oss-sec: by date

• RSS Feed
• About List
• All Lists

Previous period

Next period

128 messages starting Jan 01 26 and ending Jan 27 26
Date index | Thread index | Author index

Thursday, 01 January

Re: Best practices for signature verifcation Simon Josefsson
Re: Re: Best practices for signature verifcation Ali Polatel
Re: Best practices for signature verifcation Clemens Lang

Friday, 02 January

Re: Systemd vsock sshd wish42offcl98
Re: Best practices for signature verifcation Soatok Dreamseeker
Re: Re: Best practices for signature verifcation Peter Gutmann
Re: Re: Best practices for signature verifcation Demi Marie Obenour
Re: Systemd vsock sshd Greg Dahlman
Re: Systemd vsock sshd Carlos Rodriguez-Fernandez

Saturday, 03 January

Re: Re: Best practices for signature verifcation Demi Marie Obenour
Re: Best practices for signature verifcation Demi Marie Obenour

Monday, 05 January

CVE-2025-66518: Apache Kyuubi: Unauthorized directory access due to missing path normalization Akira Ajisaka
Re: Re: Best practices for signature verifcation Peter Gutmann
Re: Many vulnerabilities in GnuPG Stephan Verbücheln
GnuPG ticket T7900 (was: Many vulnerabilities in GnuPG) Werner Koch
Re: Re: Best practices for signature verifcation Valtteri Vuorikoski
Re: Re: Best practices for signature verifcation Jeffrey Walton
CVE-2025-68280: Apache SIS: XML External Entity (XXE) vulnerability Martin Desruisseaux
Re: Best practices for signature verifcation Clemens Lang
Re: Re: Best practices for signature verifcation Morten Linderud
Buffer overflow in /bin/su from UNIX v4 Alan Coopersmith
Re: CVE-2025-68280: Apache SIS: XML External Entity (XXE) vulnerability Sebastian Pipping
Re: Best practices for signature verifcation Demi Marie Obenour
Re: Re: Best practices for signature verifcation Demi Marie Obenour
Multiple vulnerabilities in aiohttp Sam Bull
Re: Buffer overflow in /bin/su from UNIX v4 Peter Gutmann
Re: Re: Best practices for signature verifcation Peter Gutmann

Tuesday, 06 January

Re: Re: Best practices for signature verifcation Taavi Eomäe
Re: [External] : [oss-security] Buffer overflow in /bin/su from UNIX v4 Casper Dik
Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Alan Coopersmith
wget2-2.2.1 released with security fixes Alan Coopersmith
[ADVISORY] curl CVE-2025-13034: No QUIC certificate pinning with GnuTLS Daniel Stenberg
[ADVISORY] curl CVE-2025-14017: broken TLS options for threaded LDAPS Daniel Stenberg
[ADVISORY] curl CVE-2025-14524: bearer token leak on cross-protocol redirect Daniel Stenberg
[ADVISORY] curl CVE-2025-14819: OpenSSL partial chain store policy bypass Daniel Stenberg
[ADVISORY] curl CVE-2025-15079: libssh global knownhost override Daniel Stenberg

Wednesday, 07 January

[ADVISORY] curl CVE-2025-15224: libssh key passphrase bypass without agent set Daniel Stenberg
TLP: Polkit Authentication Bypass in Profiles Daemon in Version 1.9.0 (CVE-2025-67859) Matthias Gerstner
Foomuuri: Lack of Client Authorization and Input Verification allow Control over Firewall Configuration (CVE-2025-67603, CVE-2025-67858) Matthias Gerstner

Thursday, 08 January

CVE-2025-52435: Apache NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller Szymon Janc
CVE-2025-53470: Apache NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver Szymon Janc
CVE-2025-53477: Apache NimBLE: NULL Pointer Dereference in NimBLE host HCI layer Szymon Janc
CVE-2025-62235: Apache NimBLE: Incorrect handling of SMP Security Request could lead to undesirable pairing Szymon Janc
Fwd: libtasn1-4.21.0 released [stable] - fixes CVE-2025-13151 Alan Coopersmith
Re: Systemd vsock sshd Solar Designer
Re: Systemd vsock sshd Greg Dahlman

Friday, 09 January

InputPlumber: Lack of D-Bus Authorization and Input Verification allows UI Input Injection and Denial-of-Service (CVE-2025-66005, CVE-2025-14338) Matthias Gerstner
Net-SNMP snmptrapd vulnerability [CVE-2025-68615] Alan Coopersmith

Saturday, 10 January

The Curious Case of Stack Pivot Detection Ali Polatel
Null Pointer Dereference in HarfBuzz Alan Coopersmith

Sunday, 11 January

CVE-2025-68493: Apache Struts: XXE vulnerability in outdated XWork component Lukasz Lenart
Re: Null Pointer Dereference in HarfBuzz Jacob Bachmeyer

