oss-security mailing list - 2014/03

Follow @Openwall on Twitter for new release announcements and other news

[<prev month] [next month>] [year] [list]

oss-security mailing list - 2014/03

Mon	Tue	Wed	Thu	Fri	Sat	Sun
					¹ 3	²
³ 6	⁴ 24	⁵ 11	⁶ 10	⁷ 7	⁸ 7	⁹ 3
¹⁰ 11	¹¹ 6	¹² 15	¹³ 7	¹⁴ 7	¹⁵	¹⁶
¹⁷ 7	¹⁸ 4	¹⁹ 22	²⁰ 17	²¹ 3	²² 6	²³
²⁴ 9	²⁵ 5	²⁶ 12	²⁷ 6	²⁸ 16	²⁹ 8	³⁰ 5
³¹ 12

Messages by day:

March 1 (3 messages)

CVE request: CMS Made Simple SQL injection fixed in 1.11.10 (Henri Salo <henri@...v.fi>)
Re: CVE requests: MediaWiki 1.22.3, 1.21.6 and 1.19.12 release (cve-assign@...re.org)
Re: CVE request: CMS Made Simple SQL injection fixed in 1.11.10 (cve-assign@...re.org)

March 3 (6 messages)

CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access (Petr Matousek <pmatouse@...hat.com>)
GnuTLS GNUTLS-SA-2014-2 (Tomas Hoger <thoger@...hat.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Tim Brown <tmb@...35.com>)
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability (Damien Regad <dregad@...tisbt.org>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Kurt Seifried <kseifried@...hat.com>)
CVE Request: file: crashes when checking softmagic for some corrupt PE executables (Salvatore Bonaccorso <carnil@...ian.org>)

March 4 (24 messages)

possible CVE requests: perltidy insecure temporary file usage (Murray McAllister <mmcallis@...hat.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (cve-assign@...re.org)
CVE request: konqueror not providing any protection against clickjacking (Hanno Böck <hanno@...eck.de>)
CVE-2014-0100 -- Linux kernel: net: inet frag code race condition leading to user-after-free (Petr Matousek <pmatouse@...hat.com>)
Re: Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
CVE-2014-0101 -- Linux kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk (Petr Matousek <pmatouse@...hat.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (John Haxby <john.haxby@...cle.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (John Haxby <john.haxby@...cle.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
XML entity processing hardening (Florian Weimer <fweimer@...hat.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Hanno Böck <hanno@...eck.de>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (cve-assign@...re.org)
CVE-2013-6800 is a dup of CVE-2013-1418 (Marcus Meissner <meissner@...e.de>)
[OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
Re: CVE request: MantisBT 1.2.13 SQL injection vulnerability (Damien Regad <dregad@...tisbt.org>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Felix Eckhofer <felix@...but.de>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Jann Horn <jann@...jh.net>)
Re: CVE-2013-6800 is a dup of CVE-2013-1418 (cve-assign@...re.org)
CVE-2014-0102 -- Linux kernel: security: keyring cycle detector DoS (Petr Matousek <pmatouse@...hat.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Moritz Naumann <info@...itz-naumann.com>)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Kurt Seifried <kseifried@...hat.com>)
Linux-PAM pam_unix/unix_chkpwd is fail-open (Solar Designer <solar@...nwall.com>)

March 5 (11 messages)

libssh and stunnel PRNG flaws (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
CVE request for two net-snmp remote DoS flaws (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() (Salva Peiró <speiro@....upv.es>)
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open (Daniel Cegiełka <daniel.cegielka@...il.com>)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() (Moritz Muehlenhoff <jmm@...ian.org>)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() (Greg KH <greg@...ah.com>)
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables (cve-assign@...re.org)
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables ("mancha" <mancha1@...h.com>)
Re: CVE request for two net-snmp remote DoS flaws (cve-assign@...re.org)
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables (Salvatore Bonaccorso <carnil@...ian.org>)
Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables (cve-assign@...re.org)

March 6 (10 messages)

CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client (Garth Mollett <gmollett@...hat.com>)
sudo: security policy bypass when env_reset is disabled ("Todd C. Miller" <Todd.Miller@...rtesan.com>)
CVE Request/Clarification - PHP ("mancha" <mancha1@...h.com>)
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables (Remi Collet <remi@...oraproject.org>)
CVE request: net-snmp agentx incorrect handling of multi-object requests DoS (Raphael Geissert <geissert@...ian.org>)
CVE request: cloud-init DNS resolution fix (Florian Weimer <fweimer@...hat.com>)
Re: CVE request: cloud-init DNS resolution fix (cve-assign@...re.org)
Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() (cve-assign@...re.org)
Re: CVE request: konqueror not providing any protection against clickjacking (cve-assign@...re.org)
Re: Re: CVE Request: staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl() (Greg KH <greg@...ah.com>)

March 7 (7 messages)

Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
IMAP STARTTLS sniff tool ("Bob Ezrin" <bezrin@....com>)
Re: IMAP STARTTLS sniff tool (Solar Designer <solar@...nwall.com>)
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS (Raphael Geissert <geissert@...ian.org>)
Re: CVE Request/Clarification - PHP (cve-assign@...re.org)
CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding (Sabrina Dubroca <sd@...asysnail.net>)
Re: CVE Request/Clarification - PHP ("mancha" <mancha1@...h.com>)

March 8 (7 messages)

Re: CVE Request: Linux kernel: IPv6: crash due to router advertisement flooding (cve-assign@...re.org)
Re: CVE request: net-snmp agentx incorrect handling of multi-object requests DoS (cve-assign@...re.org)
Re: Bug#740670: possible CVE requests: perltidy insecure temporary file usage (Don Armstrong <don@...ian.org>)
CVE Request: thermald (Seth Arnold <seth.arnold@...onical.com>)
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open (cve-assign@...re.org)
Re: Linux-PAM pam_unix/unix_chkpwd is fail-open (Solar Designer <solar@...nwall.com>)
CVE request: SQL injection in MODX Revolution before 2.2.13 (Hanno Böck <hanno@...eck.de>)

March 9 (3 messages)

Re: possible CVE requests: perltidy insecure temporary file usage (cve-assign@...re.org)
Re: CVE Request: thermald (cve-assign@...re.org)
Re: CVE request: SQL injection in MODX Revolution before 2.2.13 (cve-assign@...re.org)

March 10 (11 messages)

udisks and udisks2: stack-based buffer overflow when handling long path names (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
Two stack-based issues in freetype [NOT a request] (Raphael Geissert <geissert@...ian.org>)
CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies (Marcus Meissner <meissner@...e.de>)
CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy (Petr Matousek <pmatouse@...hat.com>)
When is broken crypto a vulnerability? (Hanno Böck <hanno@...eck.de>)
Re: When is broken crypto a vulnerability? (Alex Gaynor <alex.gaynor@...il.com>)
CVE request: claws-mail vcalendar plugin stores user/password in cleartext ("Vincent Danen" <vdanen@...hat.com>)
Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem ("Larry W. Cashdollar" <larry0@...com>)
Re: When is broken crypto a vulnerability? (Chris Palmer <snackypants@...il.com>)
Re: When is broken crypto a vulnerability? (cve-assign@...re.org)
Re: When is broken crypto a vulnerability? (Hanno Böck <hanno@...eck.de>)

March 11 (6 messages)

Re: Re: possible CVE requests: perltidy insecure temporary file usage (Murray McAllister <mmcallis@...hat.com>)
Re: Re: When is broken crypto a vulnerability? (Chris Palmer <snackypants@...il.com>)
Re: When is broken crypto a vulnerability? (cve-assign@...re.org)
Re: When is broken crypto a vulnerability? (cve-assign@...re.org)
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy (Chris Palmer <snackypants@...il.com>)
Re: CVE-2014-0131 -- kernel: net: use-after-free during segmentation with zerocopy (Petr Matousek <pmatouse@...hat.com>)

March 12 (15 messages)

Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext (Paul <paul@...ws-mail.org>)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext (Marcus Meissner <meissner@...e.de>)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext (Michael Samuel <mik@...net.net>)
Re: Two stack-based issues in freetype [NOT a request] (cve-assign@...re.org)
Re: Two stack-based issues in freetype [NOT a request] (Raphael Geissert <geissert@...ian.org>)
Re: Remote Command Injection in Arabic Prawn 0.0.1 Ruby Gem (cve-assign@...re.org)
Fw: Re: IMAP STARTTLS sniff tool ("Bob Ezrin" <bezrin@....com>)
Re: Fw: Re: IMAP STARTTLS sniff tool (Solar Designer <solar@...nwall.com>)
lighttpd 1.4.34 SQL injection and path traversal CVE request (Stefan Bühler <stbuehler@...httpd.net>)
Re: IMAP STARTTLS sniff tool (Henri Salo <henri@...v.fi>)
Re: CVE Request for Quick Blind TCP Connection Spoofing with SYN Cookies (cve-assign@...re.org)
Re: lighttpd 1.4.34 SQL injection and path traversal CVE request (cve-assign@...re.org)
Cookie Reuse (Thomas Williams <thomas@...illiams.me.uk>)
CVE-Request - pen issues (Steve Kemp <steve@...ve.org.uk>)
Re: Cookie Reuse (Russ Allbery <eagle@...ie.org>)

March 13 (7 messages)

Re: IMAP STARTTLS sniff tool (Yves-Alexis Perez <corsac@...ian.org>)
Re: Re: CVE Request: file: crashes when checking softmagic for some corrupt PE executables (Stuart Henderson <stu@...cehopper.org>)
CVE request for icinga 1 byte \0 overflows (Marcus Meissner <meissner@...e.de>)
Re: CVE request for icinga 1 byte \0 overflows (cve-assign@...re.org)
Re: CVE-Request - pen issues (cve-assign@...re.org)
Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
Re: Re: CVE request for icinga 1 byte \0 overflows (Agostino Sarubbo <ago@...too.org>)

March 14 (7 messages)

Re: CVE Request?: konqueror - https uses all ciphers, even weak ones (cve-assign@...re.org)
Re: Re: CVE-Request - pen issues (Steve Kemp <steve@...ve.org.uk>)
CVE request, libgd and php's gd (Pierre Joye <pierre.php@...il.com>)
CVE request for a bug in gnu coreutils 8.22 (Qixue Xiao <s2exqx@...il.com>)
Insecure usage of temporary files in GNU Readline (Steve Kemp <steve@...ve.org.uk>)
Re: CVE request, libgd and php's gd (cve-assign@...re.org)
Re: CVE request for a bug in gnu coreutils 8.22 (Marcus Meissner <meissner@...e.de>)

March 17 (7 messages)

Moodle security notifications public (Michael de Raadt <michaeld@...dle.com>)
CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution (Murray McAllister <mmcallis@...hat.com>)
CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c (Marcus Meissner <meissner@...e.de>)
CVE request: flaw in curl's Windows SSL backend (Daniel Stenberg <daniel@...x.se>)
Re: CVE request: flaw in curl's Windows SSL backend (cve-assign@...re.org)
Re: Insecure usage of temporary files in GNU Readline (cve-assign@...re.org)
Re: CVE Request: netfilter: remote memory corruption in nf_conntrack_proto_dccp.c (cve-assign@...re.org)

March 18 (4 messages)

CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration (Petr Matousek <pmatouse@...hat.com>)
Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution (cve-assign@...re.org)
Re: CVE request -- libvirt: unprivileged user can crash libvirtd during spice migration (cve-assign@...re.org)
CVE request for python/zipfile (jmm@...ian.org)

March 19 (22 messages)

[OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
CVE Request: rack-ssl rubygem: XSS in error page (Marcus Meissner <meissner@...e.de>)
Re: CVE request for python/zipfile (cve-assign@...re.org)
Re: [OT] FD mailing list died. Time for new one (Solar Designer <solar@...nwall.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
CVE request for a bug in gnu coreutils 8.22 (Qixue Xiao <s2exqx@...il.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: CVE request for a bug in gnu coreutils 8.22 (Solar Designer <solar@...nwall.com>)
Re: [OT] FD mailing list died. Time for new one (Solar Designer <solar@...nwall.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Dean Pierce <pierce403@...il.com>)
Re: [OT] FD mailing list died. Time for new one (Dean Pierce <pierce403@...il.com>)
TigerVNC 1.3.1 fixes ZRLE decoding bounds checking issue (Tomas Hoger <thoger@...hat.com>)
Re: [OT] FD mailing list died. Time for new one (Solar Designer <solar@...nwall.com>)
Re: [OT] FD mailing list died. Time for new one (Chris Steipp <csteipp@...imedia.org>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (gremlin@...mlin.ru)
Re: CVE Request: rack-ssl rubygem: XSS in error page (cve-assign@...re.org)
Requesting a CVE id for Trojitá, an e-mail client: SSL stripping (Jan Kundrát <jkt@...ska.net>)
Re: [OT] FD mailing list died. Time for new one (Jann Horn <jann@...jh.net>)

