Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2014/10

Messages by day:

October 1 (32 messages)

• Re: Healing the bash fork (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Healing the bash fork (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Healing the bash fork (Zach Wikholm <zwikholm@...i.net>)
• Re: Healing the bash fork (Peter Bex <Peter.Bex@...all.nl>)
• Re: Healing the bash fork (Hanno Böck <hanno@...eck.de>)
• Re: Healing the bash fork (Jason Cooper <osssecurity@...edaemon.net>)
• various sddm vulnerabilities (Sebastian Krahmer <krahmer@...e.de>)
• Xen Security Advisory 108 (CVE-2014-7188) - Improper MSR range used for x2APIC emulation (Xen.org security team <security@....org>)
• RE: binary-patching bash ("jihyun.jang" <jihyun.jang@....com>)
• Re: Healing the bash fork (Tomas Hoger <thoger@...hat.com>)
• how to unsubscribe (Re: binary-patching bash) (Solar Designer <solar@...nwall.com>)
• Re: Healing the bash fork ("Stuart D. Gathman" <stuart@...hman.org>)
• Re: Healing the bash fork (Florian Weimer <fweimer@...hat.com>)
• Re: Healing the bash fork (Greg KH <greg@...ah.com>)
• Re: Healing the bash fork (Jason Cooper <osssecurity@...edaemon.net>)
• Re: Healing the bash fork (Greg KH <greg@...ah.com>)
• more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Hanno Böck <hanno@...eck.de>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• CVE Request: linux kernel net_get_random_once bug (Andrew Tappert <andrew@...ewerks.com>)
• Re: Healing the bash fork (Loganaden Velvindron <loganaden@...il.com>)
• Any patch fixe CVE-2014-7186 and CVE-2014-7187 on Bash 3.2‏‏ (Hua Q <hqusa1999@...mail.com>)
• Re: Healing the bash fork (Colin Mahns <goatman93@...il.com>)
• Re: CVE Request: linux kernel net_get_random_once bug (Hannes Frederic Sowa <hannes@...essinduktion.org>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Shawn <citypw@...il.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Shawn <citypw@...il.com>)
• More parser odities ("Kobrin, Eric" <ekobrin@...mai.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Ed Prevost <me@...ardprevost.info>)
• xfs directory hash ordering bug (Hannes Frederic Sowa <hannes@...essinduktion.org>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Zach Wikholm <zwikholm@...i.net>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) ("Henry, Bobby" <Bobby.Henry@...edient.com>)
• Security advisory in Jenkins (Kohsuke Kawaguchi <kk@...suke.org>)

• Re: Security advisory in Jenkins (Solar Designer <solar@...nwall.com>)
• Re: More parser odities ("Kobrin, Eric" <ekobrin@...mai.com>)
• Re: More parser odities (Solar Designer <solar@...nwall.com>)
• Re: More parser odities (Tavis Ormandy <taviso@...gle.com>)
• Re: More parser odities (Solar Designer <solar@...nwall.com>)
• Re: Security advisory in Jenkins (Bryan Drewery <bdrewery@...eBSD.org>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• Re: More parser odities (Chet Ramey <chet.ramey@...e.edu>)
• Re: Security advisory in Jenkins (Solar Designer <solar@...nwall.com>)
• Re: Security advisory in Jenkins (Solar Designer <solar@...nwall.com>)
• Re: More parser odities (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Shawn <citypw@...il.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Shawn <citypw@...il.com>)
• Re: xfs directory hash ordering bug / Linux kernel (cve-assign@...re.org)
• Re: CVE Request: linux kernel net_get_random_once bug (cve-assign@...re.org)
• Re: More parser odities (Solar Designer <solar@...nwall.com>)
• Re: More parser odities (Solar Designer <solar@...nwall.com>)
• CVE-2014-7224 - Android accessibility and accessibilityTraversal vulnerability (cve-assign@...re.org)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Ed Prevost <me@...ardprevost.info>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Ed Prevost <me@...ardprevost.info>)
• Re: More parser odities (Hanno Böck <hanno@...eck.de>)
• CVE request: Remote code execution via XSL extensions in SpagoBI (David Jorm <djorm@...hat.com>)
• Re: CVE request: Remote code execution via XSL extensions in SpagoBI (Kurt Seifried <kseifried@...hat.com>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Solar Designer <solar@...nwall.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Michal Zalewski <lcamtuf@...edump.cx>)
• CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS (Hanno Böck <hanno@...eck.de>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Chet Ramey <chet.ramey@...e.edu>)
• Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Michal Zalewski <lcamtuf@...edump.cx>)
• [OSSA 2014-032] Nova VMware driver still leaks rescued images (CVE-2014-3608) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
• Re: gnome-shell lockscreen bypass with printscreen key (cve-assign@...re.org)
• Re: CVE request: Mediawiki before 1.19.20, 1.22.12, 1.23.5 XSS through CSS (cve-assign@...re.org)
• Re: CVE request: Remote code execution via XSL extensions in SpagoBI (cve-assign@...re.org)
• Re: Re: gnome-shell lockscreen bypass with printscreen key (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: various sddm vulnerabilities (Martin Bříza <mbriza@...hat.com>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) ("Menkhus, Mark (Global Cyber Security SSRT)" <mark.menkhus@...com>)
• Re: Re: gnome-shell lockscreen bypass with printscreen key (Alan Coopersmith <alan.coopersmith@...cle.com>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) ("Menkhus, Mark (Global Cyber Security SSRT)" <mark.menkhus@...com>)
• tm_adopt() vulnerability in TORQUE Resource Manager (Chad Vizino <cvizino@...ptivecomputing.com>)
• Re: tm_adopt() vulnerability in TORQUE Resource Manager (Solar Designer <solar@...nwall.com>)
• Re: Healing the bash fork ("David A. Wheeler" <dwheeler@...eeler.com>)
• [OSSA 2014-033] Cinder-volume host data leak to vm instance (CVE-2014-3641) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)

• sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Sona Sarmadi <sona.sarmadi@...a.com>)
• RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (Solar Designer <solar@...nwall.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) ("Kobrin, Eric" <ekobrin@...mai.com>)
• Re: gnome-shell lockscreen bypass with printscreen key (cve-assign@...re.org)
• Re: Shellshock timeline (Stephane Chazelas <stephane.chazelas@...il.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Stephane Chazelas <stephane.chazelas@...il.com>)
• Re: Shellshock timeline (Stephane Chazelas <stephane.chazelas@...il.com>)
• Re: Security advisory in Jenkins (Kohsuke Kawaguchi <kk@...suke.org>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Eric Blake <eblake@...hat.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) ("Kobrin, Eric" <ekobrin@...mai.com>)
• Re: Shellshock timeline (Eric Blake <eblake@...hat.com>)

• Re: Security advisory in Jenkins (Luca Carettoni <luca.carettoni@...isoft.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Riot <rain.backnet@...il.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Riot <rain.backnet@...il.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Stephane Chazelas <stephane.chazelas@...il.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Hanno Böck <hanno@...eck.de>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Steve Jones <trevd1234@...il.com>)
• Re: Re: gnome-shell lockscreen bypass with printscreen key (Kurt Seifried <kseifried@...hat.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Riot <rain.backnet@...il.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Lance Davis <lancex3@...il.com>)

• Shellshocker - Repository of "Shellshock" Proof of Concept Code (Jose R R <Jose.r.r@...ztli-it.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Michal Zalewski <lcamtuf@...edump.cx>)
• RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Hanno Böck <hanno@...eck.de>)
• RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Jose R R <Jose.r.r@...ztli-it.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Rob Fuller <jd.mubix@...il.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code ("David A. Wheeler" <dwheeler@...eeler.com>)

• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Kurt Seifried <kseifried@...hat.com>)
• Re: vulnerability in rsyslog (Sven Kieske <s.kieske@...twald.de>)
• Re: vulnerability in rsyslog (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: various sddm vulnerabilities (cve-assign@...re.org)
• Re: vulnerability in rsyslog (Sven Kieske <s.kieske@...twald.de>)
• RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: vulnerability in rsyslog (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: sysklogd vulnerability (CVE-2014-3634) (mancha <mancha1@...o.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Jose R R <jose.r.r@...ztli.com>)
• CVE Request(s): Getmail 4 (mancha <mancha1@...o.com>)
• OpenSSL RSA 1024 bits implementation broken? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: vulnerability in rsyslog (Simon McVittie <smcv@...ian.org>)
• Re: vulnerability in rsyslog (Rainer Gerhards <rgerhards@...adiscon.com>)
• Re: vulnerability in rsyslog (John Haxby <john.haxby@...cle.com>)
• Shellshocker - Repository of "Shellshock" Proof of Concept Code (Peter G Spera <spera@...ibm.com>)
• Re: Re: CVE request for vulnerability in OpenStack Cinder, Nova and Trove (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Jeremy Stanley <jeremy@...nstack.org>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Jeremy Stanley <fungi@...goth.org>)
• Re: Shellshock timeline (was: CVE-2014-6271: remote code execution through bash) (Eric Blake <eblake@...hat.com>)
• Re: CVE Request(s): Getmail 4 (cve-assign@...re.org)
• Re: Healing the bash fork (Florian Weimer <fweimer@...hat.com>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Dave Horsfall <dave@...sfall.org>)
• automated phishing email (Mason Loring Bliss <mason@...sses.org>)
• Re: automated phishing email (Hanno Böck <hanno@...eck.de>)
• Re: automated phishing email (Dave Horsfall <dave@...sfall.org>)
• Re: automated phishing email (Mason Loring Bliss <mason@...sses.org>)
• Re: CVE Request(s): Getmail 4 (mancha <mancha1@...o.com>)
• Re: Healing the bash fork ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: OpenSSL RSA 1024 bits implementation broken? (David White <dmwhite823@...il.com>)
• Who named shellshock? ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Who named shellshock? (Jen Savage <savagejen@...il.com>)
• Re: Who named shellshock? (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Who named shellshock? ("Larry W. Cashdollar" <larry0@...com>)
• Re: Who named shellshock? (Ed Prevost <me@...ardprevost.info>)
• CVE-2014-1572 - [SECURITY] The 'realname' parameter is not correctly filtered on user account... (smkr <steve.mckuhr@...il.com>)
• Re: Security advisory in Jenkins (Kohsuke Kawaguchi <kk@...suke.org>)
• Re: OpenSSL RSA 1024 bits implementation broken? (Steve Kemp <steve@...ve.org.uk>)
• Re: Re: Security advisory in Jenkins (Reed Loden <reed@...dloden.com>)
• Re: Who named shellshock? ("Larry W. Cashdollar" <larry0@...com>)
• Re: Re: Security advisory in Jenkins (Kurt Seifried <kseifried@...hat.com>)

• Re: Who named shellshock? ("Henry, Bobby" <Bobby.Henry@...edient.com>)
• Re: Who named shellshock? (Solar Designer <solar@...nwall.com>)
• Re: Who named shellshock? (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Who named shellshock? (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Who named shellshock? (Solar Designer <solar@...nwall.com>)
• Re: Who named shellshock? (Ed Prevost <me@...ardprevost.info>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (mancha <mancha1@...o.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• Re: Who named shellshock? (Florian Weimer <fw@...eb.enyo.de>)
• Re: Who named shellshock? (Florian Weimer <fw@...eb.enyo.de>)
• Re: Who named shellshock? (Solar Designer <solar@...nwall.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (mancha <mancha1@...o.com>)
• Thoughts on Shellshock and beyond (Hanno Böck <hanno@...eck.de>)
• Re: Thoughts on Shellshock and beyond (Loganaden Velvindron <loganaden@...il.com>)
• Re: Thoughts on Shellshock and beyond (Pavel Labushev <pavel.labushev@...box.no>)
• Re: Thoughts on Shellshock and beyond (Hanno Böck <hanno@...eck.de>)
• RE: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Solar Designer <solar@...nwall.com>)
• "New Class of Vulnerability in Perl Web Applications" (Solar Designer <solar@...nwall.com>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond (Loganaden Velvindron <loganaden@...il.com>)
• Re: Thoughts on Shellshock and beyond (Sven Kieske <s.kieske@...twald.de>)
• Re: Thoughts on Shellshock and beyond (Pavel Labushev <pavel.labushev@...box.no>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Florian Weimer <fweimer@...hat.com>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Florian Weimer <fweimer@...hat.com>)
• Re: Thoughts on Shellshock and beyond (John Haxby <john.haxby@...cle.com>)
• Separating code and data ("Mehaffey, John" <John_Mehaffey@...tor.com>)
• Re: CVE Request(s): Getmail 4 (cve-assign@...re.org)
• Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code (Chet Ramey <chet.ramey@...e.edu>)
• Discussion: information leakage from server and client software - CVE/hardening/other? (Kurt Seifried <kseifried@...hat.com>)
• Re: Security advisory in Jenkins (Bryan Drewery <bdrewery@...eBSD.org>)
• Re: Discussion: information leakage from server and client software - CVE/hardening/other? (cve-assign@...re.org)
• Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? (Kurt Seifried <kseifried@...hat.com>)
• CVE request for vulnerability in OpenStack Swift (Jeremy Stanley <jeremy@...nstack.org>)
• Re: Discussion: information leakage from server and client software - CVE/hardening/other? (cve-assign@...re.org)
• Re: Discussion: information leakage from server and client software - CVE/hardening/other? (Kurt Seifried <kseifried@...hat.com>)

