oss-security mailing list - 2016/07

Follow @Openwall on Twitter for new release announcements and other news

[<prev month] [next month>] [year] [list]

oss-security mailing list - 2016/07

Mon	Tue	Wed	Thu	Fri	Sat	Sun
				¹ 4	² 1	³
⁴ 3	⁵ 9	⁶ 4	⁷ 3	⁸ 6	⁹ 5	¹⁰
¹¹ 9	¹² 7	¹³ 13	¹⁴ 7	¹⁵ 6	¹⁶ 5	¹⁷ 8
¹⁸ 16	¹⁹ 8	²⁰ 7	²¹ 9	²² 3	²³ 3	²⁴ 2
²⁵ 14	²⁶ 12	²⁷ 16	²⁸ 16	²⁹ 9	³⁰ 3	³¹ 6

Messages by day:

July 1 (4 messages)

SQLite Tempdir Selection Vulnerability (Andreas Stieger <astieger@...e.com>)
Re: SQLite Tempdir Selection Vulnerability (cve-assign@...re.org)
CVE requests / Advisory: ATutor <= 2.2.1 (Matthew Daley <mattd@...fuzz.com>)
CVE Request: ipywidgets executes untrusted JavaScript (Sylvain Corlay <sylvain.corlay@...il.com>)

July 2 (1 message)

[SECURITY] CVE-2016-4974: Apache Qpid: deserialization of untrusted input while using JMS ObjectMessage (Robbie Gemmell <robbie@...che.org>)

July 4 (3 messages)

Re: [FD] libical 0.47 SEGV on unknown address (Brandon Perry <bperry.volatile@...il.com>)
[CVE-2016-1000007] Pagure: XSS in raw file endpoint (Patrick Uiterwijk <puiterwijk@...hat.com>)
Browsing and attaching images considered harmful in Linux (Gustavo Grieco <gustavo.grieco@...il.com>)

July 5 (9 messages)

BUG_ON crash in linux 4.7-rc6/master skbuff.c (Marco Grassi <marco.gra@...il.com>)
CVE ID Request : OpenFire multiple vulnerabilities (Sysdream Labs <labs@...dream.com>)
CVE-2016-6160: Segmentation fault in tcprewrite (tcpreplay) (Christoph Biedl <debian.axhn@...chmal.in-ulm.de>)
Fwd: CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] (Solar Designer <solar@...nwall.com>)
CVE-2016-4979: HTTPD webserver - X509 Client certificate based authentication can be bypassed when HTTP/2 is used [vs] (Dirk-Willem van Gulik <dirkx@...weaving.…)
CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif (Salvatore Bonaccorso <carnil@...ian.org>)
Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif (cve-assign@...re.org)
Re: BUG_ON crash in linux 4.7-rc6/master skbuff.c (cve-assign@...re.org)
Re: Browsing and attaching images considered harmful in Linux (cve-assign@...re.org)

July 6 (4 messages)

Re: Browsing and attaching images considered harmful in Linux (Gustavo Grieco <gustavo.grieco@...il.com>)
Re: Browsing and attaching images considered harmful in Linux (Salvatore Bonaccorso <carnil@...ian.org>)
Malicious primary DNS servers can crash secondaries (Florian Weimer <fweimer@...hat.com>)
Re: Malicious primary DNS servers can crash secondaries (cve-assign@...re.org)

July 7 (3 messages)

CVE Request: perl: XSLoader: could load shared library from incorrect location (Salvatore Bonaccorso <carnil@...ian.org>)
Re: Malicious primary DNS servers can crash secondaries (Remi Gacogne <remi.gacogne@...erdns.com>)
Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack ("Seaman, Chad" <cseaman@...mai.com>)

July 8 (6 messages)

Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack (Paul Wouters <pwouters@...hat.com>)
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) (Jens Erat <jens.erat@...-konstanz.de>)
On anonymous CVE assignments (Lior Kaplan <kaplanlior@...il.com>)
Re: On anonymous CVE assignments (Kurt Seifried <kseifried@...hat.com>)
Re: CVE Request: perl: XSLoader: could load shared library from incorrect location (cve-assign@...re.org)
Re: On anonymous CVE assignments (Glenn Randers-Pehrson <glennrp@...il.com>)

July 9 (5 messages)

CVE request: apparmor: oops in apparmor_setprocattr() (John Johansen <john.johansen@...onical.com>)
Re: CVE request: apparmor: oops in apparmor_setprocattr() (cve-assign@...re.org)
Re: CVE request: several SOGo issues (DOS, XSS, information leakage) (cve-assign@...re.org)
Re: On anonymous CVE assignments (Glenn Randers-Pehrson <glennrp@...il.com>)
CVE-2016-4971: wget < 1.18 trusts server-provided filename on HTTP to FTP redirects (Solar Designer <solar@...nwall.com>)

July 11 (9 messages)

CVE request:SQL injections in TeamPass (das das <scusec2010@...il.com>)
CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS (Cedric Buissart <cbuissar@...hat.com>)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS (Hanno Böck <hanno@...eck.de>)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS (Cedric Buissart <cbuissar@...hat.com>)
Re: CVE request: apparmor: oops in apparmor_setprocattr() (Ben Laurie <benl@...gle.com>)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS (Florian Weimer <fweimer@...hat.com>)
cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel (CAI Qian <caiqian@...hat.com>)
Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel (cve-assign@...re.org)
Re: CVE request: apparmor: oops in apparmor_setprocattr() (Tyler Hicks <tyhicks@...onical.com>)

July 12 (7 messages)

CVE-2016-5389: linux kernel - challange ack information leak. (Wade Mealing <wmealing@...hat.com>)
Re: CVE-2016-5389: linux kernel - challange ack information leak. (Wade Mealing <wmealing@...hat.com>)
Re: Pylint checks not as static as one would think (Jakub Wilk <jwilk@...lk.net>)
CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c (Salvatore Bonaccorso <carnil@...ian.org>)
Vulnerabilities in Apache Archiva (0ang3el 0ang3el <0ang3el@...il.com>)
Re: CVE-2016-5011: util-linux: Extended partition loop in MBR partition table leads to DoS (Cedric Buissart <cbuissar@...hat.com>)
Re: Re: CVE Request: IKEv1 protocol is vulnerable to DoS amplification attack (Paul Wouters <pwouters@...hat.com>)

July 13 (13 messages)

CVE request for the Play Framework (David Black <dblack@...assian.com>)
CVE Requests: Information exposure caused by ecryptfs-setup-swap failures (Tyler Hicks <tyhicks@...onical.com>)
CVE request: Information leak in LibTIFF (Mathias Svensson <idolf@...gle.com>)
CVE requests for Drupal Core - SA-CORE-2016-002 (Pere Orga <pere@...a.cat>)
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd (Gustavo Grieco <gustavo.grieco@...il.com>)
cve request: local DoS by overflowing kernel mount table using shared bind mount (CAI Qian <caiqian@...hat.com>)
Re: CVE requests for Drupal Core - SA-CORE-2016-002 (cve-assign@...re.org)
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (cve-assign@...re.org)
CVE Request: openshift-node is logging private RSA keys to the systemd journal (Michael Scherer <misc@...b.org>)
Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal (cve-assign@...re.org)
CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 (Franco Costantini <franco.costantini.20@...il.com>)
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd (cve-assign@...re.org)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (Greg KH <greg@...ah.com>)

July 14 (7 messages)

CVE Requests: HarfBuzz - Chromium CVE issues (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (CAI Qian <caiqian@...hat.com>)
Re: CVE Requests: Information exposure caused by ecryptfs-setup-swap failures (cve-assign@...re.org)
Re: CVE request: Information leak in LibTIFF (cve-assign@...re.org)
Multiple Bugs in OpenBSD Kernel (Jesse Hertz <Jesse.Hertz@...group.trust>)
Re: Multiple Bugs in OpenBSD Kernel (Jesse Hertz <Jesse.Hertz@...group.trust>)
Re: Multiple Bugs in OpenBSD Kernel (Jesse Hertz <Jesse.Hertz@...group.trust>)

