oss-security mailing list

Follow @Openwall on Twitter for new release announcements and other news

[<prev month] [next month>] [year] [list]

oss-security mailing list - 2010/12

Mon	Tue	Wed	Thu	Fri	Sat	Sun
		¹ 3	² 8	³ 6	⁴	⁵ 4
⁶ 14	⁷ 5	⁸ 11	⁹ 15	¹⁰ 3	¹¹ 1	¹²
¹³ 7	¹⁴	¹⁵ 7	¹⁶ 9	¹⁷	¹⁸	¹⁹
²⁰ 5	²¹ 7	²² 9	²³ 7	²⁴ 1	²⁵	²⁶ 4
²⁷ 1	²⁸	²⁹ 1	³⁰ 4	³¹ 7

Messages by day:

December 1 (3 messages)

CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) (Reed Loden <reed@...dloden.com>)
Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) (Mark Stosberg <mark@...mersault.com>)

December 2 (8 messages)

CVE Request -- Wordpress v3.0.2 SQL injection flaw + two minor XSS issues (Jan Lieskovsky <jlieskov@...hat.com>)
CVE request: kernel: failure to revert address limit override in OOPS error path (Dan Rosenberg <dan.j.rosenberg@...il.com>)
kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Nelson Elhage <nelhage@...lice.com>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Dan Rosenberg <dan.j.rosenberg@...il.com>)
CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- Wordpress v3.0.2 SQL injection flaw + two minor XSS issues (Josh Bressers <bressers@...hat.com>)
Re: CVE request: kernel: failure to revert address limit override in OOPS error path (Josh Bressers <bressers@...hat.com>)
Re: CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header (Josh Bressers <bressers@...hat.com>)

December 3 (6 messages)

clamav 0.96.5 released (Thomas Biege <thomas@...e.de>)
CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition (Jan Lieskovsky <jlieskov@...hat.com>)
Re: clamav 0.96.5 released (Hanno Böck <hanno@...eck.de>)
RE: Interesting behavior with struct initiailization (Robert Seacord <rcs@...t.org>)
Re: Interesting behavior with struct initiailization (Geoff Keating <geoffk@...le.com>)
Re: clamav 0.96.5 released (Josh Bressers <bressers@...hat.com>)

December 5 (4 messages)

Re: Interesting behavior with struct initiailization (Bhadrinath <bitstrat@...il.com>)
Re: Interesting behavior with struct initiailization (Bhadrinath <bitstrat@...il.com>)
Re: Re: Interesting behavior with struct initiailization (Dan Rosenberg <dan.j.rosenberg@...il.com>)
Re: Interesting behavior with struct initiailization (Bhadrinath <bitstrat@...il.com>)

December 6 (14 messages)

CVE request: vanilla forums before 2.0.10, xss (Hanno Böck <hanno@...eck.de>)
Re: CVE request: mybb before 1.4.11 and before 1.4.12 (Hanno Böck <hanno@...eck.de>)
CVE request: kernel: igb panics when receiving tag vlan packet (Eugene Teo <eugene@...hat.com>)
CVE request: openx unknown vulnerability before 2.8.7 (Hanno Böck <hanno@...eck.de>)
Re: CVE request: openx unknown vulnerability before 2.8.7 (Anthon Pang <anthon.pang@...il.com>)
CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Vincent Danen <vdanen@...hat.com>)
Re: Can I request a cve for pfsense regarding --> "pfSense "graph.php" Cross-Site Scripting Vulnerabilities" ("Steven M. Christey" <coley@...us.mitre.org>)
Re: CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition (Josh Bressers <bressers@...hat.com>)
Re: CVE request: kernel: igb panics when receiving tag vlan packet (Josh Bressers <bressers@...hat.com>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) ("Steven M. Christey" <coley@...us.mitre.org>)
Re: CVE request: vanilla forums before 2.0.10, xss (Josh Bressers <bressers@...hat.com>)
Re: CVE request: openx unknown vulnerability before 2.8.7 (Josh Bressers <bressers@...hat.com>)
Re: CVE request: vanilla forums before 2.0.10, xss ("Steven M. Christey" <coley@...us.mitre.org>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Vincent Danen <vdanen@...hat.com>)

December 7 (5 messages)

CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo (Raphael Geissert <geissert@...ian.org>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Tomas Hoger <thoger@...hat.com>)
Re: CVE request: vanilla forums before 2.0.10, xss (Josh Bressers <bressers@...hat.com>)
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo (Josh Bressers <bressers@...hat.com>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Maksymilian Arciemowicz <cxib@...urityreason.com>)