• Re: Discussion: information leakage from server and client software - CVE/hardening/other? (cve-assign@...re.org)
• Re: Security advisory in Jenkins (Kohsuke Kawaguchi <kk@...suke.org>)
• Re: Separating code and data ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• CVE request for VDSM denial of service (Wade Mealing <wmealing@...hat.com>)
• Re: CVE request for vulnerability in OpenStack Swift (cve-assign@...re.org)
• openssh on linux rce in sftp-only mode (Hanno Böck <hanno@...eck.de>)
• Re: openssh on linux rce in sftp-only mode (Jann Horn <jann@...jh.net>)
• Re: CVE request for VDSM denial of service (Sven Kieske <s.kieske@...twald.de>)
• Re: Thoughts on Shellshock and beyond (Stephane Chazelas <stephane.chazelas@...il.com>)
• Stéphane Chazelas: How *DID* you find Shellshock? ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Re: Discussion: information leakage from server and client software - CVE/hardening/other? (Rich Felker <dalias@...c.org>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: CVE request for VDSM denial of service (Kurt Seifried <kseifried@...hat.com>)
• Re: Stéphane Chazelas: How *DID* you find Shellshock? ("stephane.chazelas" <stephane.chazelas@...il.com>)
• Re: CVE request for VDSM denial of service / oVirt (cve-assign@...re.org)
• Re: Aftershock (was: Shellshocker - Repository of "Shellshock" Proof of Concept Code) (mancha <mancha1@...o.com>)
• Re: openssh on linux rce in sftp-only mode (Josh Bressers <bressers@...hat.com>)
• CVE-2014-7970: Linux VFS denial of service (Andy Lutomirski <luto@...capital.net>)
• CVE-2014-7975: 0-day umount denial of service (Andy Lutomirski <luto@...capital.net>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond (Tracy Reed <treed@...raviolet.org>)
• Re: openssh on linux rce in sftp-only mode (Jann Horn <jann@...jh.net>)
• Re: openssh on linux rce in sftp-only mode (Josh Bressers <bressers@...hat.com>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: openssh on linux rce in sftp-only mode (Jann Horn <jann@...jh.net>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)

• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (ArkanoiD <ark@...ex.net>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: Thoughts on Shellshock and beyond (Stephane Chazelas <stephane.chazelas@...il.com>)
• CVE-2014-3691, foreman-proxy: failure to verify SSL certificates (Murray McAllister <mmcallis@...hat.com>)
• Re: openssh on linux rce in sftp-only mode (Vitor Ventura <ventura.vitor@...il.com>)
• Re: Thoughts on Shellshock and beyond (Sven Kieske <svenkieske@...il.com>)
• Re: openssh on linux rce in sftp-only mode (Yves-Alexis Perez <corsac@...ian.org>)
• Re: Thoughts on Shellshock and beyond (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Thoughts on Shellshock and beyond (Sven Kieske <s.kieske@...twald.de>)
• Re: Thoughts on Shellshock and beyond (John Haxby <john.haxby@...cle.com>)
• Re: CVE-2014-7975: 0-day umount denial of service (rf@...eap.de)
• [OSSA 2014-034] Swift metadata constraints are not correctly enforced (CVE-2014-7960) (Thierry Carrez <thierry@...nstack.org>)
• Re: Thoughts on Shellshock and beyond ("Kobrin, Eric" <ekobrin@...mai.com>)
• Re: Thoughts on Shellshock and beyond (Tim <tim-security@...tinelchicken.org>)
• Re: CVE-2014-7975: 0-day umount denial of service (Andy Lutomirski <luto@...capital.net>)
• Re: Thoughts on Shellshock and beyond (Sven Kieske <svenkieske@...il.com>)
• CVE-2014-8086 - Linux kernel ext4 race condition (cve-assign@...re.org)
• Re: Thoughts on Shellshock and beyond (Tracy Reed <treed@...raviolet.org>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• wpa_cli and hostapd_cli action script execution vulnerability (Jouni Malinen <j@...fi>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Authentication Bypass in ROR Ecommerce (Tomek Rabczak <tomek@...asano.com>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• liability (was: Re: Thoughts on Shellshock and beyond) (Solar Designer <solar@...nwall.com>)
• Of Shellshock and logfiles (Dave Horsfall <dave@...sfall.org>)
• Re: Thoughts on Shellshock and beyond (Pavel Labushev <pavel.labushev@...box.no>)
• Re: liability (dmc <dmc.osssec@...udsession.com>)

