<!-- SecLists-Message-Count: 815 --> <!-- MHonArc v2.6.19 --> <!DOCTYPE html> <html lang="en"> <head> <script async src="/site.js"></script> <link rel="alternate" type="application/rss+xml" title="RSS" href="https://seclists.org/rss/oss-sec.rss"> <meta property="og:image" content="https://seclists.org/images/oss-sec-img.png" /> <link rel="image_src" href="https://seclists.org/images/oss-sec-img.png" /> <title>oss-sec: by thread</title> <link rel="canonical" href="/oss-sec/2012/q1/"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="theme-color" content="#2A0D45"> <link rel="preload" as="image" href="/images/sitelogo.png" imagesizes="168px" imagesrcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x"> <link rel="preload" as="image" href="/shared/images/nst-icons.svg"> <link rel="stylesheet" href="/shared/css/nst.css?v=2"> <script async src="/shared/js/nst.js?v=2"></script> <link rel="stylesheet" href="/shared/css/nst-foot.css?v=2" media="print" onload="this.media='all'"> <link rel="stylesheet" href="/site.css"> <!--Google Analytics Code--> <link rel="preload" href="https://www.google-analytics.com/analytics.js" as="script"> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-11009417-1', 'auto'); ga('send', 'pageview'); </script> <!--END Google Analytics Code--> <META NAME="ROBOTS" CONTENT="NOARCHIVE"> <link rel="shortcut icon" href="/shared/images/tiny-eyeicon.png" type="image/png"> </head> <body><div id="nst-wrapper"> <div id="menu"> <div class="blur"> <header id="nst-head"> <a id="menu-open" href="#menu" aria-label="Open menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#menu"> </a> <a id="menu-close" href="#" aria-label="Close menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#close"> </a> <a id="nst-logo" href="/" aria-label="Home page"> <img alt="Home page logo" srcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x" src="/images/sitelogo.png" onerror="this.onerror=null;this.srcset=this.src" height=90 width=168></a> <nav id="nst-gnav"> <a class="nlink" href="https://nmap.org/">Nmap.org</a> <a class="nlink" href="https://npcap.com/">Npcap.com</a> <a class="nlink" href="https://seclists.org/">Seclists.org</a> <a class="nlink" href="https://sectools.org">Sectools.org</a> <a class="nlink" href="https://insecure.org/">Insecure.org</a> </nav> <form class="nst-search" id="nst-head-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> </header> </div> </div> <main id="nst-content"> <a href="/oss-sec/"><img src="/images/oss-sec-logo.png" width="80" class="l-logo right" alt="oss-sec logo"></a> <h2 class="l-title"><a href="http://seclists.org/oss-sec/">oss-sec</a>: by thread</h2> <ul class="inline"><li class="first"><a href="/rss/oss-sec.rss"><img src="/images/feed-icon-16x16.png" width=16 height=16 alt="RSS icon">RSS Feed</a> <li><a href="http://oss-security.openwall.org/wiki/mailing-lists/oss-security"><img src="/images/about-icon-16x16.png" width=16 height=16 alt="About icon">About List</a> <li><a href="/"><img src="/images/up-icon-16x16.png" width=16 height=16 alt="Up icon">All Lists</a> </ul> <div class="nav-prev"><a href="/cgi-bin/nav.cgi?from=oss-sec%2F2012%2Fq1&goto=prev&view=thread"><img src="/images/left-icon-16x16.png" width=16 height=16 alt="Previous">Previous period</a></div> <div class="nav-next"><a href="/cgi-bin/nav.cgi?from=oss-sec%2F2012%2Fq1&goto=next&view=thread">Next period<img src="/images/right-icon-16x16.png" width=16 height=16 alt="Next"></a></div> <form class="nst-search center" action="/search/oss-sec"> <input class="nst-search-q" name="q" type="search" placeholder="List Archive Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <p> 815 messages <a href="#begin">starting</a> Jan 01 12 and <a href="#end">ending</a> Mar 31 12 <br> <a href="date.html">Date index</a> | Thread index | <a href="author.html">Author index</a> </p> <hr id="begin"> <ul class="thread"> <li><a name="0" href="0">Re: CVE-request: Elxis CMS two XSS-vulnerabilities</a> <em>Henri Salo (Jan 01)</em></li> <li><a name="1" href="1">speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Nico Golde (Jan 01)</em> <ul> <li><a name="3" href="3">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Solar Designer (Jan 01)</em> <ul> <li><a name="10" href="10">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Mike O&apos;Connor (Jan 01)</em> <ul> <li><a name="11" href="11">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Solar Designer (Jan 01)</em> </li> <li><a name="12" href="12">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Kurt Seifried (Jan 01)</em> </li> <li><a name="13" href="13">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Eitan Adler (Jan 01)</em> </li> <li><a name="18" href="18">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Kurt Seifried (Jan 02)</em> </li> <li><a name="19" href="19">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Nico Golde (Jan 02)</em> </li> <li><a name="20" href="20">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Solar Designer (Jan 02)</em> </li> <li><a name="38" href="38">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Nico Golde (Jan 03)</em> </li> <li><a name="29" href="29">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Solar Designer (Jan 03)</em> </li> <li><a name="33" href="33">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Kurt Seifried (Jan 03)</em> </li> <li><a name="129" href="129">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Solar Designer (Jan 11)</em> </li> <li><a name="62" href="62">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>David Hicks (Jan 05)</em> </li> <li><a name="63" href="63">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>The Fungi (Jan 05)</em> </li> <li><a name="69" href="69">Re: speaking of DoS, openssh and dropbear (CVE-2006-1206)</a> <em>Kurt Seifried (Jan 05)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="2" href="2">Re: mpack 1.6 allows eavesdropping on mails sent by other users</a> <em>Sebastian Pipping (Jan 01)</em> <ul> <li>&lt;Possible follow-ups&gt;</li> <li><a name="198" href="198">Re: mpack 1.6 allows eavesdropping on mails sent by other users</a> <em>Sebastian Pipping (Jan 18)</em> </li> </ul> </li> <li><a name="4" href="4">OpenSSL and *BSD *_Final context struct zeroization (was: weird crypt-sha* in DragonFly BSD)</a> <em>Solar Designer (Jan 01)</em></li> <li><a name="5" href="5">Re: OpenBSD bcrypt error return</a> <em>Solar Designer (Jan 01)</em></li> <li><a name="6" href="6">Re: *BSD&apos;s DES-based crypt(3) treats all invalid salt chars as &apos;.&apos;</a> <em>Solar Designer (Jan 01)</em> <ul> <li>&lt;Possible follow-ups&gt;</li> <li><a name="7" href="7">Re: *BSD&apos;s DES-based crypt(3) treats all invalid salt chars as &apos;.&apos;</a> <em>Solar Designer (Jan 01)</em> </li> </ul> </li> <li><a name="8" href="8">OpenBSD bcrypt 8-bit key_len wraparound</a> <em>Solar Designer (Jan 01)</em></li> <li><a name="9" href="9">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 01)</em> <ul> <li>&lt;Possible follow-ups&gt;</li> <li><a name="161" href="161">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 16)</em> <ul> <li><a name="204" href="204">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 19)</em> <ul> <li><a name="231" href="231">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 20)</em> </li> <li><a name="240" href="240">Re: weird crypt-sha* in DragonFly BSD</a> <em>Samuel J. Greear (Jan 20)</em> </li> <li><a name="242" href="242">Re: weird crypt-sha* in DragonFly BSD</a> <em>Samuel J. Greear (Jan 20)</em> </li> <li><a name="243" href="243">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 20)</em> </li> <li><a name="252" href="252">Re: weird crypt-sha* in DragonFly BSD</a> <em>Solar Designer (Jan 21)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="14" href="14">Re: Disputing CVE-2011-4122</a> <em>Oswald Buddenhagen (Jan 02)</em> <ul> <li><a name="15" href="15">Re: Disputing CVE-2011-4122</a> <em>Solar Designer (Jan 02)</em> </li> </ul> </li> <li><a name="16" href="16">Two CVE requests</a> <em>Moritz Muehlenhoff (Jan 02)</em> <ul> <li><a name="31" href="31">Re: Two CVE requests</a> <em>Kurt Seifried (Jan 03)</em> </li> </ul> </li> <li><a name="17" href="17">CVE request: libfpx &quot;Free_All_Memory()&quot; Double-Free Vulnerability</a> <em>Agostino Sarubbo (Jan 02)</em> <ul> <li><a name="35" href="35">Re: CVE request: libfpx &quot;Free_All_Memory()&quot; Double-Free Vulnerability</a> <em>Kurt Seifried (Jan 03)</em> </li> </ul> </li> <li><a name="21" href="21">CVE-request: PHP Booking Calendar 10e XSS</a> <em>Henri Salo (Jan 03)</em> <ul> <li><a name="22" href="22">Re: CVE-request: PHP Booking Calendar 10e XSS</a> <em>Steven M. Christey (Jan 03)</em> <ul> <li><a name="24" href="24">Re: CVE-request: PHP Booking Calendar 10e XSS</a> <em>Henri Salo (Jan 03)</em> </li> </ul> </li> </ul> </li> <li><a name="23" href="23">Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)</a> <em>Netsparker Advisories (Jan 03)</em></li> <li><a