Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2010/10

Messages by day:

October 1 (12 messages)

• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Tomas Hoger <thoger@...hat.com>)
• Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback (Joachim Fritschi <fritschi@....tu-darmstadt.de>)
• CVE request: freeradius (Vincent Danen <vdanen@...hat.com>)
• Re: CVE request: multiple kernel stack memory disclosures (Dan Rosenberg <dan.j.rosenberg@...il.com>)
• Re: CVE request - phpCAS: prevent symlink attacks, directory traversal and XSS during a proxy callback (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: Horde Gollem <1.1.2 XSS in view.php (Josh Bressers <bressers@...hat.com>)
• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Vincent Danen <vdanen@...hat.com>)
• Re: CVE request: freeradius (Josh Bressers <bressers@...hat.com>)
• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Gerald Combs <gerald@...eshark.org>)
• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Vincent Danen <vdanen@...hat.com>)
• Re: Minor security flaw with pam_xauth (Vincent Danen <vdanen@...hat.com>)
• Re: Small exposure in ocfs2 fast symlinks. (Joel Becker <Joel.Becker@...cle.com>)

• Re: Minor security flaw with pam_xauth ("Dmitry V. Levin" <ldv@...linux.org>)

• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Tomas Hoger <thoger@...hat.com>)
• CVE request: kernel: SCTP memory corruption in HMAC handling (Dan Rosenberg <dan.j.rosenberg@...il.com>)
• CVE request, security issues fixed in MySQL 5.1.51 (Vincent Danen <vdanen@...hat.com>)
• CVE Request: more dovecot ACL issues (Ludwig Nussel <ludwig.nussel@...e.de>)
• Re: Small exposure in ocfs2 fast symlinks. (Josh Bressers <bressers@...hat.com>)
• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: kernel: SCTP memory corruption in HMAC handling (Josh Bressers <bressers@...hat.com>)
• Re: CVE Request: more dovecot ACL issues (Josh Bressers <bressers@...hat.com>)
• Re: CVE request, security issues fixed in MySQL 5.1.51 (Josh Bressers <bressers@...hat.com>)

• Nagios format string issues (Florian Weimer <fw@...eb.enyo.de>)

• Re: Nagios format string issues (Oden Eriksson <oeriksson@...driva.com>)
• Re: Nagios format string issues (Josh Bressers <bressers@...hat.com>)
• Re: Nagios format string issues ("Steven M. Christey" <coley@...us.mitre.org>)
• Re: CVE request: multiple kernel stack memory disclosures ("Steven M. Christey" <coley@...us.mitre.org>)
• Re: Nagios format string issues (Oden Eriksson <oeriksson@...driva.com>)
• Re: CVE request: multiple kernel stack memory disclosures (Dan Rosenberg <dan.j.rosenberg@...il.com>)

• Re: CVE request: multiple kernel stack memory disclosures (Dan Rosenberg <dan.j.rosenberg@...il.com>)
• Re: Nagios format string issues (Tomas Hoger <thoger@...hat.com>)
• Re: CVE request, security issues fixed in MySQL 5.1.51 ("Steven M. Christey" <coley@...us.mitre.org>)

• qpidd SSL connection DoS (CVE-2010-3083) (Vincent Danen <vdanen@...hat.com>)
• CVE Request -- Mercurial --Doesn't verify subject Common Name properly (Jan Lieskovsky <jlieskov@...hat.com>)
• CVE request eoCMS SQL injection vulnerability (Henri Salo <henri@...v.fi>)
• CVE request: joomla before 1.5.21 XSS (Hanno Böck <hanno@...eck.de>)
• CVE request: usebb before 1.0.11 unauthorized access to content (Hanno Böck <hanno@...eck.de>)
• CVE request (2009): vanilla forums before 1.1.8 (Hanno Böck <hanno@...eck.de>)
• CVE request: mybb before 1.4.11 and before 1.4.12 (Hanno Böck <hanno@...eck.de>)
• Fwd: CVE id request: fluxbb < 1.2.22 XSS (Hanno Böck <hanno@...eck.de>)