• Re: Aftershock (Chet Ramey <chet.ramey@...e.edu>)
• CVE request: Zend Framework ZF2014-05 and ZF2014-06 (Murray McAllister <mmcallis@...hat.com>)
• Re: Of Shellshock and logfiles (Kurt Seifried <kseifried@...hat.com>)
• Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver (Siddharth Sharma <siddharth@...hat.com>)
• Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 (cve-assign@...re.org)
• Re: liability (was: Re: Thoughts on Shellshock and beyond) (Źmicier Januszkiewicz <gauri@....by>)
• Re: Thoughts on Shellshock and beyond (Florian Weimer <fweimer@...hat.com>)
• Re: CVE-2014-7975: 0-day umount denial of service (rf@...eap.de)
• Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• 0xdeadbeef comes of age: making keysteak with GnuPG (David Leon Gil <coruus@...il.com>)
• Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Kristian Fiskerstrand <kristian.fiskerstrand@...ptuouscapital.com>)
• Re: 0xdeadbeef comes of age: making keysteak with GnuPG (David Leon Gil <coruus@...il.com>)
• Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Kurt Seifried <kseifried@...hat.com>)
• Re: 0xdeadbeef comes of age: making keysteak with GnuPG (Werner Koch <wk@...pg.org>)
• What does this PHP exploit do? (Dave Horsfall <dave@...sfall.org>)
• Re: What does this PHP exploit do? (Jann Horn <jann@...jh.net>)
• Re: What does this PHP exploit do? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Re: 0xdeadbeef comes of age: making keysteak with GnuPG (flapflap <flapflap@...eup.net>)
• Re: HKPS [was 0xdeadbeef] (David Leon Gil <coruus@...il.com>)
• Re: What does this PHP exploit do? (Jon Hart <jhart@...ofed.org>)
• Re: What does this PHP exploit do? (Pierre Schweitzer <pierre@...ctos.org>)

• Re: What does this PHP exploit do? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Thoughts on Shellshock and beyond (Pavel Labushev <pavel.labushev@...box.no>)
• Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver (cve-assign@...re.org)

• Re: Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncs… (Kurt Seifried <kseifried@...hat.com>)
• Re: Authentication Bypass in ROR Ecommerce (cve-assign@...re.org)
• Re: Thoughts on Shellshock and beyond (Florian Weimer <fw@...eb.enyo.de>)
• Re: Thoughts on Shellshock and beyond (John Haxby <john.haxby@...cle.com>)
• perl-Razor-Agent logs to /razor-agent.log by default (Kurt Seifried <kseifried@...hat.com>)
• Re: perl-Razor-Agent logs to /razor-agent.log by default (cve-assign@...re.org)
• Re: Re: perl-Razor-Agent logs to /razor-agent.log by default (Kurt Seifried <kseifried@...hat.com>)

• Re: [CVE Requests] rsync and librsync collisions (Martin Pool <mbp@...rcefrog.net>)
• Re: [CVE Requests] rsync and librsync collisions (cve-assign@...re.org)
• CVE request: various security flaws in dokuwiki (Martin Prpic <mprpic@...hat.com>)
• shim RCE (Sebastian Krahmer <krahmer@...e.de>)
• CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required (Hanno Böck <hanno@...eck.de>)
• CVE request for vulnerability in OpenStack Nova (Jeremy Stanley <jeremy@...nstack.org>)

• CVE Rejection Request: CVE-2014-7983 Joomla com_contact Persistent XSS (Egidio Romano <n0b0d13s@...il.com>)
• Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required (Michael Samuel <mik@...net.net>)
• Re: CVE request for vulnerability in OpenStack Nova (cve-assign@...re.org)
• Truly scary SSL 3.0 vuln to be revealed soon: (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Hanno Böck <hanno@...eck.de>)
• Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required (Hanno Böck <hanno@...eck.de>)
• Multiple disputed issues in util-vserver (Fiedler Roman <Roman.Fiedler@....ac.at>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Reed Loden <reed@...dloden.com>)
• [OSSA 2014-035] Nova VMware driver may connect VNC to another tenant's console (CVE-2014-8750) (Jeremy Stanley <jeremy@...nstack.org>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Alex Gaynor <alex.gaynor@...il.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Reed Loden <reed@...dloden.com>)
• Re: Thoughts on Shellshock and beyond (Pavel Labushev <pavel.labushev@...box.no>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Hanno Böck <hanno@...eck.de>)
• Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required (Michael Samuel <mik@...net.net>)