name="25" href="25">CVE request: maradns hash table collision cpu dos</a> <em>Vincent Danen (Jan 03)</em> <ul> <li><a name="26" href="26">Re: CVE request: maradns hash table collision cpu dos</a> <em>Henri Salo (Jan 03)</em> <ul> <li><a name="27" href="27">Re: CVE request: maradns hash table collision cpu dos</a> <em>Vincent Danen (Jan 03)</em> <ul> <li><a name="32" href="32">Re: CVE request: maradns hash table collision cpu dos</a> <em>Kurt Seifried (Jan 03)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="28" href="28">Re: CVE Request: Security issue in backuppc</a> <em>Moritz M眉hlenhoff (Jan 03)</em> <ul> <li><a name="34" href="34">Re: CVE Request: Security issue in backuppc</a> <em>Kurt Seifried (Jan 03)</em> <ul> <li><a name="48" href="48">Re: CVE Request: Security issue in backuppc</a> <em>Moritz Muehlenhoff (Jan 04)</em> <ul> <li><a name="49" href="49">Re: CVE Request: Security issue in backuppc</a> <em>Steven M. Christey (Jan 04)</em> </li> <li><a name="51" href="51">Re: CVE Request: Security issue in backuppc</a> <em>Kurt Seifried (Jan 04)</em> </li> </ul> </li> <li><a name="54" href="54">Re: CVE Request: Security issue in backuppc</a> <em>Kurt Seifried (Jan 04)</em> </li> </ul> </li> </ul> </li> <li><a name="30" href="30">Closed list unsubscribe</a> <em>Josh Bressers (Jan 03)</em></li> <li><a name="36" href="36">CVE-request: WordPress SQL injection and arbitrary code injection (2003)</a> <em>Henri Salo (Jan 03)</em> <ul> <li><a name="55" href="55">Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)</a> <em>Kurt Seifried (Jan 04)</em> <ul> <li><a name="76" href="76">Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)</a> <em>Henri Salo (Jan 06)</em> <ul> <li><a name="77" href="77">Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)</a> <em>Kurt Seifried (Jan 06)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="37" href="37">CVE-request: Multiple e107 vulnerabilities</a> <em>Henri Salo (Jan 03)</em> <ul> <li><a name="42" href="42">Re: CVE-request: Multiple e107 vulnerabilities</a> <em>Kurt Seifried (Jan 03)</em> </li> </ul> </li> <li><a name="39" href="39">CVE request: XSS in wordpress 3.3</a> <em>Hanno B枚ck (Jan 03)</em> <ul> <li><a name="40" href="40">Re: CVE request: XSS in wordpress 3.3</a> <em>Kurt Seifried (Jan 03)</em> <ul> <li><a name="41" href="41">Re: CVE request: XSS in wordpress 3.3</a> <em>cve-assign (Jan 03)</em> </li> </ul> </li> </ul> </li> <li><a name="43" href="43">CVE-2011-4858 confusion</a> <em>Sebastian Krahmer (Jan 04)</em> <ul> <li><a name="45" href="45">Re: CVE-2011-4858 confusion</a> <em>cve-assign (Jan 04)</em> <ul> <li><a name="50" href="50">Re: Re: CVE-2011-4858 confusion</a> <em>Vincent Danen (Jan 04)</em> <ul> <li><a name="60" href="60">Re: Re: CVE-2011-4858 confusion</a> <em>Mark Thomas (Jan 05)</em> </li> </ul> </li> </ul> </li> <li><a name="78" href="78">Re: CVE-2011-4858 confusion</a> <em>cve-assign (Jan 06)</em> </li> </ul> </li> <li><a name="44" href="44">CVE request: ghostscript: system initialization file uncontrolled search path element</a> <em>Ramon de C Valle (Jan 04)</em> <ul> <li><a name="46" href="46">Re: CVE request: ghostscript: system initialization file uncontrolled search path element</a> <em>Kurt Seifried (Jan 04)</em> </li> </ul> </li> <li><a name="47" href="47">CVE request: Pidgin</a> <em>Moritz Muehlenhoff (Jan 04)</em> <ul> <li><a name="52" href="52">Re: CVE request: Pidgin</a> <em>Kurt Seifried (Jan 04)</em> <ul> <li><a name="53" href="53">Re: CVE request: Pidgin</a> <em>Steven M. Christey (Jan 04)</em> </li> </ul> </li> </ul> </li> <li><a name="56" href="56">CVE Request -- kernel: futex: clear robust_list on execve</a> <em>Petr Matousek (Jan 04)</em> <ul> <li><a name="57" href="57">Re: CVE Request -- kernel: futex: clear robust_list on execve</a> <em>Kurt Seifried (Jan 04)</em> </li> <li><a name="58" href="58">Re: CVE Request -- kernel: futex: clear robust_list on execve</a> <em>Greg KH (Jan 04)</em> <ul> <li><a name="66" href="66">Re: CVE Request -- kernel: futex: clear robust_list on execve</a> <em>Petr Matousek (Jan 05)</em> </li> </ul> </li> <li><a name="64" href="64">Re: CVE Request -- kernel: futex: clear robust_list on execve</a> <em>akuster (Jan 05)</em> <ul> <li><a name="65" href="65">Re: CVE Request -- kernel: futex: clear robust_list on execve</a> <em>Petr Matousek (Jan 05)</em> </li> </ul> </li> </ul> </li> <li><a name="59" href="59">CVE request: TORQUE Munge Authentication Security Bypass</a> <em>Agostino Sarubbo (Jan 05)</em> <ul> <li><a name="67" href="67">Re: CVE request: TORQUE Munge Authentication Security Bypass</a> <em>Kurt Seifried (Jan 05)</em> </li> </ul> </li> <li><a name="61" href="61">CVE-request: WordPress plugin Adminimize XSS</a> <em>Henri Salo (Jan 05)</em> <ul> <li><a name="68" href="68">Re: CVE-request: WordPress plugin Adminimize XSS</a> <em>Kurt Seifried (Jan 05)</em> </li> </ul> </li> <li><a name="70" href="70">CVE Requests for FFmpeg 0.9.1</a> <em>Michael Niedermayer (Jan 05)</em> <ul> <li><a name="71" href="71">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Kurt Seifried (Jan 05)</em> <ul> <li><a name="73" href="73">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Michael Niedermayer (Jan 05)</em> <ul> <li><a name="75" href="75">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Kurt Seifried (Jan 05)</em> </li> <li><a name="431" href="431">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Kurt Seifried (Feb 14)</em> </li> </ul> </li> </ul> </li> <li><a name="72" href="72">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Steven M. Christey (Jan 05)</em> <ul> <li><a name="74" href="74">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Michael Niedermayer (Jan 05)</em> </li> <li><a name="342" href="342">Re: CVE Requests for FFmpeg 0.9.1</a> <em>Kurt Seifried (Feb 01)</em> </li> </ul> </li> </ul> </li> <li><a name="79" href="79">CVE request: redmine issues</a> <em>Moritz Muehlenhoff (Jan 06)</em> <ul> <li><a name="81" href="81">Re: CVE request: redmine issues</a> <em>Kurt Seifried (Jan 06)</em> </li> </ul> </li> <li><a name="80" href="80">Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution</a> <em>Hanno B枚ck (Jan 06)</em></li> <li><a name="82" href="82">CVE Request for spamdyke &quot;STARTTLS&quot; Plaintext Injection Vulnerability</a> <em>Michael Harrison (Jan 06)</em> <ul> <li><a name="83" href="83">Re: CVE Request for spamdyke &quot;STARTTLS&quot; Plaintext Injection Vulnerability</a> <em>Kurt Seifried (Jan 06)</em> </li> </ul> </li> <li><a name="84" href="84">CVE request for OpenTTD</a> <em>Rubidium (Jan 07)</em> <ul> <li><a name="104" href="104">Re: CVE request for OpenTTD</a> <em>Kurt Seifried (Jan 09)</em> <ul> <li><a name="142" href="142">Re: CVE request for OpenTTD</a> <em>Kurt Seifried (Jan 13)</em> <ul> <li><a name="143" href="143">Re: CVE request for OpenTTD - use CVE-2012-0049!</a> <em>Kurt Seifried (Jan 13)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="85" href="85">Malicious devices &amp; vulnerabilties</a> <em>Xi Wang (Jan 07)</em> <ul> <li><a name="86" href="86">Re: Malicious devices &amp; vulnerabilties</a> <em>Florian Weimer (Jan 08)</em> <ul> <li><a name="91" href="91">Re: Malicious devices &amp; vulnerabilties</a> <em>Eugene Teo (Jan 08)</em> <ul> <li><a name="97" href="97">Re: Malicious devices &amp; vulnerabilties</a> <em>Alistair Crooks (Jan 08)</em> </li> <li><a name="103" href="103">Re: Malicious devices &amp; vulnerabilties</a> <em>Ludwig Nussel (Jan 09)</em> </li> <li><a name="107" href="107">Re: Malicious devices &amp; vulnerabilties</a> <em>Alistair Crooks (Jan 09)</em> </li> </ul> </li> <li><a name="92" href="92">Re: Malicious devices &amp; vulnerabilties</a> <em>Xi Wang (Jan 08)</em> <ul> <li><a name="93" href="93">Re: Malicious devices &amp; vulnerabilties</a> <em>Eitan Adler (Jan 08)</em> </li> <li><a name="96" href="96">Re: Malicious devices &amp; vulnerabilties</a> <em>Xi Wang (Jan 08)</em> </li> <li><a name="102" href="102">Re: Malicious devices &amp; vulnerabilties</a> <em>Vasiliy Kulikov (Jan 09)</em> </li> <li><a name="99" href="99">Re: Malicious devices &amp; vulnerabilties</a> <em>Kurt Seifried (Jan 08)</em> </li> <li><a name="105" href="105">Re: Malicious devices &amp; vulnerabilties</a> <em>Florian Weimer (Jan 09)</em> </li> <li><a name="106" href="106">Re: Malicious devices &amp; vulnerabilties</a> <em>Kurt Seifried (Jan 09)</em> </li> </ul> </li> </ul> </li> <li><a name="89" href="89">Re: Malicious devices &amp; vulnerabilties</a> <em>Greg KH (Jan 08)</em> <ul> <li><a name="94" href="94">Re: Malicious devices &amp; vulnerabilties</a> <em>Xi Wang (Jan 08)</em> </li> <li><a name="95" href="95">Re: Malicious devices &amp; vulnerabilties</a> <em>Hanno B枚ck (Jan 08)</em> <ul> <li><a name="98" href="98">Re: Malicious devices &amp; vulnerabilties</a> <em>Eugene Teo (Jan 08)</em> </li> </ul> </li> </ul> </li> <li><a name="90" href="90">Re: Malicious devices &amp; vulnerabilties</a> <em>Eitan Adler (Jan 