July 15 (6 messages)

Re: CVE Request: libgd: Out-Of-Bounds Read in function read_image_tga of gd_tga.c (Anonymous <ihunan@...il.com>)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (Jessica Frazelle <me@...sfraz.com>)
[SECURITY] CVE-2016-4467: Apache Qpid Proton: Failure to verify that the server host name matches the certificate host name on W… (Justin Ross <jross@...che.org>)
Re: CVE request for the Play Framework (cve-assign@...re.org)
Re: Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (CAI Qian <caiqian@...hat.com>)
Re: cve request: local DoS by overflowing kernel mount table using shared bind mount (Jesse Hertz <Jesse.Hertz@...group.trust>)

July 16 (5 messages)

CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select (Salvatore Bonaccorso <carnil@...ian.org>)
CVE Request for KNewStuff/KArchive issue (David Faure <faure@....org>)
Re: CVE Request for KNewStuff/KArchive issue (cve-assign@...re.org)
Re: CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select (cve-assign@...re.org)
Re: Multiple Bugs in OpenBSD Kernel (Jesse Hertz <Jesse.Hertz@...group.trust>)

July 17 (8 messages)

multiple memory corruption issues in lepton (Marco Grassi <marco.gra@...il.com>)
CVE requests for Drupal contributed modules (Pere Orga <pere@...a.cat>)
Multiple stored Cross-Site Scripting vulnerabilities affecting three WordPress Plugins (Summer of Pwnage <lists@...urify.nl>)
Multiple reflected Cross-Site Scripting vulnerabilities affecting seven WordPress Plugins (Summer of Pwnage <lists@...urify.nl>)
Multiple Local File Inclusion vulnerabilities affecting three WordPress Plugins (Summer of Pwnage <lists@...urify.nl>)
Re: multiple memory corruption issues in lepton (cve-assign@...re.org)
Re: Multiple Bugs in OpenBSD Kernel (cve-assign@...re.org)
Re: CVE Requests: HarfBuzz - Chromium CVE issues (cve-assign@...re.org)

July 18 (16 messages)

Re: CVE request for the Play Framework (David Black <dblack@...assian.com>)
Re: Re: CVE Requests: HarfBuzz - Chromium CVE issues (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
CVE request for webkit js engine javascriptcore (jun3 June <xxjun3@...il.com>)
Re: CVE request for webkit js engine javascriptcore (Solar Designer <solar@...nwall.com>)
A CGI application vulnerability for PHP, Go, Python and others (Richard Rowe <arch.richard@...il.com>)
Re: A CGI application vulnerability for PHP, Go, Python and others (Kurt Seifried <kseifried@...hat.com>)
Re: A CGI application vulnerability for PHP, Go, Python and others (Solar Designer <solar@...nwall.com>)
CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) (Alexander Sulfrian <asulfrian@...AT.FU-Berlin.DE>)
[CVE-2016-1281] NOT FIXED: VeraCrypt*Setup*.exe still vulnerable to DLL hijacking ("Stefan Kanthak" <stefan.kanthak@...go.de>)
Re: CVE-2016-5321: libtiff 4.0.6 DumpModeDecode(): Ddos (akuster <akuster@...sta.com>)
Re: CVE-2016-5323: libtiff 4.0.6 tiffcrop _TIFFFax3fillruns(): divide by zero (akuster <akuster@...sta.com>)
Re: A CGI application vulnerability for PHP, Go, Python and others (Jan Schaumann <jschauma@...meister.org>)
libupnp write files via POST (Hanno Böck <hanno@...eck.de>)
[ANNOUNCE] Django security releases issued: 1.10 release candidate 1, 1.9.8, and 1.8.14 (Tim Graham <timograham@...il.com>)
Re: A CGI application vulnerability for PHP, Go, Python and others (Solar Designer <solar@...nwall.com>)
Re: A CGI application vulnerability for PHP, Go, Python and others (Kurt Seifried <kseifried@...hat.com>)