• Re: Thoughts on Shellshock and beyond (Robert Watson <robertcwatson1@...il.com>)
• RE: Truly scary SSL 3.0 vuln to be revealed soon: (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Walter Parker <walterp@...il.com>)
• Re: SSL POODLE (Truly scary SSL 3.0 vuln) (gremlin@...mlin.ru)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Reed Loden <reed@...dloden.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (mancha <mancha1@...o.com>)
• Re: SSL POODLE (Truly scary SSL 3.0 vuln) (Krassimir Tzvetanov <maillists@...ssi.biz>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Krassimir Tzvetanov <maillists@...ssi.biz>)
• Re: SSL POODLE (Florian Weimer <fweimer@...hat.com>)
• Re: SSL POODLE (Hanno Böck <hanno@...eck.de>)
• RE: Truly scary SSL 3.0 vuln to be revealed soon: (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Brandon Whaley <redkrieg@...il.com>)
• list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Solar Designer <solar@...nwall.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Thoughts on Shellshock and beyond (Florian Weimer <fweimer@...hat.com>)
• CVE assignment for POODLE (Florian Weimer <fweimer@...hat.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: ("Ben Lincoln (0E1C7DBB - OSS)" <0E1C7DBB@...eaththewaves.net>)
• Re: Thoughts on Shellshock and beyond ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Hanno Böck <hanno@...eck.de>)
• Re: CVE assignment for POODLE (Jan Rusnacko <jrusnack@...hat.com>)
• [OSSA 2014-036] Potential leak of passwords into log files (CVE-2014-7230, CVE-2014-7231) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
• Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability (Stefan Horst <stefan.horst@...tioneins.de>)
• Abusing TZ for fun (and little profit) (Jakub Wilk <jwilk@...lk.net>)

• Re: Abusing TZ for fun (and little profit) (Dave Horsfall <dave@...sfall.org>)
• Re: Abusing TZ for fun (and little profit) (Dan McDonald <danmcd@...iti.com>)
• Re: What does this PHP exploit do? (Dave Horsfall <dave@...sfall.org>)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (ishish <ish@...rino.com>)
• Re: Abusing TZ for fun (and little profit) (Dag-Erling Smørgrav <des@....no>)
• attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Re: CVE request: ejabberd compression allows cirucumvention of encryption despite starttls_required (cve-assign@...re.org)
• Re: attacking hsts through ntp (Kurt Seifried <kseifried@...hat.com>)
• Re: CVE request: various security flaws in dokuwiki (cve-assign@...re.org)
• RE: Truly scary SSL 3.0 vuln to be revealed soon: (Sona Sarmadi <sona.sarmadi@...a.com>)
• Re: attacking hsts through ntp (Lukas Reschke <lukas@...tuscode.ch>)
• Re: attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Vulnerabilities in WordPress Database Manager v2.7.1 ("Larry W. Cashdollar" <larry0@...com>)
• Re: attacking hsts through ntp (Kurt Seifried <kseifried@...hat.com>)
• Re: attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Re: attacking hsts through ntp (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: attacking hsts through ntp (Kurt Seifried <kseifried@...hat.com>)
• Re: attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Re: attacking hsts through ntp (Adam Langley <agl@...gle.com>)

• Re: attacking hsts through ntp (Michael Samuel <mik@...net.net>)
• Re: attacking hsts through ntp (Kurt Seifried <kseifried@...hat.com>)
• Re: attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Re: attacking hsts through ntp (Yves-Alexis Perez <corsac@...ian.org>)
• Re: attacking hsts through ntp (Stephen Röttger <stephen.roettger@...il.com>)
• CVE request: TYPO3-EXT-SA-2014-013 (Henri Salo <henri@...v.fi>)
• libxml2 issue: billioun laughs variant (CVE-2014-3660) ("Thijs Kinkhorst" <thijs@...ian.org>)
• Connected UDP sockets and kernel queuing (CVE-2014-6512) (Florian Weimer <fweimer@...hat.com>)
• Re: attacking hsts through ntp (Tim <tim-security@...tinelchicken.org>)
• Re: Connected UDP sockets and kernel queuing (CVE-2014-6512) (Vitor Ventura <ventura.vitor@...il.com>)
• Re: CVE request: TYPO3-EXT-SA-2014-013 (cve-assign@...re.org)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) (mancha <mancha1@...o.com>)
• Re: attacking hsts through ntp (Phil Pennock <oss-security-phil@...dhuis.org>)
• Re: attacking hsts through ntp (Tim <tim-security@...tinelchicken.org>)