08)</em> </li> </ul> </li> <li><a name="87" href="87">CVE request: znc</a> <em>Moritz Muehlenhoff (Jan 08)</em> <ul> <li><a name="100" href="100">Re: CVE request: znc</a> <em>Henri Salo (Jan 09)</em> <ul> <li><a name="101" href="101">Re: CVE request: znc</a> <em>Henri Salo (Jan 09)</em> <ul> <li><a name="108" href="108">Re: CVE request: znc</a> <em>Kurt Seifried (Jan 09)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="88" href="88">New Intrusion Detection Evaluation Dataset</a> <em>Hadi Shiravi (Jan 08)</em></li> <li><a name="109" href="109">CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability</a> <em>Kurt Seifried (Jan 09)</em> <ul> <li><a name="110" href="110">Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability</a> <em>Chong Yidong (Jan 09)</em> <ul> <li><a name="111" href="111">Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability</a> <em>Kurt Seifried (Jan 09)</em> </li> <li><a name="124" href="124">Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability</a> <em>David Engster (Jan 11)</em> </li> </ul> </li> </ul> </li> <li><a name="112" href="112">CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries</a> <em>Eugene Teo (Jan 09)</em> <ul> <li><a name="113" href="113">Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries</a> <em>Kurt Seifried (Jan 10)</em> <ul> <li><a name="114" href="114">Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries</a> <em>Moritz Muehlenhoff (Jan 10)</em> <ul> <li><a name="115" href="115">Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries</a> <em>Kurt Seifried (Jan 10)</em> </li> </ul> </li> </ul> </li> <li><a name="181" href="181">Re: CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries</a> <em>Eugene Teo (Jan 17)</em> </li> </ul> </li> <li><a name="116" href="116">CVE request: kernel: xfs heap overflow</a> <em>Xi Wang (Jan 10)</em> <ul> <li><a name="117" href="117">Re: CVE request: kernel: xfs heap overflow</a> <em>Kurt Seifried (Jan 10)</em> <ul> <li><a name="118" href="118">Re: CVE request: kernel: xfs heap overflow</a> <em>Kurt Seifried (Jan 10)</em> </li> </ul> </li> </ul> </li> <li><a name="119" href="119">glib2 hash dos oCert-2011-003</a> <em>Kurt Seifried (Jan 10)</em></li> <li><a name="120" href="120">CVE request: simpleSAMLphp 1.8.2 cross site scripting</a> <em>Thijs Kinkhorst (Jan 11)</em> <ul> <li><a name="125" href="125">Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting</a> <em>Kurt Seifried (Jan 11)</em> <ul> <li><a name="237" href="237">Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting</a> <em>Steven M. Christey (Jan 20)</em> </li> </ul> </li> </ul> </li> <li><a name="121" href="121">CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()</a> <em>Eugene Teo (Jan 11)</em> <ul> <li><a name="127" href="127">Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()</a> <em>Kurt Seifried (Jan 11)</em> </li> </ul> </li> <li><a name="122" href="122">CVE request: Wireshark multiple vulnerabilities</a> <em>Agostino Sarubbo (Jan 11)</em> <ul> <li><a name="126" href="126">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Kurt Seifried (Jan 11)</em> <ul> <li><a name="130" href="130">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Steven M. Christey (Jan 11)</em> <ul> <li><a name="131" href="131">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Kurt Seifried (Jan 11)</em> </li> <li><a name="133" href="133">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Steven M. Christey (Jan 12)</em> </li> </ul> </li> <li><a name="136" href="136">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Huzaifa Sidhpurwala (Jan 12)</em> <ul> <li><a name="159" href="159">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Kurt Seifried (Jan 15)</em> </li> <li><a name="162" href="162">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Huzaifa Sidhpurwala (Jan 16)</em> </li> <li><a name="185" href="185">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Kurt Seifried (Jan 17)</em> </li> <li><a name="219" href="219">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Huzaifa Sidhpurwala (Jan 19)</em> </li> <li><a name="221" href="221">Re: CVE request: Wireshark multiple vulnerabilities</a> <em>Kurt Seifried (Jan 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="123" href="123">CVE request -- kernel: kvm: syscall instruction induced guest panic</a> <em>Petr Matousek (Jan 11)</em> <ul> <li><a name="128" href="128">Re: CVE request -- kernel: kvm: syscall instruction induced guest panic</a> <em>Kurt Seifried (Jan 11)</em> </li> </ul> </li> <li><a name="132" href="132">CVE request: Mediawiki</a> <em>Moritz Muehlenhoff (Jan 12)</em> <ul> <li><a name="134" href="134">Re: CVE request: Mediawiki</a> <em>Kurt Seifried (Jan 12)</em> </li> </ul> </li> <li><a name="135" href="135">details about Tahoe-LAFS security problem #1654</a> <em>Zooko Wilcox-O&apos;Hearn (Jan 12)</em> <ul> <li><a name="158" href="158">Re: details about Tahoe-LAFS security problem #1654</a> <em>Kurt Seifried (Jan 15)</em> </li> </ul> </li> <li><a name="137" href="137">Secunia looking for Linux Vulnerability Specialist</a> <em>Henri Salo (Jan 13)</em></li> <li><a name="138" href="138">CVE affected for PHP 5.3.9 ?</a> <em>Nicolas Gr茅goire (Jan 13)</em> <ul> <li><a name="139" href="139">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 13)</em> <ul> <li><a name="140" href="140">Re: CVE affected for PHP 5.3.9 ?</a> <em>Nicolas Gr茅goire (Jan 13)</em> <ul> <li><a name="141" href="141">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 13)</em> </li> <li><a name="144" href="144">Re: CVE affected for PHP 5.3.9 ?</a> <em>Nicolas Gr茅goire (Jan 13)</em> </li> <li><a name="145" href="145">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 13)</em> </li> <li><a name="146" href="146">Re: CVE affected for PHP 5.3.9 ?</a> <em>Ignacio Espinosa (Jan 14)</em> </li> <li><a name="147" href="147">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 14)</em> </li> <li><a name="148" href="148">Re: CVE affected for PHP 5.3.9 ?</a> <em>Nicolas Gr茅goire (Jan 14)</em> </li> <li><a name="149" href="149">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 14)</em> </li> <li><a name="157" href="157">Re: CVE affected for PHP 5.3.9 ?</a> <em>Nicolas Gr茅goire (Jan 15)</em> </li> <li><a name="180" href="180">Re: CVE affected for PHP 5.3.9 ?</a> <em>Kurt Seifried (Jan 17)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="150" href="150">CVE-request: WordPress 3.1.1</a> <em>Henri Salo (Jan 15)</em> <ul> <li><a name="151" href="151">Re: CVE-request: WordPress 3.1.1</a> <em>Hanno B枚ck (Jan 15)</em> <ul> <li><a name="153" href="153">Re: CVE-request: WordPress 3.1.1</a> <em>Henri Salo (Jan 15)</em> <ul> <li><a name="190" href="190">Re: CVE-request: WordPress 3.1.1</a> <em>Kurt Seifried (Jan 18)</em> </li> <li><a name="203" href="203">Re: CVE-request: WordPress 3.1.1</a> <em>Yves-Alexis Perez (Jan 19)</em> </li> </ul> </li> </ul> </li> <li><a name="152" href="152">Re: CVE-request: WordPress 3.1.1</a> <em>Yves-Alexis Perez (Jan 15)</em> </li> </ul> </li> <li><a name="154" href="154">CVE Request for spamdyke &quot;STARTTLS&quot; Plaintext</a> <em>Agostino Sarubbo (Jan 15)</em> <ul> <li><a name="224" href="224">Re: CVE Request for spamdyke &quot;STARTTLS&quot; Plaintext</a> <em>Kurt Seifried (Jan 19)</em> </li> </ul> </li> <li><a name="155" href="155">ANNOUNCING Tahoe, the Least-Authority File System, v1.9.1</a> <em>Zooko Wilcox-O&apos;Hearn (Jan 15)</em></li> <li><a name="156" href="156">CVE-request: NGS00109 remote code execution in ImpressPages CMS</a> <em>Henri Salo (Jan 15)</em> <ul> <li><a name="189" href="189">Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS</a> <em>Kurt Seifried (Jan 18)</em> </li> </ul> </li> <li><a name="160" href="160">CVE request: Jenkins</a> <em>Moritz Muehlenhoff (Jan 16)</em> <ul> <li><a name="225" href="225">Re: CVE request: Jenkins</a> <em>Kurt Seifried (Jan 19)</em> </li> </ul> </li> <li><a name="163" href="163">gpw password generator giving short password at low rate</a> <em>Yves-Alexis Perez (Jan 17)</em> <ul> <li><a name="164" href="164">Re: gpw password generator giving short password at low rate</a> <em>Henri Salo (Jan 17)</em> <ul> <li><a name="165" href="165">Re: gpw password generator giving short password at low rate</a> <em>Yves-Alexis Perez (Jan 17)</em> <ul> <li><a name="174" href="174">Re: gpw password generator giving short password at low rate</a> <em>Kurt Seifried (Jan 17)</em> </li> </ul> </li> </ul> </li> <li><a name="177" href="177">Re: gpw password generator giving short password at low rate</a> <em>Steven M. Christey (Jan 17)</em> </li> </ul> </li> <li><a name="166" href="166">pwgen: non-uniform distribution of passwords</a> <em>Solar Designer (Jan 17)</em> <ul> <li><a name="169" href="169">Re: pwgen: non-uniform distribution of passwords</a> <em>Solar Designer (Jan 17)</em> <ul> <li><a name="170" href="170">Re: Re: pwgen: non-uniform distribution of passwords</a> <em>Henri Salo (Jan 17)</em> <ul> <li><a