Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2016/02

Messages by day:

February 1 (7 messages)

• curl: NTLM credentials not-checked for proxy connection re-use (Daniel Stenberg <daniel@...x.se>)
• curl: remote file name path traversal in curl tool for Windows (Daniel Stenberg <daniel@...x.se>)
• CVE Request: FFmpeg issue (Lucas Leong <wmliang.tw@...il.com>)
• Socat security advisory 7 - Created new 2048bit DH modulus (Gerhard Rieger <gerhard@...t-unreach.org>)
• Socat security advisory 8 - Stack overflow in parser (Gerhard Rieger <gerhard@...t-unreach.org>)
• WebKitGTK+ Security Advisory WSA-2016-0001 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• [ANNOUNCE] Django releases issued: 1.9.2 (security) and 1.8.9 (bugfix) (Tim Graham <timograham@...il.com>)

• Wordpress plugin Reflected XSS in connections v8.5.8 (Larry Cashdollar <larry0@...com>)
• Miscomputations of elliptic curve scalar multiplications in Nettle (Hanno Böck <hanno@...eck.de>)
• Reflected XSS & Blind SQLi in wordpress plugin eshop v6.3.14 (Larry Cashdollar <larry0@...com>)
• Fwd: PHP-FPM fpm_log.c memory leak and buffer overflow (Štefan Šafár <stefan.safar@...ma.seznam.cz>)
• CVE Request -- Buffer overflow in Python-Pillow and PIL (Eric Soroos <eric@...oos.net>)
• Re: Socat security advisory 7 - Created new 2048bit DH modulus (cve-assign@...re.org)
• Re: Socat security advisory 8 - Stack overflow in parser (cve-assign@...re.org)
• Re: Re: Socat security advisory 7 - Created new 2048bit DH modulus (Seth Arnold <seth.arnold@...onical.com>)

• Re: Miscomputations of elliptic curve scalar multiplications in Nettle (cve-assign@...re.org)
• Re: CVE Request: FFmpeg issue (cve-assign@...re.org)
• CVE Request: PHP-5.5.31: multiple security vulnerabilities (Dmitry Kasyanov <dkasyanov@...udlinux.com>)
• CVE Request: Datafari Local File Disclosure (PASCAULT Wilfried <wpascault@...si.com>)
• Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function (cve-assign@...re.org)

• Re: Socat security advisory 7 - Created new 2048bit DH modulus (cve-assign@...re.org)
• Re: Socat security advisory 7 - Created new 2048bit DH modulus (Andreas Stieger <astieger@...e.com>)
• [OSSA 2016-006] Glance image status manipulation through locations removal (CVE-2016-0757) (Tristan Cacqueray <tdecacqu@...hat.com>)
• CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability (Salvatore Bonaccorso <carnil@...ian.org>)
• CVE Request: Open Source Media Center insecure default config ("Zach W." <kestrel@...linux.us>)
• Re: CVE Request: WordPress: New 4.4.2 security and maintenance release: SSRF and open redirect vulnerability (cve-assign@...re.org)

• CVE update (CVE-2015-5167 & CVE-2016-0733) - Fixed in Ranger 0.5.1 (Velmurugan Periasamy <vel@...che.org>)
• CVE Request uclibc-ng dns resolver issues (Daniel Fahlgren <daniel@...lgren.se>)
• Re: CVE Request uclibc-ng dns resolver issues (cve-assign@...re.org)
• Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression (anarcat <anarcat@...ngeseeds.org>)

• CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 (Gustavo Grieco <gustavo.grieco@...il.com>)
• Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 (Gustavo Grieco <gustavo.grieco@...il.com>)
• Re: CVE request: Out-of-bound read in the parsing of gif files using GraphicsMagick 1.3.18 (cve-assign@...re.org)
• CVE Request: Horde: Two cross-site scripting vulnerabilities (Salvatore Bonaccorso <carnil@...ian.org>)
• Re: CVE Request: Horde: Two cross-site scripting vulnerabilities (cve-assign@...re.org)

• CVE request - buffer overflow in xdelta3 before 3.0.9 (Stepan Golosunov <stepan@...osunov.pp.ru>)
• Re: CVE request - buffer overflow in xdelta3 before 3.0.9 (cve-assign@...re.org)
• CVE-2016-0617: linux kernel: hugetlbfs: fix bugs in hugetlb_vmtruncate_list() (John Haxby <john.haxby@...cle.com>)