• CVE request: TYPO3-SA-2010-020 (Moritz Muehlenhoff <jmm@...ian.org>)
• CVE request: Simple Machines Forum Cross-Site Request Forgery (Henri Salo <henri@...v.fi>)
• Re: CVE request eoCMS SQL injection vulnerability (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: joomla before 1.5.21 XSS (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: usebb before 1.0.11 unauthorized access to content (Josh Bressers <bressers@...hat.com>)
• Re: CVE request (2009): vanilla forums before 1.1.8 (Josh Bressers <bressers@...hat.com>)
• Re: CVE Request -- Mercurial --Doesn't verify subject Common Name properly (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: mybb before 1.4.11 and before 1.4.12 (Josh Bressers <bressers@...hat.com>)
• Re: CVE id request: fluxbb < 1.2.22 XSS (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: Simple Machines Forum Cross-Site Request Forgery (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: TYPO3-SA-2010-020 (Josh Bressers <bressers@...hat.com>)

• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Gerald Combs <gerald@...eshark.org>)
• kernel: avoid pgoff overflow in remap_file_pages (Eugene Teo <eugene@...hat.com>)
• Re: kernel: avoid pgoff overflow in remap_file_pages (Thomas Pollet <thomas.pollet@...il.com>)
• Re: Nagios format string issues (Oden Eriksson <oeriksson@...driva.com>)
• Re: CVE requests: Poppler, Quassel, Pyfribidi, Overkill, DocUtils, FireGPG, Wireshark (Vincent Danen <vdanen@...hat.com>)
• Re: kernel: avoid pgoff overflow in remap_file_pages (akiphie <akiphie@...abit.com>)

• CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files (Jan Lieskovsky <jlieskov@...hat.com>)
• CVE request: ettercap GTK (Dan Rosenberg <dan.j.rosenberg@...il.com>)
• CVE request: Apache-AuthenHook perl module (Moritz Muehlenhoff <jmm@...ian.org>)
• Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files (Jan Lieskovsky <jlieskov@...hat.com>)
• Re: CVE Request -- cURL / mingw32-cURL -- Did not strip directory parts separated by backslashes, when downloading files (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: ettercap GTK (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: Apache-AuthenHook perl module (Josh Bressers <bressers@...hat.com>)

• Re: CVE request: ettercap GTK ("Steven M. Christey" <coley@...us.mitre.org>)
• Re: CVE request: ettercap GTK (Dan Rosenberg <dan.j.rosenberg@...il.com>)

• CVE request -- libguestfs: missing disk format specifier when adding a disk (Petr Matousek <pmatouse@...hat.com>)
• Re: CVE request -- libguestfs: missing disk format specifier when adding a disk (Eugene Teo <eugene@...hat.com>)

• CVE request: kernel: setup_arg_pages: diagnose excessive argument size (Eugene Teo <eugene@...hat.com>)
• glibc $ORIGIN problem - CVE-2010-3847 (Marcus Meissner <meissner@...e.de>)
• Re: glibc $ORIGIN problem - CVE-2010-3847 (Robert Święcki <robert@...ecki.net>)

• CVE-2010-1693: OFED openibd startup script uses predictable tmpfile (Mike O'Connor <mjo@...o.mi.org>)
• CVE request: kernel: heap overflow in TIPC (Dan Rosenberg <dan.j.rosenberg@...il.com>)
• Re: glibc $ORIGIN problem - CVE-2010-3847 (Florian Weimer <fw@...eb.enyo.de>)
• Re: CVE request: kernel: setup_arg_pages: diagnose excessive argument size (Josh Bressers <bressers@...hat.com>)
• Re: CVE request: kernel: heap overflow in TIPC (Josh Bressers <bressers@...hat.com>)

• Re: glibc $ORIGIN problem - CVE-2010-3847 (Solar Designer <solar@...nwall.com>)
• Re: Minor security flaw with pam_xauth (Solar Designer <solar@...nwall.com>)
• Re: CVE request: multiple kernel stack memory disclosures ("Steven M. Christey" <coley@...us.mitre.org>)
• CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL (Kees Cook <kees@...ntu.com>)

• Re: CVE request: kernel: heap contents leak from ETHTOOL_GRXCLSRLALL (Eugene Teo <eugene@...hat.com>)
• Re: glibc $ORIGIN problem - CVE-2010-3847 ("Dmitry V. Levin" <ldv@...linux.org>)

• CVE request: kernel: iovec overflow in rds_rdma_pages() (Eugene Teo <eugene@...hat.com>)
• CVE request: moodle 1.9.10 (Ludwig Nussel <ludwig.nussel@...e.de>)

84 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.