name="173" href="173">Re: Re: pwgen: non-uniform distribution of passwords</a> <em>Kurt Seifried (Jan 17)</em> </li> <li><a name="175" href="175">Re: pwgen: non-uniform distribution of passwords</a> <em>Solar Designer (Jan 17)</em> </li> <li><a name="176" href="176">Re: Re: pwgen: non-uniform distribution of passwords</a> <em>Steven M. Christey (Jan 17)</em> </li> </ul> </li> <li><a name="212" href="212">R: pwgen: non-uniform distribution of passwords</a> <em>valentino.angeletti (Jan 19)</em> <ul> <li><a name="214" href="214">Re: pwgen: non-uniform distribution of passwords</a> <em>Solar Designer (Jan 19)</em> </li> <li><a name="222" href="222">Re: Re: pwgen: non-uniform distribution of passwords</a> <em>Michael Niedermayer (Jan 19)</em> </li> <li><a name="259" href="259">Re: pwgen: non-uniform distribution of passwords</a> <em>Solar Designer (Jan 22)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="167" href="167">CVE Request: overlayfs</a> <em>Marc Deslauriers (Jan 17)</em> <ul> <li><a name="172" href="172">Re: CVE Request: overlayfs</a> <em>Kurt Seifried (Jan 17)</em> </li> </ul> </li> <li><a name="168" href="168">CVE-request: golismero symlink vulnerability</a> <em>Henri Salo (Jan 17)</em> <ul> <li><a name="171" href="171">Re: CVE-request: golismero symlink vulnerability</a> <em>Kurt Seifried (Jan 17)</em> </li> </ul> </li> <li><a name="178" href="178">CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 17)</em> <ul> <li><a name="179" href="179">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Kurt Seifried (Jan 17)</em> <ul> <li><a name="182" href="182">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 17)</em> </li> </ul> </li> <li><a name="187" href="187">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Kees Cook (Jan 18)</em> <ul> <li><a name="194" href="194">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 18)</em> <ul> <li><a name="232" href="232">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 20)</em> </li> <li><a name="267" href="267">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 23)</em> </li> </ul> </li> </ul> </li> <li><a name="256" href="256">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Solar Designer (Jan 22)</em> <ul> <li><em>Message not available</em><ul> <li><em>Message not available</em><li><a name="257" href="257">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Jason A. Donenfeld (Jan 22)</em> </li> </li> </ul> </li> <li><a name="258" href="258">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Solar Designer (Jan 22)</em> </li> <li><a name="261" href="261">Re: CVE request: kernel: proc: clean up and fix /proc/&lt;pid&gt;/mem handling</a> <em>Eugene Teo (Jan 22)</em> </li> </ul> </li> </ul> </li> <li><a name="183" href="183">CVE request: kernel: Unused iocbs in a batch should not be accounted as active</a> <em>Eugene Teo (Jan 17)</em> <ul> <li><a name="184" href="184">Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active</a> <em>Kurt Seifried (Jan 17)</em> </li> </ul> </li> <li><a name="186" href="186">CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Ronald van den Blink (Jan 18)</em> <ul> <li><a name="188" href="188">Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Kurt Seifried (Jan 18)</em> <ul> <li><a name="199" href="199">Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Ronald van den Blink (Jan 18)</em> <ul> <li><a name="201" href="201">Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Ronald van den Blink (Jan 19)</em> </li> <li><a name="223" href="223">Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Kurt Seifried (Jan 19)</em> </li> <li><a name="205" href="205">Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php</a> <em>Henri Salo (Jan 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="191" href="191">Screen locking programs on Xorg 1.11</a> <em>Gu1 (Jan 18)</em> <ul> <li><a name="192" href="192">Re: Screen locking programs on Xorg 1.11</a> <em>Michael Gilbert (Jan 18)</em> <ul> <li><a name="197" href="197">Re: Screen locking programs on Xorg 1.11</a> <em>Michael Gilbert (Jan 18)</em> </li> </ul> </li> <li><a name="196" href="196">Re: Screen locking programs on Xorg 1.11</a> <em>Kurt Seifried (Jan 18)</em> </li> <li><a name="200" href="200">Re: Screen locking programs on Xorg 1.11</a> <em>Sebastian Pipping (Jan 18)</em> <ul> <li><a name="202" href="202">Re: Screen locking programs on Xorg 1.11</a> <em>Yves-Alexis Perez (Jan 19)</em> </li> </ul> </li> <li><a name="213" href="213">Re: Screen locking programs on Xorg 1.11</a> <em>Florian Weimer (Jan 19)</em> <ul> <li><a name="217" href="217">Re: Screen locking programs on Xorg 1.11</a> <em>Tim Zingelman (Jan 19)</em> </li> </ul> </li> <li>&lt;Possible follow-ups&gt;</li> <li><a name="218" href="218">Re: Screen locking programs on Xorg 1.11</a> <em>Gu1 (Jan 19)</em> </li> </ul> </li> <li><a name="193" href="193">CVE request: tucan insecure plugin update mechanism</a> <em>Vincent Danen (Jan 18)</em> <ul> <li><a name="195" href="195">Re: CVE request: tucan insecure plugin update mechanism</a> <em>Kurt Seifried (Jan 18)</em> </li> </ul> </li> <li><a name="206" href="206">CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue</a> <em>Jan Lieskovsky (Jan 19)</em> <ul> <li><a name="207" href="207">Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue</a> <em>Yves-Alexis Perez (Jan 19)</em> <ul> <li><a name="208" href="208">Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue</a> <em>Jan Lieskovsky (Jan 19)</em> <ul> <li><a name="209" href="209">Re: CVE-2011-4924 assignment notification -- Zope2, Zope3: Incomplete upstream fix for CVE-2010-1104 issue</a> <em>Jan-Wijbrand Kolman (Jan 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="210" href="210">Request for linux-distros () vs openwall org membership</a> <em>John Johansen (Jan 19)</em> <ul> <li><a name="211" href="211">Re: Request for linux-distros () vs openwall org membership</a> <em>Jamie Strandboge (Jan 19)</em> </li> <li><a name="228" href="228">Re: Request for linux-distros () vs openwall org membership</a> <em>Solar Designer (Jan 20)</em> </li> </ul> </li> <li><a name="215" href="215">CVE request: usbmuxd 1.0.7 &quot;receive_packet()&quot; Buffer Overflow Vulnerability</a> <em>Kurt Seifried (Jan 19)</em> <ul> <li><a name="216" href="216">Re: CVE request: usbmuxd 1.0.7 &quot;receive_packet()&quot; Buffer Overflow Vulnerability</a> <em>Kurt Seifried (Jan 19)</em> </li> </ul> </li> <li><a name="220" href="220">Potential security issues fixed in PHP 5.3.9</a> <em>Kurt Seifried (Jan 19)</em> <ul> <li><a name="230" href="230">Re: Potential security issues fixed in PHP 5.3.9</a> <em>Pierre Joye (Jan 20)</em> <ul> <li><a name="247" href="247">Re: Potential security issues fixed in PHP 5.3.9</a> <em>Kurt Seifried (Jan 20)</em> </li> </ul> </li> </ul> </li> <li><a name="226" href="226">pdf attacks vectors</a> <em>Alexander Pletnev (Jan 19)</em> <ul> <li><a name="241" href="241">Re: pdf attacks vectors</a> <em>Solar Designer (Jan 20)</em> <ul> <li><a name="244" href="244">Re: pdf attacks vectors</a> <em>Alexander Pletnev (Jan 20)</em> <ul> <li><a name="245" href="245">Re: pdf attacks vectors</a> <em>Solar Designer (Jan 20)</em> </li> </ul> </li> </ul> </li> <li><a name="251" href="251">Re: pdf attacks vectors</a> <em>Henri Salo (Jan 21)</em> </li> </ul> </li> <li><a name="227" href="227">CVE request: spamdyke buffer overflow vulnerability</a> <em>Agostino Sarubbo (Jan 20)</em> <ul> <li><a name="249" href="249">Re: CVE request: spamdyke buffer overflow vulnerability</a> <em>Kurt Seifried (Jan 20)</em> <ul> <li><a name="264" href="264">Re: CVE request: spamdyke buffer overflow vulnerability</a> <em>Kurt Seifried (Jan 23)</em> <ul> <li><a name="265" href="265">Re: CVE request: spamdyke buffer overflow vulnerability</a> <em>Michael Harrison (Jan 23)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="229" href="229">distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Jan 20)</em> <ul> <li><a name="234" href="234">Re: distros &amp; linux-distros embargo period and message format</a> <em>Kurt Seifried (Jan 20)</em> <ul> <li><a name="238" href="238">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Jan 20)</em> <ul> <li><a name="260" href="260">Re: distros &amp; linux-distros embargo period and message format</a> <em>Michael Gilbert (Jan 22)</em> </li> </ul> </li> </ul> </li> <li><a name="338" href="338">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> <ul> <li><a name="339" href="339">Re: distros &amp; linux-distros embargo period and message format</a> <em>Marc Deslauriers (Feb 01)</em> <ul> <li><a name="349" href="349">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> </li> <li><a name="350" href="350">Re: distros &amp; linux-distros embargo period and message format</a> <em>Kurt Seifried (Feb 01)</em> </li> <li><a name="352" href="352">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> </li> <li><a name="353" href="353">Re: distros &amp; linux-distros