• Libreoffice updater runs over http (Sevan Janiyan <venture37@...klan.co.uk>)
• CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files (Gustavo Grieco <gustavo.grieco@...il.com>)
• CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access (Andreas Stieger <astieger@...e.com>)
• KDE Plasma vulnerability: need CVE (Albert Astals Cid <aacid@....org>)
• Re: KDE Plasma vulnerability: need CVE (cve-assign@...re.org)

• Re: KDE Plasma vulnerability: need CVE (Albert Astals Cid <aacid@....org>)
• CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 (Seth Arnold <seth.arnold@...onical.com>)
• CVE request for Media Player Classic (Andreas Lindh <addelindh@...il.com>)
• CVE Request: Textual IRC Client <= 5.2.7 Remote Command Execution (Shubham Shah <sshah@...hopfox.com>)
• Re: CVE Request: cacti: Authentication using web authentication as a user not in the,cacti database allows complete access (cve-assign@...re.org)
• Re: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0 (cve-assign@...re.org)
• CVE Request : Use-after-free in accel-ppp (FEIST Josselin <josselin.feist@...il.com>)
• CVE request - OkHttp Certificate Pining Bypass (Matthew McPherrin <mmc@...areup.com>)

• Linux kernel: Flaw in CXGB3 driver. (Wade Mealing <wmealing@...hat.com>)
• HTTPS Only (Open Source, Python) (David Leo <httpsonly.github.io@...il.com>)
• Re: Linux kernel: Flaw in CXGB3 driver. (cve-assign@...re.org)
• Re: HTTPS Only (Open Source, Python) (P J P <ppandit@...hat.com>)
• CVE requests for Drupal contributed modules (2016-004, 2016-005) (Pere Orga <pere@...a.cat>)
• Re: CVE requests: Multiple vulnerabilities in GraphicsMagick parsing and processing SVG files (cve-assign@...re.org)
• STARTTLS for this list? (Alex Gaynor <alex.gaynor@...il.com>)
• Re: STARTTLS for this list? (Noel Kuntze <noel@...ilie-kuntze.de>)
• Re: use-after-free in tidy-html5 (Gustavo Grieco <gustavo.grieco@...il.com>)

• Re: STARTTLS for this list? (Seth Arnold <seth.arnold@...onical.com>)
• Re: STARTTLS for this list? (Solar Designer <solar@...nwall.com>)
• Re: CVE request: out-of-bounds write with cpio 2.11 (Gustavo Grieco <gustavo.grieco@...il.com>)
• Re: HTTPS Only (Open Source, Python) (David Leo <httpsonly.github.io@...il.com>)

• Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (halfdog <me@...fdog.net>)
• Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (Scotty Bauer <sbauer@....utah.edu>)
• Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (halfdog <me@...fdog.net>)
• Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (Florian Weimer <fw@...eb.enyo.de>)
• Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (Hanno Böck <hanno@...eck.de>)
• snprintf return value misuse in a lot of projects (yumkam@...il.com (Yuriy M. Kaminskiy))
• Re: snprintf return value misuse in a lot of projects (Alexander Cherepanov <ch3root@...nwall.com>)
• Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software (Kristian Fiskerstrand <kristian.fiskerstrand@sum…)

• CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read (Salvatore Bonaccorso <carnil@...ian.org>)
• CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor (Salvatore Bonaccorso <carnil@...ian.org>)
• Re: CVE Request: cacti: Authentication using web authentication as a user, not in the,cacti database allows complete access (Paul Gevers <elbrus@...ian.org>)
• Re: CVE Request: Linux: Incorrect branch fixups for eBPF allow arbitrary read (cve-assign@...re.org)
• Re: CVE Request: Linux: ALSA: usb-audio: double-free triggered by invalid USB descriptor (cve-assign@...re.org)

• CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability (Stefan Cornelius <scorneli@...hat.com>)
• cloud-init follows symlinks for ssh authorized_keys ("Jason A. Donenfeld" <Jason@...c4.com>)
• Re: cloud-init follows symlinks for ssh authorized_keys (Roman Drahtmueller <draht@...altsekun.de>)
• CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow (Stelios Tsampas <stelios@...sus-labs.com>)
• Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) (David Leo <httpsonly.github.io@...il.com>)
• Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) (Solar Designer <solar@...nwall.com>)
• Re: CVE request: foomatic-rip unhtmlify() buffer overflow vulnerability (cve-assign@...re.org)
• Re: CVE Request: Kamailio 4.3.4 SEAS Module Heap overflow (cve-assign@...re.org)
• Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) (gremlin@...mlin.ru)
• CVE-2015-1776: Apache Hadoop MapReduce, disclosure of encrypted data (Arun Suresh <asuresh@...che.org>)

• CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service (Amos Jeffries <squid3@...enet.co.nz>)
• CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference (P J P <ppandit@...hat.com>)
• CVE-2015-7547: stack-based buffer overflow in glibc's getaddrinfo function (Florian Weimer <fweimer@...hat.com>)
• Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service (cve-assign@...re.org)
• Re: CVE request Qemu: usb: multiple eof_timers in ohci leads to null pointer dereference (cve-assign@...re.org)
• Re: Re: CVE request: Squid HTTP Caching Proxy 3.5.13, 4.0.4, 4.0.5 denial of service (Amos Jeffries <squid3@...enet.co.nz>)
• CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling (P J P <ppandit@...hat.com>)
• Re: CVE request Qemu: usb: null pointer dereference in remote NDIS control message handling (cve-assign@...re.org)
• Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities (Sandeep Kamble <sandeepk.l337@...il.com>)
• Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities (cve-assign@...re.org)

• Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities (Florent Daigniere <florent.daigniere@...stmatta.com>)
• Xen Security Advisory 154 (CVE-2016-2270) - x86: inconsistent cachability flags on guest mappings (Xen.org security team <security@....org>)
• Xen Security Advisory 170 (CVE-2016-2271) - VMX: guest user mode may crash guest with non-canonical RIP (Xen.org security team <security@....org>)
• Re: Browser Security Tool: HTTPS Only (Why, How, Open Source, Python) (David Leo <httpsonly.github.io@...il.com>)
• Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities (cve-assign@...re.org)
• Feedback and mentoring (reviewer) for logdata-anomaly-miner (Fiedler Roman <Roman.Fiedler@....ac.at>)
• CVE Request: graphite-web: open redirect (Manuel Mancera <sinkmanu@...il.com>)
• Re: CVE Request: graphite-web: open redirect (Manuel Mancera <sinkmanu@...il.com>)
• Address Sanitizer local root (Szabolcs Nagy <nsz@...t70.net>)

• Re: Address Sanitizer local root (Daniel Micay <danielmicay@...il.com>)
• Re: CVE Request: graphite-web: open redirect (cve-assign@...re.org)
• Re: Address Sanitizer local root (Daniel Micay <danielmicay@...il.com>)
• Re: Address Sanitizer local root (Konstantin Serebryany <konstantin.s.serebryany@...il.com>)
• CVE-2015-7521: Apache Hive authorization bug disclosure (update) (khorgath@...che.org (Sushanth Sowmyan))
• Re: Address Sanitizer local root (Daniel Micay <danielmicay@...il.com>)
• Re: CVE request - OkHttp Certificate Pining Bypass (cve-assign@...re.org)
• Re: Re: Umbraco - The open source ASP.NET CMS Multiple Vulnerabilities (Sandeep Kamble <sandeepk.l337@...il.com>)
• Re: Address Sanitizer local root (Hanno Böck <hanno@...eck.de>)
• Re: Address Sanitizer local root (Gynvael Coldwind <gynvael@...dwind.pl>)
• Re: Address Sanitizer local root (Balint Reczey <balint@...intreczey.hu>)
• Re: Address Sanitizer local root (Robert Święcki <robert@...ecki.net>)
• Re: CVE Request: graphite-web: open redirect (Manuel Mancera <sinkmanu@...il.com>)
• CVE requests for Drupal contributed modules (2016-006, 2016-007) (Pere Orga <pere@...a.cat>)
• Re: Re: CVE request for wget (Austin English <austinenglish@...il.com>)
• Re: Address Sanitizer local root (Darren Martyn <darren.martyn@...hosresearch.co.uk>)