• Re: CVE-2014-7970: Linux VFS denial of service (Andy Lutomirski <luto@...capital.net>)
• Re: CVE-2014-7970: Linux VFS denial of service (cve-assign@...re.org)
• Re: Truly scary SSL 3.0 vuln to be revealed soon: (Mark Felder <feld@...d.me>)
• Re: neuter the poodle (was: Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Nikos Mavrogiannopoulos <n.mavrogiannopoulos@...il.com>)
• Re: Re: neuter the poodle (mancha <mancha1@...o.com>)
• Re: Re: neuter the poodle (Nikos Mavrogiannopoulos <n.mavrogiannopoulos@...il.com>)
• CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 (Henri Salo <henri@...v.fi>)
• Re: attacking hsts through ntp (Hanno Böck <hanno@...eck.de>)
• Re: attacking hsts through ntp (Yves-Alexis Perez <corsac@...ian.org>)
• Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 (cve-assign@...re.org)
• Re: Re: CVE request: TYPO3-EXT-SA-2014-014 and TYPO3-EXT-SA-2014-015 (Marcus Krause <marcus@...ec.info>)

• CVE request: remote code execution in Android CTS (Lord Tuskington <l.tuskington@...il.com>)
• CVE request: Cyanogenmod MITM (Lord Tuskington <l.tuskington@...il.com>)
• Re: CVE request: remote code execution in Android CTS (Nick Kralevich <nnk@...gle.com>)
• Re: CVE request: Cyanogenmod MITM ("Mike O'Connor" <mjo@...o.mi.org>)
• Re: Fwd: Non-upstream patches for bash (Chet Ramey <chet.ramey@...e.edu>)
• Re: CVE request: remote code execution in Android CTS (Lord Tuskington <l.tuskington@...il.com>)

• Re: [FD] CVE request: remote code execution in Android CTS (Grond <grond66@...il.com>)
• CVEs request: Incorrect temporary file handling && silent code execution in Tomb, a commandline tool to easily operate encrypti… (Michael Scherer <misc@...b.org>)
• Re: attacking hsts through ntp (Stephen Röttger <stephen.roettger@...il.com>)
• RE: attacking hsts through ntp ("Bendler, Ehren" <ebendler@...na.com>)
• CVE request for vulnerability in OpenStack Nova (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
• Re: [FD] CVE request: remote code execution in Android CTS (Mario Vilas <mvilas@...il.com>)
• Re: Vulnerabilities in WordPress Database Manager v2.7.1 (cve-assign@...re.org)
• Re: Re: Vulnerabilities in WordPress Database Manager v2.7.1 ("Larry W. Cashdollar" <larry0@...com>)
• Re: Multiple disputed issues in util-vserver (Carlos Alberto Lopez Perez <clopez@...lia.com>)

• AW: Multiple disputed issues in util-vserver (Fiedler Roman <Roman.Fiedler@....ac.at>)
• Re: CVE request for vulnerability in OpenStack Nova (cve-assign@...re.org)
• Re: Vulnerabilities in WordPress Database Manager v2.7.1 (cve-assign@...re.org)
• CVE-2014-3690: KVM DoS triggerable by malicious host userspace (Andy Lutomirski <luto@...capital.net>)
• [OSSA 2014-037] Nova VMware instance in resize state may leak (CVE-2014-8333) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)

• CVE Request: systemd-shim DoS issue (Marc Deslauriers <marc.deslauriers@...onical.com>)
• CVE-2014-3712 Katello: user parameters passed to to_sym (Kurt Seifried <kseifried@...hat.com>)
• CVE Request: smarty: secure mode bypass (Salvatore Bonaccorso <carnil@...ian.org>)

• Re: CVE Request: smarty: secure mode bypass (cve-assign@...re.org)
• Re: CVE Request: systemd-shim DoS issue (cve-assign@...re.org)
• Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 (Arun Babu Neelicattu <abn@...hat.com>)
• strings / libbfd crasher (Hanno Böck <hanno@...eck.de>)
• Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: strings / libbfd crasher (Dave Rutherford <dave@...lpettingzoo.com>)
• CVE Request: Linux 3.17 guest-triggerable KVM OOPS (Andy Lutomirski <luto@...capital.net>)
• Re: strings / libbfd crasher (mancha <mancha1@...o.com>)
• Zarafa WebAccess >= 6.40.4 affected by CVE-2013-2205, CVE-2013-2205 and CVE-2012-3414 (Robert Scheck <robert@...oraproject.org>)

