Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2024/04/10

• Re: xz backdoor prevention using hosts.deny? (Christoph Anton Mitterer <calestyo@...entia.org>)
• Re: xz backdoor prevention using hosts.deny? (Jacob Bachmeyer <jcb62281@...il.com>)
• Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
• Re: Is CVE-2024-30203 bogus? (Emacs) (Ihor Radchenko <yantar92@...teo.net>)
• Re: Re: Is CVE-2024-30203 bogus? (Emacs) (Salvatore Bonaccorso <carnil@...ian.org>)
• Re: Is CVE-2024-30203 bogus? (Emacs) (Max Nikulin <manikulin@...il.com>)
• CVE-2024-31309: Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack (Bryan Call <bcall@...che.org>)
• CVE-2024-31861: Apache Zeppelin: Code injection by Shell interpreter (Jongyoul Lee <jongyoul@...che.org>)
• Analysis on who is Jia Tan, and who he could work for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Joey Hess <id@...yh.name>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Solar Designer <solar@...nwall.com>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Chris Down <chris@...isdown.name>)
• Fwd: Node.js security update for all active relesae lines, April 9 2024 (Rafael Gonzaga <work@...aelgss.dev>)
• NodeJS Command injection via args parameter of child_process.spawn without shell option enabled on Windows (CVE-2024-27… (Jan Schaumann <jschauma@...meister.org>)
• CERT VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows (Alan Coopersmith <alan.coopersmith@...cle.com>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
• New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
• Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Vegard Nossum <vegard.nossum@...cle.com>)
• Re: CERT VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows (Steffen Nurpmeso <steffen@...oden.eu>)
• Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
• CVE-2024-1086: Linux: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (Solar Designer <solar@...nwall.com>)
• Re: CVE-2024-1086: Linux: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (Jonathan Wright <jonathan@...alinux.org>)

23 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.