July 19 (8 messages)

ISC security issue CVE-2016-2775 (potential denial-of-service attack against lwres functionality in BIND) (Michael McNally <mcnally@....org>)
Re: CVE Requests: HarfBuzz - Chromium CVE issues (cve-assign@...re.org)
Ruining the Magic of Magento's Encryption Library (Scott Arciszewski <scott@...agonie.com>)
Re: Ruining the Magic of Magento's Encryption Library (Scott Arciszewski <scott@...agonie.com>)
CVE ID Request: FOG Project Multiple Vulnerabilities (Sysdream Labs <labs@...dream.com>)
subuid security patches for shadow package (Sebastian Krahmer <krahmer@...e.com>)
Re: subuid security patches for shadow package (Sebastian Krahmer <krahmer@...e.com>)
Re: subuid security patches for shadow package (ebiederm@...ssion.com (Eric W. Biederman))

July 20 (7 messages)

Buffer overflow in libarchive-3.2.0 (Christian Wressnegger <c.wressnegger@...bs.de>)
Re: subuid security patches for shadow package (cve-assign@...re.org)
Re: CVE request for the Play Framework (Will Sargent <will.sargent@...htbend.com>)
Multiple vulnerabilities affecting five WordPress Plugins (XSS, CSRF & SQLi) (Summer of Pwnage <lists@...urify.nl>)
Re: libupnp write files via POST (cve-assign@...re.org)
CVE request: multiple issues fixed in GNU libidn 1.33 (Andreas Stieger <andreas.stieger@...e.com>)
Re: [Pkg-shadow-devel] subuid security patches for shadow package (Nicolas François <nicolas.francois@...traliens.net>)

July 21 (9 messages)

CVE-2016-5399: php: out-of-bounds write in bzread() (Hans Jerry Illikainen <hji@...topia.com>)
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution (Lucian Cojocar <lucian@...ocar.com>)
Re: Buffer overflow in libarchive-3.2.0 (Christian Wressnegger <c.wressnegger@...bs.de>)
Re: CVE request: multiple issues fixed in GNU libidn 1.33 (cve-assign@...re.org)
mupdf library use after free (Marco Grassi <marco.gra@...il.com>)
Re: CVE Request: uclibc-ng (and uclibc): ARM arch: code execution (cve-assign@...re.org)
Re: mupdf library use after free (cve-assign@...re.org)
Re: A CGI application vulnerability for PHP, Go, Python and others (Peter Bex <peter@...e-magic.net>)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package (Salvatore Bonaccorso <carnil@...ian.org>)

July 22 (3 messages)

panic at big_key_preparse #4.7-r6/rc7 & master (<zer0mem@...oo.com>)
[CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example (Tim Allison <tallison@...che.org>)
Re: panic at big_key_preparse #4.7-r6/rc7 & master (Greg KH <greg@...ah.com>)

July 23 (3 messages)

Re: A CGI application vulnerability for PHP, Go, Python and others - CHICKEN eggs (cve-assign@...re.org)
XSS vulnerability in ILIAS before version 5.1.3, 5.0.11 and 4.4.14 (Walter <dpankraz1@....de>)
XSS and SQLi in huge IT gallery v1.1.5 for Joomla ("Larry W. Cashdollar" <larry0@...com>)

July 24 (2 messages)

Fwd: CVE for PHP 5.5.38 issues (Lior Kaplan <kaplanlior@...il.com>)
Re: Fwd: CVE for PHP 5.5.38 issues (cve-assign@...re.org)

July 25 (14 messages)

CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Wade Mealing <wmealing@...hat.com>)
Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Wade Mealing <wmealing@...hat.com>)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Greg KH <greg@...ah.com>)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Wade Mealing <wmealing@...hat.com>)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package (Sebastian Krahmer <krahmer@...e.com>)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package (Sebastian Krahmer <krahmer@...e.com>)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package (Bálint Réczey <balint@...intreczey.hu>)
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package (Solar Designer <solar@...nwall.com>)
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS ("Larry W. Cashdollar" <larry0@...com>)
CVE-2016-4451, CVE-2016-4475: Foreman organizations/locations API/UI privilege escalations (Dominic Cleal <dominic@...al.org>)
CVE-2016-4995: Foreman information disclosure through unauthorized template previews (Dominic Cleal <dominic@...al.org>)
CVE-2016-5390: Foreman information disclosure in host interfaces/parameters API (Dominic Cleal <dominic@...al.org>)
Use after free in my_login() function of DBD::mysql (Perl module) (Hanno Böck <hanno@...eck.de>)
CVE request Qemu: scsi: esp: oob write access while reading ESP command (P J P <ppandit@...hat.com>)

July 26 (12 messages)

Xen Security Advisory 182 (CVE-2016-6258) - x86: Privilege escalation in PV guests (Xen.org security team <security@....org>)
Xen Security Advisory 183 (CVE-2016-6259) - x86: Missing SMAP whitelisting in 32-bit exception / event delivery (Xen.org security team <security@....org>)
Reflected XSS & SQLi in HugeIT slideshow v1.0.4 ("Larry W. Cashdollar" <larry0@...com>)
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla ("Larry W. Cashdollar" <larry0@...com>)
cve request: systemd-machined: information exposure for docker containers (CAI Qian <caiqian@...hat.com>)
CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD (Jesse Hertz <jesse.hertz@...group.trust>)
Re: CVE request Qemu: scsi: esp: oob write access while reading ESP command (cve-assign@...re.org)
Re: CVE Request: Any User Can Panic Kernel Through Sysctl on OpenBSD (cve-assign@...re.org)
Re: cve request: systemd-machined: information exposure for docker containers (cve-assign@...re.org)
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 (Gustavo Grieco <gustavo.grieco@...il.com>)
Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 (cve-assign@...re.org)
Re: CVE request: flex: Buffer overflow in generated code (yy_get_next_buffer) (cve-assign@...re.org)

July 27 (16 messages)

Re: Use after free in my_login() function of DBD::mysql (Perl module) (cve-assign@...re.org)
CVE request : a stored XSS in Xcloner for wordpress (limingxing <limingxing@....cn>)
CVE request: Jenkins plugin 'Cucumber Reports' 1.3.0 to 2.5.1 disabled XSS protection mechanism (Daniel Beck <ml@...kweb.net>)
CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS (P J P <ppandit@...hat.com>)
CVE Request: DBD-mysql: use-after-free in mysql_dr_error (Salvatore Bonaccorso <carnil@...ian.org>)
Re: CVE Request: DBD-mysql: use-after-free in mysql_dr_error (cve-assign@...re.org)
Xen Security Advisory 184 (CVE-2016-5403) - virtio: unbounded memory allocation issue (Xen.org security team <security@....org>)
Re: Re: cve request: systemd-machined: information exposure for docker containers (Christian Rebischke <Chris.Rebischke@...hlinux.org>)
Re: Re: cve request: systemd-machined: information exposure for docker containers (Daniel J Walsh <dwalsh@...hat.com>)
Re: Re: cve request: systemd-machined: information exposure for docker containers (Christian Rebischke <Chris.Rebischke@...hlinux.org>)
Re: Re: CVE Request: Write out-of-bounds in gdk-pixbuf 2.30.7 (Gustavo Grieco <gustavo.grieco@...il.com>)
Re: cve request: systemd-machined: information exposure for docker containers (Jesse Hertz <jesse.hertz@...group.trust>)
Re: cve request: systemd-machined: information exposure for docker containers (Jessica Frazelle <me@...sfraz.com>)
Re: Ruining the Magic of Magento's Encryption Library (cve-assign@...re.org)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Luis Henriques <henrix@...andro.org>)
Re: Re: CVE-2016-5400 - linux kernel: denial of service in airspy USB driver. (Greg KH <greg@...ah.com>)