• Re: CVE Request: Linux 3.17 guest-triggerable KVM OOPS (cve-assign@...re.org)
• Vulnerability fixed in Quassel? (Pierre Schweitzer <pierre@...ctos.org>)
• Re: Vulnerability fixed in Quassel? (Bas Pape <baspape@...il.com>)
• Re: Vulnerability fixed in Quassel? (Bas Pape <baspape@...il.com>)
• Re: strings / libbfd crasher (mancha <mancha1@...o.com>)
• Re: strings / libbfd crasher (Hanno Böck <hanno@...eck.de>)
• CVE-2014-8369 - Linux kernel iommu.c excessive unpinning (cve-assign@...re.org)
• New security advisories released for Apache CXF (Colm O hEigeartaigh <coheigea@...che.org>)
• kvm issues (Petr Matousek <pmatouse@...hat.com>)
• Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185 (cve-assign@...re.org)
• Re: strings / libbfd crasher (Hanno Böck <hanno@...eck.de>)
• Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: strings / libbfd crasher (mancha <mancha1@...o.com>)

• Re: strings / libbfd crasher (Tavis Ormandy <taviso@...xchg8b.com>)
• cve request: libbfd? (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Vulnerability fixed in Quassel? (Pierre Schweitzer <pierre@...ctos.org>)

• Re: Vulnerability fixed in Quassel? (cve-assign@...re.org)
• Re: strings / libbfd crasher (cve-assign@...re.org)
• Re: Re: strings / libbfd crasher (Hanno Böck <hanno@...eck.de>)

• Re: Re: strings / libbfd crasher (Alexander Cherepanov <cherepan@...me.ru>)
• Re: Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (Petr Matousek <pmatouse@...hat.com>)
• Re: Re: strings / libbfd crasher (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: Re: strings / libbfd crasher (Jakub Wilk <jwilk@...lk.net>)

• Re: Re: strings / libbfd crasher (Alexander Cherepanov <cherepan@...me.ru>)
• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Alexander Cherepanov <cherepan@...me.ru>)
• [OSSA 2014-038] Nova network DoS through API filtering (CVE-2014-3708) (Tristan Cacqueray <tristan.cacqueray@...vance.com>)
• ftp(1) can be made execute arbitrary commands by malicious webserver (Alistair Crooks <agc@...bsd.org>)
• Re: ftp(1) can be made execute arbitrary commands by malicious webserver (Stuart Henderson <sthen@...nbsd.org>)
• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Kurt Seifried <kseifried@...hat.com>)

• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Alexander Cherepanov <cherepan@...me.ru>)
• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Kurt Seifried <kseifried@...hat.com>)
• Re: ftp(1) can be made execute arbitrary commands by malicious webserver (cve-assign@...re.org)
• Request cve for imagemagick security problem (DOS) (Bastien ROUCARIES <roucaries.bastien@...il.com>)
• Re: Request cve for imagemagick security problem (DOS) (Hanno Böck <hanno@...eck.de>)
• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace (Andy Lutomirski <luto@...capital.net>)
• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Dave Horsfall <dave@...sfall.org>)

• Re: list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) (Michal Zalewski <lcamtuf@...edump.cx>)
• CVE request for GitLab groups API (Valery Sizov <valery@...lab.com>)
• Some weird Apache redirection exploit? (Dave Horsfall <dave@...sfall.org>)
• Re: Some weird Apache redirection exploit? (Tim <tim-security@...tinelchicken.org>)
• Arbitrary file existence disclosure in Action Pack (CVE-2014-7818) (Aaron Patterson <tenderlove@...y-lang.org>)
• Arbitrary file existence disclosure in Sprockets (CVE-2014-7819) (Aaron Patterson <tenderlove@...y-lang.org>)
• CVE-2014-8559 - Linux kernel fs/dcache.c incorrect use of rename_lock (cve-assign@...re.org)
• [AMENDED] [CVE-2014-7819] Arbitrary file existence disclosure in Sprockets (Aaron Patterson <tenderlove@...y-lang.org>)
• SQL injection vulnerability in MantisBT SOAP API (Damien Regad <dregad@...tisbt.org>)
• RE: SQL injection vulnerability in MantisBT SOAP API ("P Richards" <paul@...tisforge.org>)
• RE: SQL injection vulnerability in MantisBT SOAP API ("P Richards" <paul@...tisforge.org>)
• Re: SQL injection vulnerability in MantisBT SOAP API (Damien Regad <dregad@...tisbt.org>)

• Re: strings / libbfd crasher (cve-assign@...re.org)
• Re: CVE request for GitLab groups API (cve-assign@...re.org)
• Re: Request cve for imagemagick security problem (cve-assign@...re.org)

485 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.