Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2019/06

Messages by day:

June 1 (1 message)

• Marvell Wifi Driver mwifiex_uap_parse_tail_ies Heap Overflow ("huangwen" <huangwen@...usgroup.com.cn>)

• kernel: CVE-2018-16871 nfs: NULL pointer dereference due to an anomalized NFS message sequence (Wade Mealing <wmealing@...hat.com>)
• Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358) (Carlton Gibson <carlton.gibson@...il.com>)
• Crash / fix in bzip2 (Federico Mena Quintero <federico@...me.org>)

• CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...littermann.de>)
• Re: Using quilt on untrusted RPM spec files ("Vladimir D. Seleznev" <vseleznv@...linux.org>)
• Re: Crash / fix in bzip2 (Thomas Deutschmann <whissi@...too.org>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Simon McVittie <smcv@...ian.org>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...littermann.de>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...littermann.de>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Solar Designer <solar@...nwall.com>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...littermann.de>)
• Re: Marvell Wifi Driver mwifiex_uap_parse_tail_ies Heap Overflow (Solar Designer <solar@...nwall.com>)

• pam-u2f: CVE-2019-12210: debug_file file descriptor leak, CVE-2019-12209: symlink attack on u2f_keys leading to possible … (Matthias Gerstner <mgerstner@...e.de>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Heiko Schlittermann <hs@...marc.schlittermann.de>)
• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Qualys Security Advisory <qsa@...lys.com>)

• Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit (Qualys Security Advisory <qsa@...lys.com>)

• Re: [ANNOUNCE] Security regression in Kubernetes kubelet v1.13.6 and v1.14.2 only - CVE-2019-11245 (Tim Pepper <tpepper@...are.com>)

• Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass (Simon McVittie <smcv@...ian.org>)

• X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• X41 D-Sec GmbH Security Advisory X41-2019-002: Heap-based buffer overflow in Thunderbird (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• X41 D-Sec GmbH Security Advisory X41-2019-003: Stack-based buffer overflow in Thunderbird (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)
• X41 D-Sec GmbH Security Advisory X41-2019-004: Type confusion in Thunderbird (X41 D-Sec GmbH Advisories <advisories@...-dsec.de>)

• Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird (Brandon Perry <bperry.volatile@...il.com>)
• Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird (zugtprgfwprz@...rnkuller.de)
• Re: X41 D-Sec GmbH Security Advisory X41-2019-001: Heap-based buffer overflow in Thunderbird ("Stuart D. Gathman" <stuart@...hman.org>)

• Apache::Session's use of md5 and more (Raphael Geissert <geissert@...ian.org>)
• Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alex Gaynor <alex.gaynor@...il.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Greg KH <greg@...ah.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Apache::Session's use of md5 and more (Solar Designer <solar@...nwall.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Hanno Böck <hanno@...eck.de>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alex Gaynor <alex.gaynor@...il.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• GraphicsMagick 1.3.32 security fixes, plus one of special mention (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alan Coopersmith <alan.coopersmith@...cle.com>)

• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Solar Designer <solar@...nwall.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Solar Designer <solar@...nwall.com>)

• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Robert Watson <robertcwatson1@...il.com>)
• Re: Apache::Session's use of md5 and more (Raphael Geissert <geissert@...ian.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alexander Potapenko <glider@...gle.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Marcus Meissner <meissner@...e.de>)
• Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (Security Report <security-report@...smail.netflix.com>)
• Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (Greg KH <greg@...ah.com>)
• Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (Loganaden Velvindron <loganaden@...il.com>)

• Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (Nicholas Luedtke <nicholas.luedtke@...lumni.com>)
• [CVE-2019-10085] Apache Allura XSS vulnerability (Dave Brondsema <dave@...ndsema.net>)

• ISC disclosed BIND vulnerability CVE-2019-6471. (Michael McNally <mcnally@....org>)
• [CVE-2017-15694] Apache Geode metadata modification vulnerability (Anthony Baker <abaker@...che.org>)
• Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues (Tyler Hicks <tyhicks@...onical.com>)

• [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246 (Joel Smith <joelsmith@...hat.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Yves-Alexis Perez <corsac@...ian.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Simon McVittie <smcv@...ian.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Greg KH <greg@...ah.com>)
• PowerDNS Security Advisories 2019-04 and 2019-05 (Erik Winkels <erik.winkels@...n-xchange.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Ian Zimmerman <itz@...y.loosely.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Yves-Alexis Perez <corsac@...ian.org>)
• Re: Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Simon McVittie <smcv@...ian.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Moritz Muehlenhoff <jmm@...til.org>)

• curl: Windows OpenSSL engine code injection (Daniel Stenberg <daniel@...x.se>)
• Re: curl: Windows OpenSSL engine code injection (Jakub Wilk <jwilk@...lk.net>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Jakub Wilk <jwilk@...lk.net>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Dmitry Vyukov <dvyukov@...gle.com>)
• CVE-2019-12817: Linux kernel: powerpc: Unrelated processes may be able to read/write to each other's virtual memory (Michael Ellerman <mpe@...erman.id.au>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz ("Stuart D. Gathman" <stuart@...hman.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alexander Potapenko <glider@...gle.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz ("David A. Wheeler" <dwheeler@...eeler.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (John Haxby <john.haxby@...cle.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Simon McVittie <smcv@...ian.org>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alex Gaynor <alex.gaynor@...il.com>)

• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Seth Arnold <seth.arnold@...onical.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Matthew Fernandez <matthew.fernandez@...il.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alex Gaynor <alex.gaynor@...il.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Alexander Potapenko <glider@...gle.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Matthew Fernandez <matthew.fernandez@...il.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Jeff Law <law@...hat.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Florian Weimer <fweimer@...hat.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Jeff Law <law@...hat.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Pascal Cuoq <cuoq@...st-in-soft.com>)
• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Jeffrey Walton <noloader@...il.com>)

• Re: Thousands of vulnerabilities, almost no CVEs: OSS-Fuzz (Martin Carpenter <martin.carpenter@...il.com>)
• linux-distros membership application - Microsoft (Sasha Levin <sashal@...nel.org>)

• Re: linux-distros membership application - Microsoft (Greg KH <gregkh@...uxfoundation.org>)
• Re: linux-distros membership application - Microsoft (Solar Designer <solar@...nwall.com>)
• Re: linux-distros membership application - Microsoft (Greg KH <greg@...ah.com>)
• Re: linux-distros membership application - Microsoft (Tyler Hicks <tyhicks@...onical.com>)
• Re: linux-distros membership application - Microsoft (Anthony Liguori <anthony@...emonkey.ws>)
• Re: linux-distros membership application - Microsoft (Greg KH <greg@...ah.com>)
• Re: linux-distros membership application - Microsoft (Sasha Levin <sashal@...nel.org>)
• Re: linux-distros membership application - Microsoft (Tyler Hicks <tyhicks@...onical.com>)
• Re: linux-distros membership application - Microsoft (John Haxby <john.haxby@...cle.com>)

• Re: linux-distros membership application - Microsoft (Solar Designer <solar@...nwall.com>)
• Re: linux-distros membership application - Microsoft (Sasha Levin <sashal@...nel.org>)

• Irssi 1.2.1/1.1.3/1.0.8: CVE-2019-13045 (Ailin Nemui <ailin.nemui@...il.com>)

103 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.