July 28 (16 messages)

CVE Request: redis: World readable .rediscli_history (Salvatore Bonaccorso <carnil@...ian.org>)
CVE-2016-5412 Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode (P J P <ppandit@...hat.com>)
CVE request: Wireshark 2.0.5 and 1.12.13 security releases (Andreas Stieger <astieger@...e.com>)
CVE Request Qemu: virtio: infinite loop in virtqueue_pop (P J P <ppandit@...hat.com>)
Re: cve request: systemd-machined: information exposure for docker containers (Daniel J Walsh <dwalsh@...hat.com>)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) (lazytyped <lazytyped@...il.com>)
Re: cve request: systemd-machined: information exposure for docker containers (Simon McVittie <smcv@...ian.org>)
Re: cve request: systemd-machined: information exposure for docker containers (Daniel J Walsh <dwalsh@...hat.com>)
Re: CVE Request Qemu: virtio: infinite loop in virtqueue_pop (cve-assign@...re.org)
Re: CVE Request: redis: World readable .rediscli_history (cve-assign@...re.org)
SQLi and Reflected XSS in Huge IT catalog extension v1.0.4 for Joomla ("Larry W. Cashdollar" <larry0@...com>)
Reflected XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ("Larry W. Cashdollar" <larry0@...com>)
CVE-Request Buffer overflow ImageMagick (Ibrahim el-sayed <i.elsayed92@...il.com>)
paps: heap overflow when processing crafted file (Agostino Sarubbo <ago@...too.org>)
Re: CVE-Request Buffer overflow ImageMagick (cve-assign@...re.org)
Re: paps: heap overflow when processing crafted file (cve-assign@...re.org)

July 29 (9 messages)

Re: Re: paps: heap overflow when processing crafted file (Agostino Sarubbo <ago@...too.org>)
CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks (Huzaifa Sidhpurwala <huzaifas@...hat.com>)
cve request: docker swarmkit Dos occurs by repeatly joining and quitting swam cluster as a node (张开翔 <zhangkaixiang@....cn>)
CVE request: mongodb: world-readable .dbshell history file (Sébastien Delafond <seb@...ian.org>)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) (Hanno Böck <hanno@...eck.de>)
Re: CVE request: multiple issues fixed in GNU libidn 1.33 (Hanno Böck <hanno@...eck.de>)
Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks (cve-assign@...re.org)
Re: CVE request: mongodb: world-readable .dbshell history file (cve-assign@...re.org)
Re: paps: heap overflow when processing crafted file (cve-assign@...re.org)

July 30 (3 messages)

Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) (lazytyped <lazytyped@...il.com>)
Re: CVE Request: nettle's RSA code is vulnerable to cache sharing related attacks (Hanno Böck <hanno@...eck.de>)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) (Hanno Böck <hanno@...eck.de>)

July 31 (6 messages)

badUSB exploit - affects all Linux distros (פאי פי <phi.reporter@...la.co.il>)
Multiple vulnerabilities affecting four WordPress Plugins & one Theme (Summer of Pwnage <lists@...urify.nl>)
Re: badUSB exploit - affects all Linux distros (Greg KH <greg@...ah.com>)
Re: badUSB exploit - affects all Linux distros (Greg KH <greg@...ah.com>)
Re: Re: Use after free in my_login() function of DBD::mysql (Perl module) ("Joshua J. Drake" <oss-security-dbduaf@...p.org>)
CVE Request: Linux >= 4.5 double fetch leading to heap overflow (Scott Bauer <sbauer@...donthack.me>)

214 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.