December 8 (11 messages)

CVE request: libvirt when compiled with openvz support has a potential security hole (Vincent Danen <vdanen@...hat.com>)
Re: CVE request: libvirt when compiled with openvz support has a potential security hole (Eugene Teo <eugene@...hat.com>)
CVE request: kernel: bfa driver sysfs crash (Eugene Teo <eugene@...hat.com>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Solar Designer <solar@...nwall.com>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Solar Designer <solar@...nwall.com>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Pierre Joye <pierre.php@...il.com>)
Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Tomas Hoger <thoger@...hat.com>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Maksymilian Arciemowicz <cxib@...urityreason.com>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Nelson Elhage <nelhage@...lice.com>)
Re: Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Tomas Hoger <thoger@...hat.com>)
Re: CVE request: libvirt when compiled with openvz support has a potential security hole (Vincent Danen <vdanen@...hat.com>)

December 9 (15 messages)

CVE request: kernel: NULL pointer dereference in AF_ECONET (Nelson Elhage <nelhage@...lice.com>)
Re: CVE request: kernel: NULL pointer dereference in AF_ECONET (Eugene Teo <eugene@...hat.com>)
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo (Ludwig Nussel <ludwig.nussel@...e.de>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Solar Designer <solar@...nwall.com>)
Re: Re: NULL byte poisoning fix in php 5.3.4+ (Pierre Joye <pierre.php@...il.com>)
Re: Re: NULL byte poisoning fix in php 5.3.4+ (Pierre Joye <pierre.php@...il.com>)
Re: CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) (Tomas Hoger <thoger@...hat.com>)
Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo ("Steven M. Christey" <coley@...us.mitre.org>)
Re: Re: NULL byte poisoning fix in php 5.3.4+ ("Steven M. Christey" <coley@...us.mitre.org>)
Re: Re: NULL byte poisoning fix in php 5.3.4+ (Pierre Joye <pierre.php@...il.com>)
Re: Re: NULL byte poisoning fix in php 5.3.4+ ("Steven M. Christey" <coley@...us.mitre.org>)
[taviso@...xchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.] (Tavis Ormandy <taviso@...xchg8b.com>)
Re: [taviso@...xchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.] (Solar Designer <solar@...nwall.com>)
Re: kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses (Solar Designer <solar@...nwall.com>)
Re: CVE request: kernel: bfa driver sysfs crash (Josh Bressers <bressers@...hat.com>)

December 10 (3 messages)

Exim remote root (Mark J Cox <mjc@...hat.com>)
Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check (Petr Matousek <pmatouse@...hat.com>)
Re: Subject: CVE request: kernel: install_special_mapping skips security_file_mmap check (Josh Bressers <bressers@...hat.com>)

December 11 (1 message)

Re: Clarifications on the D-Bus specification ("Rémi Denis-Courmont" <remi@...lab.net>)

December 13 (7 messages)

Re: Clarifications on the D-Bus specification (Havoc Pennington <hp@...ox.com>)
Exim security issue in historical release (nigel@...m.org)
Issues without CVE names in PHP 5.3.4/5.2.15 release (Vincent Danen <vdanen@...hat.com>)
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release (Pierre Joye <pierre.php@...il.com>)
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release (Vincent Danen <vdanen@...hat.com>)
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release (Pierre Joye <pierre.php@...il.com>)
Re: Issues without CVE names in PHP 5.3.4/5.2.15 release (Raphael Geissert <geissert@...ian.org>)

December 15 (7 messages)

Breaking the links: Exploiting the linker (Tim Brown <timb@...-dimension.org.uk>)
Re: Breaking the links: Exploiting the linker (Tomas Hoger <thoger@...hat.com>)
CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method (Marcus Meissner <meissner@...e.de>)
CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (David Hicks <hickseydr@...usnet.com.au>)
CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability (David Hicks <hickseydr@...usnet.com.au>)
Re: Breaking the links: Exploiting the linker (Justin Ossevoort <justin@...ernetionals.nl>)
Re: CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method (Eugene Teo <eugeneteo@...nel.org>)

December 16 (9 messages)

Re: CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability (Josh Bressers <bressers@...hat.com>)
Re: CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability (Josh Bressers <bressers@...hat.com>)
CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants (Jan Lieskovsky <jlieskov@...hat.com>)
Re: Re: CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) (Ludwig Nussel <ludwig.nussel@...e.de>)
Re: Breaking the links: Exploiting the linker (Ralf Wildenhues <Ralf.Wildenhues@....de>)
Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants (Josh Bressers <bressers@...hat.com>)
CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12 (Hanno Böck <hanno@...eck.de>)
Re: Breaking the links: Exploiting the linker (Tim Brown <timb@...-dimension.org.uk>)
Re: Re: Breaking the links: Exploiting the linker (Tim Brown <timb@...-dimension.org.uk>)

