oss-security mailing list - 2012/04

Follow @Openwall on Twitter for new release announcements and other news

[<prev month] [next month>] [year] [list]

oss-security mailing list - 2012/04

Mon	Tue	Wed	Thu	Fri	Sat	Sun
						¹
² 6	³ 8	⁴ 11	⁵ 3	⁶ 2	⁷ 3	⁸ 3
⁹ 6	¹⁰ 16	¹¹ 6	¹² 12	¹³ 7	¹⁴	¹⁵ 4
¹⁶ 10	¹⁷ 6	¹⁸ 11	¹⁹ 19	²⁰ 25	²¹ 1	²² 4
²³ 5	²⁴ 15	²⁵ 8	²⁶ 4	²⁷ 8	²⁸ 3	²⁹ 3
³⁰ 7

Messages by day:

April 2 (6 messages)

CVE request: OSClass directory traversal vulnerability (Filippo Cavallarin <filippo.cavallarin@...seq.it>)
CVEs assigned for Movable Type 4.36 and 5.05 security updates (Henri Salo <henri@...v.fi>)
Re: CVE request: OSClass directory traversal vulnerability (Kurt Seifried <kseifried@...hat.com>)
Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters ("Kevin Grittner" <Kevin.Grittner@...our…)
Re: CVE request: OSClass directory traversal vulnerability (Filippo Cavallarin <filippo.cavallarin@...seq.it>)
Re: CVE request: OSClass directory traversal vulnerability (Kurt Seifried <kseifried@...hat.com>)

April 3 (8 messages)

Re: CVE request: OSClass directory traversal vulnerability (Henri Salo <henri@...v.fi>)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 (Henri Salo <henri@...v.fi>)
CVE-request: Joomla 2012-04 398-20120307 399-20120308 (Henri Salo <henri@...v.fi>)
Fw: [vs] RPM issues (Tomas Hoger <thoger@...hat.com>)
Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 (Kurt Seifried <kseifried@...hat.com>)
fix to CVE-2009-4307 (akuster <akuster@...sta.com>)
CVE request: privilege escalation in sectool (Vincent Danen <vdanen@...hat.com>)

April 4 (11 messages)

Re: fix to CVE-2009-4307 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: privilege escalation in sectool (Kurt Seifried <kseifried@...hat.com>)
Re: fix to CVE-2009-4307 (Xi Wang <xi.wang@...il.com>)
Re: Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1 (Ludwig Nussel <ludwig.nussel@...e.de>)
Re: Re: [JDBC] CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement paramet… (Steffen Dettmer <steffen.dettmer@...gle…)
CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259 (Stefan Cornelius <scorneli@...hat.com>)
Re: CVE request: OSClass directory traversal vulnerability (Kurt Seifried <kseifried@...hat.com>)
Re: fix to CVE-2009-4307 (akuster <akuster@...sta.com>)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (Kurt Seifried <kseifried@...hat.com>)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (Kurt Seifried <kseifried@...hat.com>)
Re: CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters (Tom Lane <tgl@...hat.com>)

April 5 (3 messages)

expat hash collision fix too predictable? (Marcus Meissner <meissner@...e.de>)
Re: expat hash collision fix too predictable? (Andreas Ericsson <ae@....se>)
Re: expat hash collision fix too predictable? (Kurt Seifried <kseifried@...hat.com>)

April 6 (2 messages)

CVE Request: slock-0.9 displays modal box after locking (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: slock-0.9 displays modal box after locking (Kurt Seifried <kseifried@...hat.com>)

April 7 (3 messages)

CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Kurt Seifried <kseifried@...hat.com>)
libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1… (Solar Designer <solar@...nwall.com>)
Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-… (Moritz Muehlenhoff <jmm@...ian.org>)

April 8 (3 messages)

CVE request: gajim - code execution and sql injection (David Black <disclosure@....org>)
Re: CVE request: gajim - code execution and sql injection (Kurt Seifried <kseifried@...hat.com>)
CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface (Kurt Seifried <kseifried@...hat.com>)

April 9 (6 messages)

Re: CVE request: gajim - code execution and sql injection (Carlos Alberto Lopez Perez <clopez@...lia.com>)
Re: CVE request: gajim - code execution and sql injection (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: gajim - code execution and sql injection (Yves-Alexis Perez <corsac@...ian.org>)
Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ("ISPConfig.org - Till Brehm" <t.brehm@...config.or…)
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface (Kurt Seifried <kseifried@...hat.com>)
Dispute Taggator Plugin for WordPress taggator.php tagid Parameter SQL Injection (Henri Salo <henri@...v.fi>)