embargo period and message format</a> <em>Kurt Seifried (Feb 01)</em> </li> <li><a name="351" href="351">Re: distros &amp; linux-distros embargo period and message format</a> <em>Marc Deslauriers (Feb 01)</em> </li> <li><a name="354" href="354">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> </li> <li><a name="355" href="355">Re: distros &amp; linux-distros embargo period and message format</a> <em>Kurt Seifried (Feb 01)</em> </li> <li><a name="356" href="356">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> </li> <li><a name="373" href="373">Re: distros &amp; linux-distros embargo period and message format</a> <em>Michael Gilbert (Feb 03)</em> </li> <li><a name="374" href="374">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 03)</em> </li> <li><a name="375" href="375">Re: distros &amp; linux-distros embargo period and message format</a> <em>Michael Gilbert (Feb 03)</em> </li> <li><a name="376" href="376">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 03)</em> </li> <li><a name="377" href="377">Re: distros &amp; linux-distros embargo period and message format</a> <em>Michael Gilbert (Feb 03)</em> </li> <li><a name="378" href="378">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 03)</em> </li> </ul> </li> <li><a name="346" href="346">Re: distros &amp; linux-distros embargo period and message format</a> <em>Thomas Klausner (Feb 01)</em> <ul> <li><a name="347" href="347">Re: distros &amp; linux-distros embargo period and message format</a> <em>Solar Designer (Feb 01)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="233" href="233">CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP</a> <em>Jan Lieskovsky (Jan 20)</em> <ul> <li><a name="235" href="235">Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP</a> <em>Steven M. Christey (Jan 20)</em> <ul> <li><a name="236" href="236">Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP</a> <em>Jan Lieskovsky (Jan 20)</em> </li> </ul> </li> </ul> </li> <li><a name="239" href="239">CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities</a> <em>Vincent Danen (Jan 20)</em> <ul> <li><a name="254" href="254">Re: CVE request: moodle 2.2.1, 2.1.4, 2.0.7, 1.9.16 vulnerabilities</a> <em>Kurt Seifried (Jan 21)</em> </li> </ul> </li> <li><a name="246" href="246">CVE request: smokeping XSS</a> <em>Vincent Danen (Jan 20)</em> <ul> <li><a name="248" href="248">Re: CVE request: smokeping XSS</a> <em>Kurt Seifried (Jan 20)</em> </li> <li><a name="485" href="485">Re: CVE request: smokeping XSS</a> <em>Florian Weimer (Feb 27)</em> <ul> <li><a name="583" href="583">Re: CVE request: smokeping XSS</a> <em>Vincent Danen (Mar 06)</em> </li> </ul> </li> </ul> </li> <li><a name="250" href="250">CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18</a> <em>Jan Lieskovsky (Jan 21)</em> <ul> <li><a name="253" href="253">Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18</a> <em>Kurt Seifried (Jan 21)</em> <ul> <li><a name="255" href="255">Re: CVE Request -- Horde IMP -- Multiple XSS flaws fixed in v5.0.18</a> <em>Steven M. Christey (Jan 21)</em> </li> </ul> </li> </ul> </li> <li><a name="262" href="262">CVE id assignment dates</a> <em>Solar Designer (Jan 23)</em> <ul> <li><a name="263" href="263">Re: CVE id assignment dates</a> <em>Steven M. Christey (Jan 23)</em> <ul> <li><a name="266" href="266">Re: CVE id assignment dates</a> <em>Michael Gilbert (Jan 23)</em> <ul> <li><a name="268" href="268">Re: CVE id assignment dates</a> <em>Kurt Seifried (Jan 23)</em> </li> <li><a name="270" href="270">Re: CVE id assignment dates</a> <em>Steven M. Christey (Jan 24)</em> </li> <li><a name="271" href="271">Re: CVE id assignment dates</a> <em>Henri Salo (Jan 24)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="269" href="269">CVE request: bip buffer overflow</a> <em>Luciano Bello (Jan 24)</em> <ul> <li><a name="275" href="275">Re: CVE request: bip buffer overflow</a> <em>Kurt Seifried (Jan 24)</em> </li> </ul> </li> <li><a name="272" href="272">CVE requests: Suhosin extension / as31</a> <em>Moritz Muehlenhoff (Jan 24)</em> <ul> <li><a name="276" href="276">Re: CVE requests: Suhosin extension / as31</a> <em>Kurt Seifried (Jan 24)</em> </li> </ul> </li> <li><a name="273" href="273">XSLT issue in MoinMoin</a> <em>Nicolas Gr茅goire (Jan 24)</em> <ul> <li><a name="274" href="274">Re: XSLT issue in MoinMoin</a> <em>Kurt Seifried (Jan 24)</em> <ul> <li><a name="277" href="277">Re: XSLT issue in MoinMoin</a> <em>Nicolas Gr茅goire (Jan 24)</em> <ul> <li><a name="298" href="298">Re: XSLT issue in MoinMoin</a> <em>Kurt Seifried (Jan 26)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="278" href="278">Fwd Joomla! Security News 2012-01</a> <em>Henri Salo (Jan 25)</em> <ul> <li><a name="279" href="279">Re: Fwd Joomla! Security News 2012-01</a> <em>Henri Salo (Jan 25)</em> </li> <li><a name="282" href="282">Re: Fwd Joomla! Security News 2012-01</a> <em>Kurt Seifried (Jan 25)</em> <ul> <li><a name="284" href="284">Re: Fwd Joomla! Security News 2012-01</a> <em>Henri Salo (Jan 25)</em> </li> <li><a name="297" href="297">Re: Fwd Joomla! Security News 2012-01</a> <em>Kurt Seifried (Jan 26)</em> <ul> <li><a name="316" href="316">Re: Fwd Joomla! Security News 2012-01</a> <em>Kurt Seifried (Jan 29)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="280" href="280">TWSL2012-002: Multiple Vulnerabilities in WordPress</a> <em>Henri Salo (Jan 25)</em> <ul> <li><a name="281" href="281">Re: TWSL2012-002: Multiple Vulnerabilities in WordPress</a> <em>Kurt Seifried (Jan 25)</em> <ul> <li><a name="283" href="283">Re: TWSL2012-002: Multiple Vulnerabilities in WordPress</a> <em>Henri Salo (Jan 25)</em> </li> </ul> </li> </ul> </li> <li><a name="285" href="285">CVE request: PostfixAdmin SQL injections and XSS</a> <em>Christian Boltz (Jan 26)</em> <ul> <li><a name="290" href="290">Re: CVE request: PostfixAdmin SQL injections and XSS</a> <em>Kurt Seifried (Jan 26)</em> <ul> <li><a name="291" href="291">Re: CVE request: PostfixAdmin SQL injections and XSS</a> <em>Christian Boltz (Jan 26)</em> <ul> <li><a name="292" href="292">Re: CVE request: PostfixAdmin SQL injections and XSS</a> <em>Kurt Seifried (Jan 26)</em> </li> <li><a name="303" href="303">Re: CVE request: PostfixAdmin SQL injections and XSS</a> <em>Christian Boltz (Jan 27)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="286" href="286">Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0</a> <em>Patrick R McDonald (Jan 26)</em> <ul> <li><a name="287" href="287">Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0</a> <em>Christian Hoffmann (Jan 26)</em> <ul> <li><a name="288" href="288">Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0</a> <em>Patrick R McDonald (Jan 26)</em> <ul> <li><a name="289" href="289">Re: Request for CVE for Vulnerability in Tahoe-LAFS 1.9.0</a> <em>Kurt Seifried (Jan 26)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="293" href="293">CVE request: wicd writes sensitive information in log files (password, passphrase...)</a> <em>Kurt Seifried (Jan 26)</em> <ul> <li><a name="294" href="294">Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)</a> <em>Kurt Seifried (Jan 26)</em> </li> </ul> </li> <li><a name="295" href="295">CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Kurt Seifried (Jan 26)</em> <ul> <li><a name="296" href="296">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Kurt Seifried (Jan 26)</em> <ul> <li><a name="299" href="299">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Marc Deslauriers (Jan 26)</em> <ul> <li><a name="302" href="302">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Yves-Alexis Perez (Jan 27)</em> </li> <li><a name="305" href="305">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Kurt Seifried (Jan 27)</em> </li> <li><a name="306" href="306">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Yves-Alexis Perez (Jan 27)</em> </li> <li><a name="311" href="311">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Kurt Seifried (Jan 27)</em> </li> <li><a name="314" href="314">Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients</a> <em>Kurt Seifried (Jan 27)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="300" href="300">testing pwqgen</a> <em>Solar Designer (Jan 26)</em></li> <li><a name="301" href="301">Subscribe to linux-distros</a> <em>Ramon de C Valle (Jan 27)</em> <ul> <li><a name="304" href="304">Re: Subscribe to linux-distros</a> <em>Kurt Seifried (Jan 27)</em> </li> <li><a name="307" href="307">Re: Subscribe to linux-distros</a> <em>Solar Designer (Jan 27)</em> <ul> <li><a name="308" href="308">Re: Subscribe to linux-distros</a> <em>Ramon de C Valle (Jan 27)</em> </li> <li><a name="343" href="343">Re: Subscribe to linux-distros</a> <em>Agostino Sarubbo (Feb 01)</em> <ul> <li><a name="345" href="345">Re: Subscribe to linux-distros</a> <em>Alex Legler (Feb 01)</em> </li> <li><a name="348" href="348">Re: Subscribe to linux-distros</a> <em>Solar Designer (Feb 01)</em> </li> <li><a name="364" href="364">Re: Subscribe to linux-distros</a> <em>Solar Designer (Feb 02)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="309" href="309">Re: non-Linux advance notification list</a> <em>Solar Designer (Jan 27)</em> <ul> <li>&lt;Possible follow-ups&gt;</li> <li><a name="310" href="310">Re: non-Linux advance notification list</a> <em>Solar Designer (Jan 27)</em> <ul> <li><a name="312" href="312">Re: non-Linux advance notification list</a> <em>Stuart Henderson (Jan 27)</em> <ul> <li><a name="313" href="313">Re: non-Linux advance notification list</a> <em>Solar Designer (Jan 27)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="315" href="315">(maybe) CVE request: libvpx before 1.0 crasher</a> <em>Hanno B枚ck (Jan 28)</em> <ul> <li><a name="317" href="317">Re: (maybe) CVE request: libvpx before 1.0 crasher</a> <em>Kurt Seifried (Jan 29)</em> </li> </ul> </li> <li><a name="318" href="318">Re: Yubiserver package ships with pre-filled identities</a> <em>Jonathan Wiltshire (Jan 30)</em> <ul> <li><a name="319" href="319">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Kurt Seifried (Jan 30)</em> <ul> <li><a name="322" href="322">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Nanakos Chrysostomos (Jan 30)</em> <ul> <li><a name="323" href="323">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Kurt Seifried (Jan 30)</em> </li> <li><a name="324" href="324">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Nanakos Chrysostomos (Jan 30)</em> </li> <li><a name="325" href="325">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Kurt Seifried (Jan 30)</em> </li> <li><a name="328" href="328">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Nanakos Chrysostomos (Jan 30)</em> </li> <li><a name="329" href="329">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Gian Piero Carrubba (Jan 30)</em> </li> <li><a name="331" href="331">Re: Re: Yubiserver package ships with pre-filled identities</a> <em>Steven M. Christey (Jan 31)</em> </li> </ul> </li> </ul> </li> <li><a name="321" href="321">Re: Yubiserver package ships with pre-filled identities</a> <em>Nanakos V. Chrysostomos (Jan 30)</em> </li> </ul> </li> <li><a name="320" href="320">Sudo format string vulnerability (CVE 2012-0809)</a> <em>nicolas vigier (Jan 30)</em></li> <li><a name="326" href="326">gnusound 0.7.5 file name handling format string issue</a> <em>Kurt Seifried (Jan 30)</em> <ul> <li><a name="327" href="327">Re: gnusound 0.7.5 file name handling format string issue</a> <em>Kurt Seifried (Jan 30)</em> </li> </ul> </li> <li><a name="330" href="330">Mibew messenger multiple XSS</a> <em>Henri Salo (Jan 31)</em> <ul> <li><a name="341" href="341">Re: Mibew messenger multiple XSS</a> <em>Kurt Seifried (Feb 01)</em> <ul> <li><a name="344" href="344">XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS)</a> <em>Steven M. Christey (Feb 01)</em> <ul> <li><a name="357" href="357">RE: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS)</a> <em>Carsten Eiram (Feb 01)</em> </li> <li><a name="359" href="359">Re: XSS hiding CSRF (was: Re: [oss-security] Mibew messenger multiple XSS)</a> <em>Filippo Cavallarin (Feb 02)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="332" href="332">Fwd: Apache HTTP Server 2.2.22 Released</a> <em>Solar Designer (Jan 31)</em> <ul> <li><a name="333" href="333">Re: Fwd: Apache HTTP Server 2.2.22 Released</a> <em>Kurt Seifried (Jan 31)</em> <ul> <li><a name="334" href="334">Re: Fwd: Apache HTTP Server 2.2.22 Released</a> <em>Solar Designer (Jan 31)</em> </li> </ul> </li> </ul> </li> <li><a name="335" href="335">CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP</a> <em>Jan Lieskovsky (Feb 01)</em> <ul> <li><a name="336" href="336">Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP</a> <em>Berke Viktor (Feb 01)</em> <ul> <li><a name="337" href="337">Re: Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP</a> <em>Yves-Alexis Perez (Feb 01)</em> </li> </ul> </li> <li><a name="340" href="340">Re: CVE Request (two ids) -- Xchat-WDK (prior 1499-4 [2012-01-18]) and Xchat-v2.8.6 on Maemo architecture -- Heap-based buffer overflow by processing UTF-8 line from server containing characters outside BMP</a> <em>Kurt Seifried (Feb 01)</em> </li> </ul> </li> <li><a name="358" href="358">CVE request: phpldapadmin &quot;base&quot; Cross-Site Scripting Vulnerability</a> <em>Agostino Sarubbo (Feb 02)</em> <ul> <li><a name="365" href="365">Re: CVE request: phpldapadmin &quot;base&quot; Cross-Site Scripting Vulnerability</a> <em>Kurt Seifried (Feb 03)</em> </li> </ul> </li> <li><a name="360" href="360">Xen Security Advisory 6 (CVE-2012-0029) - HVM e1000, buffer overflow</a> <em>Ian Jackson (Feb 02)</em></li> <li><a name="361" href="361">PHP remote code execution introduced via HashDoS fix</a> <em>Tomas Hoger (Feb 02)</em> <ul> <li><a name="362" href="362">Re: PHP remote code execution introduced via HashDoS fix</a> <em>Solar Designer (Feb 02)</em> <ul> <li><a name="363" href="363">Re: PHP remote code execution introduced via HashDoS fix</a> <em>Pierre Joye (Feb 02)</em> </li> </ul> </li> </ul> </li> <li><a name="366" href="366">Adding Xen.org contact to linux-distros security list</a> <em>Ian Campbell (Feb 03)</em> <ul> <li><a name="370" href="370">Re: Adding Xen.org contact to linux-distros security list</a> <em>Kurt Seifried (Feb 03)</em> </li> <li><a name="372" href="372">Re: Adding Xen.org contact to linux-distros security list</a> <em>Solar Designer (Feb 03)</em> <ul> <li><a name="379" href="379">Re: Adding Xen.org contact to linux-distros security list</a> <em>Ian Campbell (Feb 05)</em> </li> </ul> </li> </ul> </li> <li><a name="367" href="367">CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations</a> <em>Marcus Meissner (Feb 03)</em> <ul> <li><a name="369" href="369">Re: CVE Request (2002): Linux TCP stack could accept invalid TCP flag combinations</a> <em>Kurt Seifried (Feb 03)</em> </li> </ul> </li> <li><a name="368" href="368">CVE-request: Joomla! Security News 2012-02-03</a> <em>Henri Salo (Feb 03)</em> <ul> <li><a name="371" href="371">Re: CVE-request: Joomla! Security News 2012-02-03</a> <em>Kurt Seifried (Feb 03)</em> </li> </ul> </li> <li><a name="380" href="380">CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access</a> <em>Solar Designer (Feb 05)</em> <ul> <li><a name="387" href="387">Re: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access</a> <em>Jason A. Donenfeld (Feb 07)</em> <ul> <li><a name="388" href="388">Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Solar Designer (Feb 08)</em> <ul> <li><a name="390" href="390">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Djalal Harouni (Feb 08)</em> </li> <li><a name="392" href="392">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Jason A. Donenfeld (Feb 08)</em> </li> <li><a name="393" href="393">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Jason A. Donenfeld (Feb 08)</em> </li> <li><a name="395" href="395">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Solar Designer (Feb 08)</em> </li> <li><a name="394" href="394">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Jason A. Donenfeld (Feb 08)</em> </li> <li><a name="396" href="396">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Solar Designer (Feb 08)</em> </li> <li><a name="398" href="398">Re: Linux procfs infoleaks via self-read by a SUID/SGID program (was: CVE-2011-3637 Linux kernel: proc: fix Oops on invalid /proc/&lt;pid&gt;/maps access)</a> <em>Djalal Harouni (Feb 09)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="381" href="381">Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops</a> <em>Solar Designer (Feb 05)</em></li> <li><a name="382" href="382">Re: CVE-2011-4324 kernel: nfsv4: mknod(2) DoS</a> <em>Solar Designer (Feb 06)</em></li> <li><a name="383" href="383">CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client</a> <em>Solar Designer (Feb 06)</em> <ul> <li><a name="386" href="386">Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client</a> <em>Petr Matousek (Feb 07)</em> <ul> <li><a name="397" href="397">Re: CVE-2011-4325 Linux kernel: nfs: diotest4 from LTP crash client</a> <em>Solar Designer (Feb 08)</em> </li> </ul> </li> </ul> </li> <li><a name="384" href="384">CVE request: Hash DoS vulnerability (ocert-2011-003)</a> <em>Kurt Seifried (Feb 06)</em> <ul> <li><a name="385" href="385">Re: CVE request: Hash DoS vulnerability (ocert-2011-003)</a> <em>Kurt Seifried (Feb 06)</em> </li> </ul> </li> <li><a name="389" href="389">CVE request: apr - Hash DoS vulnerability</a> <em>Moritz Muehlenhoff (Feb 08)</em> <ul> <li><a name="391" href="391">Re: CVE request: apr - Hash DoS vulnerability</a> <em>Kurt Seifried (Feb 08)</em> </li> </ul> </li> <li><a name="399" href="399">MySQL 0-day - does it need a CVE?</a> <em>Kurt Seifried (Feb 09)</em> <ul> <li><a name="400" href="400">Re: MySQL 0-day - does it need a CVE?</a> <em>Henri Salo (Feb 09)</em> </li> <li><a name="401" href="401">Re: MySQL 0-day - does it need a CVE?