March 20 (17 messages)

Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: FD mailing list died. Time for new one (or something better!) (coderman <coderman@...il.com>)
Re: Re: FD mailing list died. Time for new one (or something better!) (Georgi Guninski <guninski@...inski.com>)
Re: Re: FD mailing list died. Time for new one (or something better!) (Simon Ward <simon+oss-sec@...ah.co.uk>)
Re: FD mailing list died. Time for new one (or something better!) (coderman <coderman@...il.com>)
Re: FD mailing list died. Time for new one (or something better!) (coderman <coderman@...il.com>)
Re: Re: FD mailing list died. Time for new one (or something better!) (Georgi Guninski <guninski@...inski.com>)
Re: Re: FD mailing list died. Time for new one (or something better!) (Solar Designer <solar@...nwall.com>)
CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied (Petr Matousek <pmatouse@...hat.com>)
CVE-2013-7339 Linux kernel - rds: prevent dereference of a NULL device (cve-assign@...re.org)
Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping (cve-assign@...re.org)
Re: CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied (cve-assign@...re.org)
Re: Requesting a CVE id for Trojita, an e-mail client: SSL stripping (Jan Kundrát <jkt@...ska.net>)

March 21 (3 messages)

CVE request for vulnerability in OpenStack Nova (Grant Murphy <gmurphy@...hat.com>)
Re: CVE request for vulnerability in OpenStack Nova (cve-assign@...re.org)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)

March 22 (6 messages)

Re: Moodle security notifications public (cve-assign@...re.org)
Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext (cve-assign@...re.org)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: Re: CVE request: claws-mail vcalendar plugin stores user/password in cleartext (Michael Samuel <mik@...net.net>)
CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites (dawgystyle@...hmail.com)
Re: CVE Request - Uhuru Mobile Davfi Multiple Vulnerabilites (cve-assign@...re.org)

March 24 (9 messages)

possible CVE request: smb4k credentials cache leak (Murray McAllister <mmcallis@...hat.com>)
KAuth security issues (Sebastian Krahmer <krahmer@...e.de>)
Over-embargoing (Florian Weimer <fweimer@...hat.com>)
Re: Over-embargoing (Georgi Guninski <guninski@...inski.com>)
pam_timestamp internals (Sebastian Krahmer <krahmer@...e.de>)
Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet (Xen.org security team <security@....org>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet (cve-assign@...re.org)
[oCERT-2014-002] Xalan-Java insufficient secure processing (Andrea Barisani <lcars@...rt.org>)

March 25 (5 messages)

Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible (Xen.org security team <security@....org>)
Re: Xen Security Advisory 89 - HVMOP_set_mem_access is not preemptible (cve-assign@...re.org)
Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet (Ian Campbell <Ian.Campbell@...rix.com>)
T201403525 - Hypercube security Advisory ("Just1n T1mberlake" <hotpackets@...lokitty.com>)
Re: possible CVE request: smb4k credentials cache leak (cve-assign@...re.org)

March 26 (12 messages)

Re: [OT] FD mailing list died. Time for new one (Fyodor <fyodor@...p.org>)
Re: [OT] FD mailing list died. Time for new one (coderman <coderman@...il.com>)
Re: KAuth security issues (Sebastian Krahmer <krahmer@...e.de>)
Re: KAuth security issues (Florian Weimer <fweimer@...hat.com>)
Re: KAuth security issues (Sebastian Krahmer <krahmer@...e.de>)
CVE request: postfixadmin SQL injection vulnerability (Thijs Kinkhorst <thijs@...ian.org>)
CVE request: openssh client does not check SSHFP if server offers certificate (Thijs Kinkhorst <thijs@...ian.org>)
QEMU image format input validation fixes (multiple CVEs) (Stefan Hajnoczi <stefanha@...hat.com>)
Re: CVE request: openssh client does not check SSHFP if server offers certificate (cve-assign@...re.org)
Re: pam_timestamp internals (cve-assign@...re.org)
Re: CVE request: postfixadmin SQL injection vulnerability (cve-assign@...re.org)
[oCERT-2014-003] LibYAML input sanitization errors (Andrea Barisani <lcars@...rt.org>)