April 10 (16 messages)

CVE id request for imagemagick, libpng and tiff (Nico Golde <oss-security+ml@...lde.de>)
CVE id request for links2 (Nico Golde <oss-security+ml@...lde.de>)
Re: CVE id request for imagemagick, libpng and tiff (Kurt Seifried <kseifried@...hat.com>)
Re: CVE id request for imagemagick, libpng and tiff (Nico Golde <oss-security+ml@...lde.de>)
Re: CVE id request for imagemagick, libpng and tiff (Kurt Seifried <kseifried@...hat.com>)
gajim insecure file creation when using latex (Nico Golde <oss-security+ml@...lde.de>)
Re: CVE id request for links2 (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
CVE Request: cobbler (Ubuntu-specific) (Marc Deslauriers <marc.deslauriers@...onical.com>)
CVE Request: FlightGear and Simgear Multiple vulnerabilities (Andres Gomez <agomez@...idsignal.com>)
Re: Re: CVE for ISPConfig 3.0.4.3 "Add new Webdav user" can chmod and chown entire server from client interface ("ISPConfig.org - Till Brehm" <t.brehm@...confi…)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Greg Knaddison <greg.knaddison@...uia.com>)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: cobbler (Ubuntu-specific) (Kurt Seifried <kseifried@...hat.com>)
Re: gajim insecure file creation when using latex (Kurt Seifried <kseifried@...hat.com>)
Re: CVE id request for links2 (Kurt Seifried <kseifried@...hat.com>)

April 11 (6 messages)

Re: fix to CVE-2009-4307 (Petr Matousek <pmatouse@...hat.com>)
CVE id request: wicd (Nico Golde <oss-security+ml@...lde.de>)
Re: CVE id request: wicd (Kurt Seifried <kseifried@...hat.com>)
CVE Request for Drupal Contributed Advisories on 2012-04-11 (Greg Knaddison <greg.knaddison@...uia.com>)
Re: fix to CVE-2009-4307 (Xi Wang <xi.wang@...il.com>)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Greg Knaddison <greg.knaddison@...uia.com>)

April 12 (12 messages)

Re: CVE id request for links2 (Nico Golde <oss-security+ml@...lde.de>)
Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Kurt Seifried <kseifried@...hat.com>)
Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) (Greg Knaddison <greg.knaddison@...uia.com>)
CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 (Henri Salo <henri@...v.fi>)
CVE request: cobbler lack of csrf protection, code execution (David Black <disclosure@....org>)
Re: CVE request: cobbler lack of csrf protection, code execution (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE request: cobbler lack of csrf protection, code execution (David Black <disclosure@....org>)
nginx security advisory: mp4 module vulnerability, CVE-2012-2089 (Andrew Alexeev <andrew@...nx.com>)
Re: CVE request: cobbler lack of csrf protection, code execution (Kurt Seifried <kseifried@...hat.com>)
Re: fix to CVE-2009-4307 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 (Kurt Seifried <kseifried@...hat.com>)

April 13 (7 messages)

CVE Request: Heap corruption in openjpeg (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 (Henri Salo <henri@...v.fi>)
Re: CVE Request: Heap corruption in openjpeg (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: Heap corruption in openjpeg (Kurt Seifried <kseifried@...hat.com>)
CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE (Stefan Cornelius <scorneli@...hat.com>)
Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE (Kurt Seifried <kseifried@...hat.com>)

April 15 (4 messages)

Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 (Henri Salo <henri@...v.fi>)
CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 (Henri Salo <henri@...v.fi>)
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities (YGN Ethical Hacker Group <lists@...g.net>)
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities (YGN Ethical Hacker Group <lists@...g.net>)

April 16 (10 messages)

CVE Requests: Multiple security flaws in csound5 (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
Re: CVE id request: wicd (Sebastian Krahmer <krahmer@...e.de>)
CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS (Henri Salo <henri@...v.fi>)
CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi (Henri Salo <henri@...v.fi>)
CVE Request (minor) -- Two Munin graphing framework flaws (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request (minor) -- Two Munin graphing framework flaws (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Requests: Multiple security flaws in csound5 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 (Kurt Seifried <kseifried@...hat.com>)

April 17 (6 messages)