</a> <em>Henri Salo (Feb 09)</em> <ul> <li><a name="402" href="402">Re: MySQL 0-day - does it need a CVE?</a> <em>Solar Designer (Feb 09)</em> <ul> <li><a name="403" href="403">Re: MySQL 0-day - does it need a CVE?</a> <em>Yves-Alexis Perez (Feb 09)</em> </li> <li><a name="404" href="404">Re: MySQL 0-day - does it need a CVE?</a> <em>Kurt Seifried (Feb 09)</em> </li> <li><a name="405" href="405">Re: MySQL 0-day - does it need a CVE?</a> <em>Yves-Alexis Perez (Feb 09)</em> </li> <li><a name="408" href="408">Re: MySQL 0-day - does it need a CVE?</a> <em>Henri Salo (Feb 10)</em> </li> <li><a name="415" href="415">Re: MySQL 0-day - does it need a CVE?</a> <em>Solar Designer (Feb 11)</em> </li> </ul> </li> </ul> </li> <li><a name="459" href="459">Re: MySQL 0-day - does it need a CVE?</a> <em>Tomas Hoger (Feb 24)</em> <ul> <li><a name="460" href="460">Re: MySQL 0-day - does it need a CVE?</a> <em>Kurt Seifried (Feb 24)</em> <ul> <li><a name="461" href="461">Re: MySQL 0-day - does it need a CVE?</a> <em>Larry Stefonic (Feb 24)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="406" href="406">CVE request: surf</a> <em>Florian Weimer (Feb 09)</em> <ul> <li><a name="407" href="407">Re: CVE request: surf</a> <em>Kurt Seifried (Feb 09)</em> <ul> <li><a name="413" href="413">Re: CVE request: surf</a> <em>Florian Weimer (Feb 10)</em> <ul> <li><a name="414" href="414">RE: CVE request: surf</a> <em>Daniel Suarez (Feb 10)</em> </li> <li><a name="417" href="417">Re: CVE request: surf</a> <em>Kurt Seifried (Feb 11)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="409" href="409">imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478</a> <em>Henri Salo (Feb 10)</em> <ul> <li><a name="411" href="411">Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478</a> <em>Vincent Danen (Feb 10)</em> <ul> <li><a name="412" href="412">Re: imagemagick invalid validation DoS CVE-2012-0247 and CVE-2012-02478</a> <em>Vincent Danen (Feb 10)</em> </li> </ul> </li> </ul> </li> <li><a name="410" href="410">[vs] CVE-2012-1037 GLPI &lt;= 0.80.61 LFI/RFI</a> <em>Emilien Girault (Feb 10)</em></li> <li><a name="416" href="416">CVE-request: Webcalendar 1.2.4 location XSS</a> <em>Henri Salo (Feb 11)</em> <ul> <li><a name="418" href="418">Re: CVE-request: Webcalendar 1.2.4 location XSS</a> <em>Eitan Adler (Feb 11)</em> <ul> <li><a name="419" href="419">Re: CVE-request: Webcalendar 1.2.4 location XSS</a> <em>Henri Salo (Feb 12)</em> <ul> <li><a name="420" href="420">Re: CVE-request: Webcalendar 1.2.4 location XSS</a> <em>Henri Salo (Feb 12)</em> </li> <li><a name="427" href="427">Re: CVE-request: Webcalendar 1.2.4 location XSS</a> <em>Kurt Seifried (Feb 13)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="421" href="421">CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability</a> <em>YGN Ethical Hacker Group (Feb 12)</em> <ul> <li><a name="426" href="426">Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability</a> <em>Kurt Seifried (Feb 13)</em> <ul> <li><a name="436" href="436">Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability</a> <em>YGN Ethical Hacker Group (Feb 16)</em> <ul> <li><a name="437" href="437">Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability</a> <em>Kurt Seifried (Feb 17)</em> </li> <li><a name="439" href="439">Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability</a> <em>Kurt Seifried (Feb 17)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="422" href="422">Subscribe to linux-distros?</a> <em>Matthias Weckbecker (Feb 13)</em> <ul> <li><a name="423" href="423">Re: Subscribe to linux-distros?</a> <em>Marcus Meissner (Feb 13)</em> <ul> <li><a name="429" href="429">Re: Subscribe to linux-distros?</a> <em>Solar Designer (Feb 14)</em> </li> </ul> </li> </ul> </li> <li><a name="424" href="424">CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request</a> <em>Jan Lieskovsky (Feb 13)</em> <ul> <li><a name="425" href="425">Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request</a> <em>Kurt Seifried (Feb 13)</em> <ul> <li><a name="428" href="428">Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request</a> <em>Jan Lieskovsky (Feb 14)</em> <ul> <li><a name="430" href="430">Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request</a> <em>David Malcolm (Feb 14)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="432" href="432">CVE request: mumble local information disclosure</a> <em>Vincent Danen (Feb 15)</em> <ul> <li><a name="433" href="433">Re: CVE request: mumble local information disclosure</a> <em>Kurt Seifried (Feb 15)</em> </li> <li><a name="434" href="434">Re: CVE request: mumble local information disclosure</a> <em>Ludwig Nussel (Feb 16)</em> <ul> <li><a name="435" href="435">Re: CVE request: mumble local information disclosure</a> <em>Kurt Seifried (Feb 16)</em> </li> </ul> </li> </ul> </li> <li><a name="438" href="438">CVE-2012-0864 assignment notification -- glibc F_S format string protection bypass via &quot;nargs&quot; integer overflow</a> <em>Stefan Cornelius (Feb 17)</em></li> <li><a name="440" href="440">TORCS 1.3.2 xml buffer overflow - CVE-2012-1189</a> <em>Andres Gomez (Feb 18)</em> <ul> <li><a name="562" href="562">Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189</a> <em>Andres Gomez (Mar 05)</em> <ul> <li><em>Message not available</em><ul> <li><a name="575" href="575">Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189</a> <em>Andres Gomez (Mar 06)</em> </li> <li><a name="585" href="585">Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189</a> <em>Tomas Hoger (Mar 06)</em> </li> <li><a name="602" href="602">Re: Re: TORCS 1.3.2 xml buffer overflow - CVE-2012-1189</a> <em>Andres Gomez (Mar 09)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="441" href="441">Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>muuratsalo experimental hack lab (Feb 20)</em> <ul> <li><a name="442" href="442">Re: Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>Nico Golde (Feb 20)</em> <ul> <li><a name="443" href="443">Re: Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>Henri Salo (Feb 20)</em> <ul> <li><a name="444" href="444">Re: Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>Nico Golde (Feb 20)</em> </li> <li><a name="448" href="448">Re: Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>Kurt Seifried (Feb 20)</em> </li> <li><a name="455" href="455">Re: Vulnerabilitites in Debian F*EX &lt;= 20100208 and F*EX 20111129-2.</a> <em>Steven M. Christey (Feb 23)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="445" href="445">OxWall 1.1.1 &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>YGN Ethical Hacker Group (Feb 20)</em> <ul> <li><a name="450" href="450">Re: OxWall 1.1.1 &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>Kurt Seifried (Feb 20)</em> </li> </ul> </li> <li><a name="446" href="446">Dolphin 7.0.7 &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>YGN Ethical Hacker Group (Feb 20)</em> <ul> <li><a name="451" href="451">Re: Dolphin 7.0.7 &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>Kurt Seifried (Feb 20)</em> </li> </ul> </li> <li><a name="447" href="447">Bugs in &quot;file&quot; program VU#621745</a> <em>CERT(R) Coordination Center (Feb 20)</em> <ul> <li><a name="449" href="449">Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Kurt Seifried (Feb 20)</em> <ul> <li><a name="517" href="517">Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Florian Weimer (Feb 29)</em> <ul> <li><a name="519" href="519">Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Kurt Seifried (Feb 29)</em> </li> <li><a name="520" href="520">Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Kurt Seifried (Feb 29)</em> </li> </ul> </li> </ul> </li> <li>&lt;Possible follow-ups&gt;</li> <li><a name="705" href="705">Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Jan Lieskovsky (Mar 20)</em> <ul> <li><a name="706" href="706">Re: Re: Bugs in &quot;file&quot; program VU#621745</a> <em>Kurt Seifried (Mar 20)</em> </li> </ul> </li> </ul> </li> <li><a name="452" href="452">libxml2: hash table collisions CPU usage DoS</a> <em>Huzaifa Sidhpurwala (Feb 21)</em></li> <li><a name="453" href="453">CVE-2012-0875: systemtap memory disclosure/kernel panic when processing malformed DWARF unwind data</a> <em>Vincent Danen (Feb 22)</em></li> <li><a name="454" href="454">CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with &quot;paster serve&quot; as root</a> <em>Jan Lieskovsky (Feb 23)</em> <ul> <li><a name="457" href="457">Re: CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with &quot;paster serve&quot; as root</a> <em>Kurt Seifried (Feb 23)</em> </li> </ul> </li> <li><a name="456" href="456">CVE request -- kernel: block: CLONE_IO io_context refcounting issues</a> <em>Petr Matousek (Feb 23)</em> <ul> <li><a name="458" href="458">Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues</a> <em>Kurt Seifried (Feb 23)</em> </li> </ul> </li> <li><a name="462" href="462">Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 