Monday, 12 January

Re: CVE-2025-68493: Apache Struts: XXE vulnerability in outdated XWork component Hanno Böck
Re: Null Pointer Dereference in HarfBuzz Jan Engelhardt
Re: Null Pointer Dereference in HarfBuzz Greg KH
Re: Null Pointer Dereference in HarfBuzz Vincent Lefevre
Re: CVE-2025-68493: Apache Struts: XXE vulnerability in outdated XWork component Loganaden Velvindron
libpng 1.6.54: two heap buffer over-read vulnerabilities fixed: CVE-2026-22695, CVE-2026-22801 Cosmin Truta
Re: Null Pointer Dereference in HarfBuzz Jacob Bachmeyer

Tuesday, 13 January

NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Jan Schaumann
Re: Null Pointer Dereference in HarfBuzz Jacob Bachmeyer
Re: Null Pointer Dereference in HarfBuzz Vincent Lefevre
CVE-2025-66169: Apache Camel: Cypher injection vulnerability in Camel-Neo4j component Andrea Cosentino
Re: NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Alan Coopersmith
Re: NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Jan Schaumann
Re: Null Pointer Dereference in HarfBuzz Jacob Bachmeyer

Thursday, 15 January

[CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Jeremy Stanley
Re: The Curious Case of Stack Pivot Detection Adam Zabrocki
Go 1.25.6 and Go 1.24.12 are released with 6 CVE fixes Alan Coopersmith
Re: Go 1.25.6 and Go 1.24.12 are released with 6 CVE fixes Steffen Nurpmeso
CVE-2025-68438: Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated Ephraim Anierobi
CVE-2025-68675: Apache Airflow: proxy credentials for various providers might leak in task logs Ephraim Anierobi
Re: Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Alan Coopersmith
Re: Re: Best practices for signature verifcation Peter Gutmann
Re: [CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Salvatore Bonaccorso

Friday, 16 January

Re: [CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Jeremy Stanley
CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service Guangming Chen
The GNU C Library security advisories update for 2026-01-16 Siddhesh Poyarekar
The GNU C Library security advisories update for 2026-01-16 (part 2) Carlos O'Donell
Re: NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Michel Lind
Re: NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Jan Schaumann
[OSSA-2026-001] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) errata 1 Jeremy Stanley
Re: Re: Best practices for signature verifcation Jacob Bachmeyer

Saturday, 17 January

CVE-2025-68121: Regression and Incomplete Fix for Go TLS Session Resumption Coia Prant
Re: CVE-2025-68121: Regression and Incomplete Fix for Go TLS Session Resumption Coia Prant
Re: CVE-2025-8110 in Gogs self-hosted git service Chad Dougherty
Re: CVE-2025-8110 in Gogs self-hosted git service Collin Funk
Re: CVE-2025-8110 in Gogs self-hosted git service Michael Orlitzky

Tuesday, 20 January

WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality mohammed gaming 222
GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Simon Josefsson
The GNU C Library security advisories update for 2026-01-20 Carlos O'Donell
CVE-2026-22022: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin Jason Gerlowski
CVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone core-creation requests Jason Gerlowski
Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff
Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Alan Coopersmith
Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Alexander Bochmann

Wednesday, 21 January

Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck
Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Jakub Wilk
ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878) Michał Kępień
Re: WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Soatok Dreamseeker
Vulnerable tmpdir handling in pytest Michael Orlitzky
CVE-2024-31884 Ceph: Incorrect usage of certificate checking via Pybind Sage [They / Them] McTaggart

Thursday, 22 January

Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Christian Fischer
Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Demi Marie Obenour

Friday, 23 January

Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson
Re: Vulnerability management and Open Source: FOSDEM BoF Peter Gutmann
Re: Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson
CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Alan Coopersmith
Re: CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Stuart Henderson
Re: Vulnerability management and Open Source: FOSDEM BoF Brian Behlendorf
CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth
8 CVEs in Cpython announced this week Alan Coopersmith
CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability Jean-Baptiste Onofré

Saturday, 24 January

Re: Vulnerability management and Open Source: FOSDEM BoF Solar Designer

Sunday, 25 January

Re: Vulnerability management and Open Source: FOSDEM BoF Peter Gutmann
Re: Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson

Monday, 26 January

CVE-2016-15057: Apache Continuum: Command injection leading to RCE Arnout Engelen

Tuesday, 27 January

Xen Security Advisory 477 v2 (CVE-2025-58150) - x86: buffer overrun with shadow paging + tracing Xen . org security team
Xen Security Advisory 478 v2 (CVE-2025-58151) - varstored: TOCTOU issues with mapped guest memory Xen . org security team
Xen Security Advisory 479 v2 (CVE-2026-23553) - x86: incomplete IBPB for vCPU isolation Xen . org security team
Agno's PythonTools: Path traversal leads to sensitive information disclosure and potential RCE Ali Raza
OpenSSL Security Advisory Tomas Mraz
Clarification: rbash escape via history built-ins cyber security
OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) Tomas Mraz
GnuPG security release Sam James
Re: GnuPG security release Pedro Sampaio
Re: GnuPG security release Jan Schaumann
Re: GnuPG security release Salvatore Bonaccorso

Previous period

Next period