December 20 (5 messages)

CVE Request: MyBB XSS bugs (Ulrik Persson <ddefrostt@...il.com>)
CVE request: kernel: CAN information leak, 2nd attempt (Petr Matousek <pmatouse@...hat.com>)
Re: CVE request: kernel: CAN information leak, 2nd attempt (Dan Rosenberg <dan.j.rosenberg@...il.com>)
Re: CVE request: kernel: CAN information leak, 2nd attempt (Petr Matousek <pmatouse@...hat.com>)
Re: CVE request: kernel: CAN information leak, 2nd attempt (Dan Rosenberg <dan.j.rosenberg@...il.com>)

December 21 (7 messages)

Re: CVE request: kernel: CAN information leak, 2nd attempt ("Steven M. Christey" <coley@...-smtp.mitre.org>)
CVE request: opensc buffer overflow (Ludwig Nussel <ludwig.nussel@...e.de>)
Re: Re: CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants (Jan Lieskovsky <jlieskov@...hat.com>)
CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE request: opensc buffer overflow (Jamie Strandboge <jamie@...onical.com>)
FYI -- Tor v0.2.1.28 addressing CVE-2010-1676 -- remotely exploitable heap-based buffer overflow (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Earl Hood <earl@...lhood.com>)

December 22 (9 messages)

Re: CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12 (Josh Bressers <bressers@...hat.com>)
Re: CVE Request: MyBB XSS bugs (Josh Bressers <bressers@...hat.com>)
Re: CVE request: opensc buffer overflow (Josh Bressers <bressers@...hat.com>)
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Josh Bressers <bressers@...hat.com>)
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Raphael Geissert <geissert@...ian.org>)
Re: Breaking the links: Exploiting the linker (Jamie Nguyen <dyscoria@...il.com>)
CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decode… (Jan Lieskovsky <jlieskov@...hat.com>)
Re: Re: Breaking the links: Exploiting the linker (Tim Brown <tmb@...35.com>)
Re: Breaking the links: Exploiting the linker (Jamie Nguyen <dyscoria@...il.com>)

December 23 (7 messages)

CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES (Eugene Teo <eugene@...hat.com>)
CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol (dave b <db.pub.mail@...il.com>)
CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol (John Goerzen <jgoerzen@...plete.org>)
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol (Nicolas Sebrecht <nicolas.s-dev@...oste.net>)
Re: CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol (Johannes Stezenbach <js@...21.net>)

December 24 (1 message)

IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe (Moritz Muehlenhoff <jmm@...ian.org>)

December 26 (4 messages)

CVE-2010-2094: PECL's phar code is vulnerable too (Eygene Ryabinkin <rea-sec@...elabs.ru>)
Re: CVE-2010-2094: PECL's phar code is vulnerable too (Felipe Pena <felipensp@...il.com>)
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too (Eygene Ryabinkin <rea-sec@...elabs.ru>)
Re: Re: CVE-2010-2094: PECL's phar code is vulnerable too (Felipe Pena <felipensp@...il.com>)

December 27 (1 message)

CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a sh… (Jan Lieskovsky <jlieskov@...hat.com>)

December 29 (1 message)

Re: IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe (Tomas Hoger <thoger@...hat.com>)

December 30 (4 messages)

CVE request: wordpress before 3.0.4 XSS (Hanno Böck <hanno@...eck.de>)
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Jeff Breidenbach <jeff@....org>)
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) (Earl Hood <earl@...lhood.com>)
Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication (Earl Hood <earl@...lhood.com>)

December 31 (7 messages)

CVE request: kernel: buffer overflow in OSS load_mixer_volumes (Dan Rosenberg <dan.j.rosenberg@...il.com>)
CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability (Anthon Pang <anthon.pang@...il.com>)
CVE Request: CrawlTrack < 3.2.7 - remote php code execution (Anthon Pang <anthon.pang@...il.com>)
Re: CVE request: kernel: buffer overflow in OSS load_mixer_volumes (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
Re: CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receivi… (Huzaifa Sidhpurwala <huzaifas@...hat.co…)
Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability (Anthon Pang <anthon.pang@...il.com>)
CVE Request: Wireshark (Ulrik Persson <ddefrostt@...il.com>)

139 messages

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.