• Re: Re: Address Sanitizer local root (Rich Felker <dalias@...c.org>)
• Re: Re: Address Sanitizer local root (Gynvael Coldwind <gynvael@...dwind.pl>)
• Re: Address Sanitizer local root (Daniel Micay <danielmicay@...il.com>)
• CVE request: didiwiki path traversal vulnerability (Ignace Mouzannar <mouzannar@...il.com>)
• Re: CVE request: didiwiki path traversal vulnerability (cve-assign@...re.org)
• Re: CVE request: didiwiki path traversal vulnerability (Ignace Mouzannar <mouzannar@...il.com>)
• Re: CVE request: didiwiki path traversal vulnerability (cve-assign@...re.org)
• Re: Address Sanitizer local root (Rich Felker <dalias@...c.org>)
• Re: Address Sanitizer local root (Daniel Micay <danielmicay@...il.com>)

• CVE for nodejs hawk (Kurt Seifried <kseifried@...hat.com>)
• Re: CVE for nodejs hawk (cve-assign@...re.org)
• CSRF Vulnerability in Refinery CMS (Shravan Kumar <shravan.kumar@...urelayer7.net>)
• Multiple XSS vulnerabilities in Refinery CMS (Shravan Kumar <shravan.kumar@...urelayer7.net>)
• Re: Multiple XSS vulnerabilities in Refinery CMS (Solar Designer <solar@...nwall.com>)

• [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Android (Carlos Santana <csantana23@...il.com>)

• Re: CVE Request -- Buffer overflow in Python-Pillow and PIL (Stefan Cornelius <scorneli@...hat.com>)
• Re: CVE Request -- Buffer overflow in Python-Pillow and PIL (cve-assign@...re.org)
• CVE request Qemu: usb: integer overflow in remote NDIS control message handling (P J P <ppandit@...hat.com>)
• imagemagick: request for CVEs (Brian May <brian@...uxpenguins.xyz>)
• php: stack overflow when decompressing tar archives (Hans Jerry Illikainen <hji@...topia.com>)

• RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Androi… (security@...roid.com)
• CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets (Salvatore Bonaccorso <carnil@...ian.org>)
• Access to /dev/pts devices via pt_chown and user namespaces (halfdog <me@...fdog.net>)
• Re: Security bugs in Linux kernel sound subsystem (Johannes Segitz <jsegitz@...e.com>)
• CVE Request: Linux kernel USB hub invalid memory access in hub_activate() ("Cornea, Alexandru" <alexandru.cornea@...el.com>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (Solar Designer <solar@...nwall.com>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces ("Dmitry V. Levin" <ldv@...linux.org>)
• Re: CVE request Qemu: usb: integer overflow in remote NDIS control message handling (cve-assign@...re.org)
• libssh/libssh2 bits and bytes confusion (Kurt Seifried <kseifried@...hat.com>)
• libssh2 Truncated Difffie-Hellman secret length (Daniel Stenberg <daniel@...x.se>)
• Re: Security bugs in Linux kernel sound subsystem (cve-assign@...re.org)

• RE: [4-3801000010480] [Update 2/20/16 CVE-2015-5256] Apache Cordova vulnerable to improper application of whitelist restrictions on Androi… (security@...roid.com)
• Re: CVE Request: Linux: unix: correctly track in-flight fds in sending process user_struct sockets (cve-assign@...re.org)
• Re: CVE Request: Linux kernel USB hub invalid memory access in hub_activate() (cve-assign@...re.org)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (halfdog <me@...fdog.net>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (halfdog <me@...fdog.net>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (Alan Coopersmith <alan.coopersmith@...cle.com>)
• User Namespaces Overlayfs Xattr Setgid Privilege Escalation: Overlayfs (halfdog <me@...fdog.net>)
• Overlayfs over Fuse Privilege Escalation in USERNS (halfdog <me@...fdog.net>)
• Aufs Union Filesystem Privilege Escalation In User Namespaces (halfdog <me@...fdog.net>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (Simon McVittie <smcv@...ian.org>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces ("Dmitry V. Levin" <ldv@...linux.org>)
• CVE request: Squid HTTP Caching Proxy multiple denial of service issues (Amos Jeffries <squid3@...enet.co.nz>)
• [Pixman] create_bits(): Cast the result of height * stride to size_t (Gustavo Grieco <gustavo.grieco@...il.com>)
• Re: CVE Request: Datafari Local File Disclosure (Fried Wil <wilfried.pascault@...il.com>)
• Re: [Pixman] create_bits(): Cast the result of height * stride to size_t (cve-assign@...re.org)
• CVE Request: bash-completion: dequote command injection (Fernando Muñoz <fernando@...l-life.com>)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (Serge Hallyn <serge.hallyn@...ntu.com>)
• Re: php: stack overflow when decompressing tar archives (cve-assign@...re.org)
• CVE requests for Drupal core (SA-CORE-2016-001) (Pere Orga <pere@...a.cat>)
• Re: CVE Request: bash-completion: dequote command injection (Eric Blake <eblake@...hat.com>)
• Re: CVE Request: bash-completion: dequote command injection (Fernando Muñoz <fernando@...l-life.com>)
• Re: CVE Request: bash-completion: dequote command injection (Kurt Seifried <kseifried@...hat.com>)