March 27 (6 messages)

CVE requests: Zend Framework issues fixed in ZF2014-01 and ZF2014-02 (Murray McAllister <mmcallis@...hat.com>)
Adventure with Stack Smashing Protector (SSP) (Adam Zabrocki <pi3@....com.pl>)
Re: T201403525 - Hypercube security Advisory (cve-assign@...re.org)
[OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
[OSSA 2014-008] Routers can be cross plugged by other tenants (CVE-2014-0056) (Grant Murphy <gmurphy@...hat.com>)
[OSSA 2014-009] Nova host data leak to vm instance in rescue mode (CVE-2014-0134) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)

March 28 (16 messages)

CVE request: MediaWiki 1.22.5 login csrf (Chris Steipp <csteipp@...imedia.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Florent Daigniere <florent.daigniere@...stmatta.com>)
JBoss EJBInvokerServlet/JMXInvokerServlet confusion ("Steven M. Christey" <coley@...re.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Chris Steipp <csteipp@...imedia.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Florent Daigniere <florent.daigniere@...stmatta.com>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Chris Steipp <csteipp@...imedia.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Florent Daigniere <florent.daigniere@...stmatta.com>)
OT What are the delays in delivery of Fyodor's Full Disclosure list? (Georgi Guninski <guninski@...inski.com>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Chris Steipp <csteipp@...imedia.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Florent Daigniere <florent.daigniere@...stmatta.com>)
Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? (Fyodor <fyodor@...p.org>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Chris Steipp <csteipp@...imedia.org>)
Re: Adventure with Stack Smashing Protector (SSP) (Solar Designer <solar@...nwall.com>)
Re: CVE Split: CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS (cve-assign@...re.org)
CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python ("Vincent Danen" <vdanen@...hat.com>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Jann Horn <jann@...jh.net>)

March 29 (8 messages)

Re: OT What are the delays in delivery of Fyodor's Full Disclosure list? (Georgi Guninski <guninski@...inski.com>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Florent Daigniere <florent.daigniere@...stmatta.com>)
Re: CVE request: MediaWiki 1.22.5 login csrf (Jann Horn <jann@...jh.net>)
Re: Adventure with Stack Smashing Protector (SSP) (Georgi Guninski <guninski@...inski.com>)
Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python (Victor Stinner <victor.stinner@...il.com>)
Re: Adventure with Stack Smashing Protector (SSP) (Julien Cristau <jcristau@...ian.org>)
Re: Adventure with Stack Smashing Protector (SSP) (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Solar Designer <solar@...nwall.com>)

March 30 (5 messages)

CVE request: Linux Kernel, two security issues (Agostino Sarubbo <ago@...too.org>)
Re: [OT] FD mailing list died. Time for new one (Georgi Guninski <guninski@...inski.com>)
Re: [OT] FD mailing list died. Time for new one (Solar Designer <solar@...nwall.com>)
Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python (cve-assign@...re.org)
Re: CVE request: Linux Kernel, two security issues (cve-assign@...re.org)

March 31 (12 messages)

Re: JBoss EJBInvokerServlet/JMXInvokerServlet confusion (David Jorm <djorm@...hat.com>)
CVEs, Crypto and "vulnerabilities" (Kurt Seifried <kseifried@...hat.com>)
Re: CVEs, Crypto and "vulnerabilities" (Donald Stufft <donald@...fft.io>)
Re: CVEs, Crypto and "vulnerabilities" (Michael Samuel <mik@...net.net>)
Re: CVEs, Crypto and "vulnerabilities" (Marcus Meissner <meissner@...e.de>)
Re: pam_timestamp internals ("Dmitry V. Levin" <ldv@...linux.org>)
Re: pam_timestamp internals (Sebastian Krahmer <krahmer@...e.de>)
Re: pam_timestamp internals ("Dmitry V. Levin" <ldv@...linux.org>)
Re: pam_timestamp internals (Sebastian Krahmer <krahmer@...e.de>)
CVE-2013-7348 CVE-2014-2678 Linux kernel aio and rds issues (cve-assign@...re.org)
Re: CVEs, Crypto and "vulnerabilities" (Tim <tim-security@...tinelchicken.org>)
GOST 28147-89 gets 512 bit and 1 kbit keys (gremlin@...mlin.ru)

249 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.