CVE-request: OpenEMR 4.1.0 SQL-injection (Henri Salo <henri@...v.fi>)
Re: CVE Request (minor) -- Two Munin graphing framework flaws (Helmut Grohne <helmut@...divi.de>)
Re: CVE-request: WordPress 3.1.1 (Henri Salo <henri@...v.fi>)
Re: CVE-request: WordPress 3.1.1 (Henri Salo <henri@...v.fi>)
CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core (Henri Salo <henri@...v.fi>)
Acuity CMS 2.6.x <= Cross Site Scripting (YGN Ethical Hacker Group <lists@...g.net>)

April 18 (11 messages)

Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request (minor) -- Two Munin graphing framework flaws (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: WordPress 3.1.1 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request (minor) -- Two Munin graphing framework flaws (Helmut Grohne <helmut@...divi.de>)
Stack-based buffer overflow in musl libc 0.8.7 and earlier (Rich Felker <dalias@...ifal.cx>)
Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: OpenEMR 4.1.0 SQL-injection (Kurt Seifried <kseifried@...hat.com>)
CVE request: Xorg input device format string flaw (Kees Cook <keescook@...omium.org>)
Re: CVE request: Xorg input device format string flaw (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: Xorg input device format string flaw (Kees Cook <keescook@...omium.org>)
CVE Request for Drupal Contributed Advisories on 2012-04-18 (Greg Knaddison <greg.knaddison@...uia.com>)

April 19 (19 messages)

Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: Xorg input device format string flaw (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request (minor) -- Two Munin graphing framework flaws (Kurt Seifried <kseifried@...hat.com>)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws (Kenyon Ralph <kenyon@...yonralph.com>)
Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws (Holger Levsen <holger@...er-acht.org>)
Re: CVE-request: WordPress 3.1.1 (Henri Salo <henri@...v.fi>)
Re: CVE Requests: Multiple security flaws in csound5 (john ffitch <jpff@...emist.co.uk>)
CVE request -- kernel: kvm: device assignment page leak (Petr Matousek <pmatouse@...hat.com>)
CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer (Jan Lieskovsky <jlieskov@...hat.com>)
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer (Caolán McNamara <caolanm@...hat.com>)
Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer (Miklos Vajna <vmiklos@...e.cz>)
CVE request: latex2man / texlive (Matthias Weckbecker <mweckbecker@...e.de>)
CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages (Petr Matousek <pmatouse@...hat.com>)
Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: latex2man / texlive (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request -- kernel: kvm: device assignment page leak (Kurt Seifried <kseifried@...hat.com>)
Re: CVE-request: WordPress 3.1.1 (Kurt Seifried <kseifried@...hat.com>)
Re: Re: [Officesecurity] CVE Request (minor) -- LibreOffice (X >= v3.5.0): DoS (excessive CPU use) in the RTF tokenizer (Moritz Muehlenhoff <jmm@...ian.org>)
CVE request: pid namespace leak in kernel 3.0 and 3.1 (Marcus Meissner <meissner@...e.de>)

April 20 (25 messages)

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Eugene Teo <eugeneteo@...nel.sg>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (ebiederm@...ssion.com (Eric W. Biederman))
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Eugene Teo <eugeneteo@...nel.sg>)
CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used (Eugene Teo <eugene@...hat.com>)
Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Pavel Emelyanov <xemul@...allels.com>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 ("Eric W. Biederman" <ebiederm@...ssion.com>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Marcus Meissner <meissner@...e.de>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Andrew Morton <akpm@...ux-foundation.org>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (ebiederm@...ssion.com (Eric W. Biederman))
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (ebiederm@...ssion.com (Eric W. Biederman))
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Marcus Meissner <meissner@...e.de>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (ebiederm@...ssion.com (Eric W. Biederman))
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (ebiederm@...ssion.com (Eric W. Biederman))
OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Solar Designer <solar@...nwall.com>)
Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Marcus Meissner <meissner@...e.de>)
R: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 ("pinto.elia@...il.com" <pinto.elia@...il.com>)
R: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 ("pinto.elia@...il.com" <pinto.elia@...il.com>)
R: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 ("pinto.elia@...il.com" <pinto.elia@...il.com>)
R: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 ("pinto.elia@...il.com" <pinto.elia@...il.com>)
CVE-2012-2124 assignment notification: squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103 (Stefan Cornelius <scorneli@...hat.com>)
CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version (Kurt Seifried <kseifried@...hat.com>)
Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Kurt Seifried <kseifried@...hat.com>)

April 21 (1 message)

Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Pavel Emelyanov <xemul@...allels.com>)

April 22 (4 messages)

Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 (Marcus Meissner <meissner@...e.de>)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Solar Designer <solar@...nwall.com>)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Solar Designer <solar@...nwall.com>)
CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data (Jan Lieskovsky <jlieskov@...hat.com>)

April 23 (5 messages)

Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data (Kurt Seifried <kseifried@...hat.com>)
Security vulnerabilities fixed in WordPress 3.3.2 (Henri Salo <henri@...v.fi>)
Re: Security vulnerabilities fixed in WordPress 3.3.2 (cve-assign@...re.org)
Re: Re: Security vulnerabilities fixed in WordPress 3.3.2 (Kurt Seifried <kseifried@...hat.com>)
Asterisk AST-2012-004 AST-2012-005 AST-2012-006 (cve-assign@...re.org)

April 24 (15 messages)

Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Tomas Hoger <thoger@...hat.com>)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and thei… (Florian Weimer <fw@...eb.enyo.de>)
CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification (Ludwig Nussel <ludwig.nussel@...e.de>)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and th… (Sebastian Krahmer <krahmer@...e.de>)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and thei… (Florian Weimer <fw@...eb.enyo.de>)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and th… (Sebastian Krahmer <krahmer@...e.de>)
Re: CVE Request -- libgssapi, libgssglue -- Ability to load untrusted configuration file, when loading GSS mechanisms and thei… (Florian Weimer <fw@...eb.enyo.de>)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Tavis Ormandy <taviso@...xchg8b.com>)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Tavis Ormandy <taviso@...xchg8b.com>)
CVE Request: use after free bug in "quota" handling in hugetlb code (Marcus Meissner <meissner@...e.de>)
Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) (Solar Designer <solar@...nwall.com>)
Re: CVE Request: use after free bug in "quota" handling in hugetlb code (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification (Kurt Seifried <kseifried@...hat.com>)
CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- bind-dyndb-ldap: Bind DoS (named hang) by processing DNS query for zone served by bind-dyndb-ldap (Kurt Seifried <kseifried@...hat.com>)

April 25 (8 messages)

CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Kurt Seifried <kseifried@...hat.com>)
CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Henri Salo <henri@...v.fi>)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Florian Weimer <fw@...eb.enyo.de>)
CERT Linux Triage Tools 1.0 Released INFO#208126 ("CERT(R) Coordination Center" <cert@...t.org>)
Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated (Henri Salo <henri@...v.fi>)
CVE request: two flaws fixed in rubygem-mail 2.4.4 (Vincent Danen <vdanen@...hat.com>)

April 26 (4 messages)

Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 (Kurt Seifried <kseifried@...hat.com>)
CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) (Jan Lieskovsky <jlieskov@...hat.com>)
Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) (Kurt Seifried <kseifried@...hat.com>)
CVE Request: programming error in crypt(3) (Xin Li <delphij@...phij.net>)

April 27 (8 messages)

Re: CVE Request: programming error in crypt(3) (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: programming error in crypt(3) (Eitan Adler <lists@...anadler.com>)
Re: CVE Request: programming error in crypt(3) (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: programming error in crypt(3) (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: programming error in crypt(3) (Xin Li <delphij@...phij.net>)
Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) (Henri Salo <henri@...v.fi>)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws (Steve Schnepp <steve.schnepp@...il.com>)
weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) (Vincent Danen <vdanen@...hat.com>)

April 28 (3 messages)

CVE request: webcalendar before 1.2.5 XSS (Hanno Böck <hanno@...eck.de>)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) (Florian Weimer <fw@...eb.enyo.de>)
Re: CVE request: webcalendar before 1.2.5 XSS (Henri Salo <henri@...v.fi>)

April 29 (3 messages)

Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) (Kurt Seifried <kseifried@...hat.com>)
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws (Kurt Seifried <kseifried@...hat.com>)
Page disclosure/cve updated in wiki (Henri Salo <henri@...v.fi>)

April 30 (7 messages)

CVE-request: SilverStripe before 2.4.4 (Henri Salo <henri@...v.fi>)
Re: CVE request: webcalendar before 1.2.5 XSS (Henri Salo <henri@...v.fi>)
Re: CVE-request: SilverStripe before 2.4.4 (Kurt Seifried <kseifried@...hat.com>)
CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS (Hanno Böck <hanno@...eck.de>)
Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) (Vincent Danen <vdanen@...hat.com>)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification (Vincent Danen <vdanen@...hat.com>)
Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification (Marc Deslauriers <marc.deslauriers@...onical.com>)

216 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.