• CVE ID Request : Proxmox VE Insecure hostname checking (remote root exploit) (Sysdream Labs <labs@...dream.com>)
• CVE ID Request : Centreon remote code execution (Sysdream Labs <labs@...dream.com>)
• Re: CVE Request: bash-completion: dequote command injection (John Haxby <john.haxby@...cle.com>)
• Re: [Pixman] create_bits(): Cast the result of height * stride to size_t (Alan Coopersmith <alan.coopersmith@...cle.com>)
• CVE-2015-6541 : Multiple CSRF in Zimbra Mail interface (Sysdream Labs <labs@...dream.com>)
• CVE Request: pkexec tty hijacking via TIOCSTI ioctl (up201407890@...nos.dcc.fc.up.pt)
• CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input ("Cantor, Scott" <cantor.2@....edu>)
• CVE request: reads out-of-bounds with cpio 2.11 (Gustavo Grieco <gustavo.grieco@...il.com>)

• RE: CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input (Shivaprasad Sadashivappa <Shivaprasad.S@...anz.com>)
• Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues (cve-assign@...re.org)
• Re: CVE Request: pkexec tty hijacking via TIOCSTI ioctl (cve-assign@...re.org)
• Re: CVE request: reads out-of-bounds with cpio 2.11 (cve-assign@...re.org)
• Re: CVE request rtmpdump: the 6 vulnerabilities have been fixed (Mark Felder <feld@...d.me>)
• Partial SMAP bypass on 64-bit Linux kernels (Andy Lutomirski <luto@...nel.org>)

• CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl (up201407890@...nos.dcc.fc.up.pt)
• Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl (cve-assign@...re.org)
• Re: Access to /dev/pts devices via pt_chown and user namespaces (Jakub Wilk <jwilk@...ian.org>)

• AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way (Robert Święcki <robert@...ecki.net>)
• Re: Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl ("Alexander E. Patrakov" <patrakov@...il.com>)
• Re: CVE Request: util-linux runuser tty hijacking via TIOCSTI ioctl -- chroot (cve-assign@...re.org)
• pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] (Jann Horn <jann@...jh.net>)
• Re: pt_chown timeline, CVE request [was: Access to /dev/pts devices via pt_chown and user namespaces] (Aurelien Jarno <aurelien@...el32.net>)
• Re: AMD newest ucode 0x06000832 for Piledriver-based CPUs seems to behave in a problematic way (cve-assign@...re.org)
• CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver (Vladis Dronov <vdronov@...hat.com>)
• tidy-html5: read out-of-bounds in TextEndsWithNewline (Gustavo Grieco <gustavo.grieco@...il.com>)
• Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver (cve-assign@...re.org)
• Re: Re: CVE request -- linux kernel: visor: crash on invalid USB device descriptors in treo_attach() in visor driver (Vladis Dronov <vdronov@...hat.com>)

• CVE request: Heap buffer overflow in pcretest (Adam Maris <amaris@...hat.com>)
• Java Deserialization continued, Analysis Tooling and (potentially) bypassing Application Level Filtering (Moritz Bechler <mbechler@...terphace.org>)
• [CVE-2016-2098] Possible remote code execution vulnerability in Action Pack (Rafael Mendonça França <rafaelmfranca@...il.com>)
• [CVE-2016-2097] Possible Information Leak Vulnerability in Action View. (Rafael Mendonça França <rafaelmfranca@...il.com>)
• Re: CVE request: Heap buffer overflow in pcretest (cve-assign@...re.org)

207 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.