlink attack in ioquake3 >= r1773, < r2253 Simon McVittie
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Yves-Alexis Perez
Re: CVE Request for Drupal contributed modules Henri Salo
Re: CVE Request for Drupal contributed modules Kurt Seifried
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Giles Coochey
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Stefan Cornelius
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) John Haxby
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried
CVE request: java hashdos vulnerability Hanno Böck

Saturday, 16 June

CVE request: phplist before 2.10.18 XSS and sql injection Hanno Böck

Sunday, 17 June

Re: CVE request: java hashdos vulnerability Kurt Seifried
Re: CVE request: phplist before 2.10.18 XSS and sql injection Kurt Seifried

Monday, 18 June

CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Jan Lieskovsky
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger
Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Kurt Seifried

Tuesday, 19 June

Joomla! Security News 2012-06-19 Henri Salo
Re: Joomla! Security News 2012-06-19 Kurt Seifried
Re: MySQL CVEs Kurt Seifried
Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key Steven M. Christey

Wednesday, 20 June

Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Marcus Meissner

Friday, 22 June

mod_security CVE request Kurt Seifried
Re: mod_security CVE request Kurt Seifried

Sunday, 24 June

CVE request: CSRF in eXtplorer Luciano Bello
CVE request: Full path disclosure in DokuWiki Felipe Pena
Re: Xen Security Advisory 9 (CVE-2012-2934) - PV guest host DoS (AMD erratum #121) Florian Weimer

Monday, 25 June

Re: CVE request: CSRF in eXtplorer Kurt Seifried
Re: CVE request: Full path disclosure in DokuWiki Kurt Seifried
Xen vulnerability disclosure process, recent timeline Solar Designer
CVE Request: viewvc Ludwig Nussel
CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Jan Lieskovsky
Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs Kurt Seifried
Re: CVE Request: viewvc Kurt Seifried
Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff

Tuesday, 26 June

Re: CVE request: CSRF in eXtplorer Luciano Bello
XXE in Zend Nicolas Grégoire
CVE-2012-2639 reject request (duplicate of CVE-2011-4940) Jan Lieskovsky
Re: XXE in Zend Nicolas Grégoire

Wednesday, 27 June

Re: CVE request: CSRF in eXtplorer Kurt Seifried
Re: XXE in Zend Kurt Seifried
CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Jan Lieskovsky
Re: MySQL CVEs (was: Security vulnerability in MySQL/MariaDB sql/password.c) Tomas Hoger
please verify unusual x.509 constraints are handled Tavis Ormandy
Re: please verify unusual x.509 constraints are handled Ludwig Nussel
Re: please verify unusual x.509 constraints are handled Tim
CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried
Re: CVE Request: Kernel [PATCH] NFC: prevent multiple buffer overflows in NCI Kurt Seifried
Re: CVE Request for Drupal contributed modules Steven M. Christey
CVE request: arbitrary code exec in bcfg2 Vincent Danen

Thursday, 28 June

Re: CVE request: arbitrary code exec in bcfg2 Kurt Seifried
PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Pierre Joye
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Matthias Weckbecker
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Johannes Schlüter
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Stuart Henderson
RE: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Zeev Suraski
accountsservice local file disclosure flaw (CVE-2012-2737) Vincent Danen
Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Oden Eriksson
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Kurt Seifried
Re: Re: PHP information disclosure via easter egg ?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 Rasmus Lerdorf

Friday, 29 June

Re: CVE Request -- dtach: Memory portion (random stack data) disclosure to the client by unclean client disconnect Kurt Seifried
Irfanview Plugins JLS Decompression Joseph Sheridan
GIMP FIT File Format DoS Joseph Sheridan
RE: GIMP FIT File Format DoS Morris, Patrick

Saturday, 30 June

Re: RE: GIMP FIT File Format DoS Benji
Previous period Next period
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]