25)</em> <ul> <li><a name="463" href="463">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Yves-Alexis Perez (Feb 25)</em> <ul> <li><a name="464" href="464">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 26)</em> <ul> <li><a name="469" href="469">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eugene Teo (Feb 26)</em> </li> <li><a name="470" href="470">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Solar Designer (Feb 26)</em> </li> <li><a name="477" href="477">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 27)</em> </li> <li><a name="603" href="603">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Mar 09)</em> </li> <li><a name="604" href="604">Re: Attack on badly configured Netfilter-based firewalls</a> <em>ArkanoiD (Mar 09)</em> </li> <li><a name="605" href="605">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Mar 09)</em> </li> <li><a name="607" href="607">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Kurt Seifried (Mar 09)</em> </li> <li><a name="529" href="529">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Jussi Eronen (Mar 02)</em> </li> <li><a name="533" href="533">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Kurt Seifried (Mar 02)</em> </li> <li><a name="709" href="709">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Jussi Eronen (Mar 20)</em> </li> </ul> </li> </ul> </li> <li><a name="465" href="465">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Kurt Seifried (Feb 26)</em> <ul> <li><a name="466" href="466">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 26)</em> <ul> <li><a name="467" href="467">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Solar Designer (Feb 26)</em> </li> <li><a name="468" href="468">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 26)</em> </li> <li><a name="487" href="487">Re: Attack on badly configured Netfilter-based firewalls</a> <em>yersinia (Feb 27)</em> </li> <li><a name="472" href="472">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Sebastian Krahmer (Feb 27)</em> </li> <li><a name="473" href="473">Re: Attack on badly configured Netfilter-based firewalls</a> <em>ArkanoiD (Feb 27)</em> </li> <li><a name="474" href="474">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Sebastian Krahmer (Feb 27)</em> </li> </ul> </li> </ul> </li> <li><a name="483" href="483">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Florian Weimer (Feb 27)</em> <ul> <li><a name="484" href="484">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 27)</em> </li> <li><a name="496" href="496">Re: Attack on badly configured Netfilter-based firewalls</a> <em>Eric Leblond (Feb 28)</em> </li> </ul> </li> </ul> </li> <li><a name="471" href="471">CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Jan Lieskovsky (Feb 27)</em> <ul> <li><a name="480" href="480">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 27)</em> <ul> <li><a name="497" href="497">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Rafa艂 Malinowski (Feb 28)</em> <ul> <li><a name="501" href="501">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>cve-assign (Feb 28)</em> </li> <li><a name="502" href="502">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 28)</em> </li> <li><a name="505" href="505">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>cve-assign (Feb 28)</em> </li> <li><a name="506" href="506">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 28)</em> </li> <li><a name="515" href="515">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Marcus Meissner (Feb 29)</em> </li> <li><a name="518" href="518">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>cve-assign (Feb 29)</em> </li> <li><a name="507" href="507">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 28)</em> </li> <li><a name="508" href="508">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 28)</em> </li> </ul> </li> </ul> </li> <li><a name="486" href="486">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Rafa艂 Malinowski (Feb 27)</em> <ul> <li><a name="490" href="490">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Mateusz Goik (Feb 27)</em> <ul> <li><a name="491" href="491">Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Mateusz Goik (Feb 27)</em> </li> <li><a name="493" href="493">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 27)</em> </li> <li><a name="494" href="494">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Rafa艂 Malinowski (Feb 27)</em> </li> <li><a name="500" href="500">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Kurt Seifried (Feb 28)</em> </li> <li><a name="514" href="514">Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact&apos;s status and sms messages in history</a> <em>Rafa艂 Malinowski (Feb 29)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="475" href="475">Case YVS Image Gallery</a> <em>Henri Salo (Feb 27)</em> <ul> <li><a name="479" href="479">Re: Case YVS Image Gallery</a> <em>Kurt Seifried (Feb 27)</em> <ul> <li><a name="495" href="495">Re: Case YVS Image Gallery</a> <em>Henri Salo (Feb 27)</em> <ul> <li><a name="692" href="692">Re: Case YVS Image Gallery</a> <em>Kurt Seifried (Mar 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="476" href="476">CVE Request -- Multiple instances of insecure temporary file use</a> <em>Jan Lieskovsky (Feb 27)</em> <ul> <li><a name="481" href="481">Re: CVE Request -- Multiple instances of insecure temporary file use</a> <em>Kurt Seifried (Feb 27)</em> </li> </ul> </li> <li><a name="478" href="478">CVE request: openssl: null pointer dereference issue</a> <em>Matthias Weckbecker (Feb 27)</em> <ul> <li><a name="482" href="482">Re: CVE request: openssl: null pointer dereference issue</a> <em>Kurt Seifried (Feb 27)</em> <ul> <li><a name="509" href="509">Re: CVE request: openssl: null pointer dereference issue</a> <em>Kurt Seifried (Feb 28)</em> </li> </ul> </li> <li><a name="614" href="614">Re: CVE request: openssl: null pointer dereference issue</a> <em>Tomas Hoger (Mar 12)</em> <ul> <li><a name="617" href="617">Re: CVE request: openssl: null pointer dereference issue</a> <em>Kurt Seifried (Mar 12)</em> </li> <li><a name="618" href="618">Re: CVE request: openssl: null pointer dereference issue</a> <em>Kurt Seifried (Mar 12)</em> <ul> <li><a name="623" href="623">Re: CVE request: openssl: null pointer dereference issue</a> <em>Tomas Hoger (Mar 13)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="488" href="488">DesktopOnNet 3 Beta LFI</a> <em>Whitney Houston (Feb 27)</em> <ul> <li><a name="489" href="489">Re: DesktopOnNet 3 Beta LFI</a> <em>Whitney Houston (Feb 27)</em> <ul> <li><a name="492" href="492">Re: Re: DesktopOnNet 3 Beta LFI</a> <em>Kurt Seifried (Feb 27)</em> </li> </ul> </li> </ul> </li> <li><a name="498" href="498">CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount</a> <em>Petr Matousek (Feb 28)</em> <ul> <li><a name="499" href="499">Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount</a> <em>Kurt Seifried (Feb 28)</em> </li> </ul> </li> <li><a name="503" href="503">CVE request: init script x11-common creates directories in insecure manners</a> <em>vladz (Feb 28)</em> <ul> <li><a name="512" href="512">Re: CVE request: init script x11-common creates directories in insecure manners</a> <em>Kurt Seifried (Feb 28)</em> <ul> <li><a name="521" href="521">Re: CVE request: init script x11-common creates directories in insecure manners</a> <em>vladz (Mar 01)</em> <ul> <li><a name="522" href="522">Re: CVE request: init script x11-common creates directories in insecure manners</a> <em>Jason A. Donenfeld (Mar 01)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="504" href="504">CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status</a> <em>Jan Lieskovsky (Feb 28)</em> <ul> <li><a name="510" href="510">Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status</a> <em>Marcus Meissner (Feb 28)</em> <ul> <li><a name="511" href="511">Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status</a> <em>Kurt Seifried (Feb 28)</em> <ul> <li><a name="516" href="516">Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status</a> <em>Marcus Meissner (Feb 29)</em> </li> </ul> </li> <li><a name="526" href="526">Re: Re: CVE Request (minor) -- osc: Improper sanitization of terminal emulator escape sequences when displaying build log and build status</a> <em>Kurt Seifried (Mar 01)</em> </li> </ul> </li> </ul> </li> <li><a name="513" href="513">CVE Request: NetworkManager arbitrary file access</a> <em>Ludwig Nussel (Feb 29)</em> <ul> <li><a name="527" href="527">Re: CVE Request: NetworkManager arbitrary file access</a> <em>Kurt Seifried (Mar 01)</em> </li> </ul> </li> <li><a name="523" href="523">CVE-request: Joomla core information disclosure 1.7.1</a> <em>Henri Salo (Mar 01)</em> <ul> <li><a name="524" href="524">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Henri Salo (Mar 01)</em> </li> <li><a name="525" href="525">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Kurt Seifried (Mar 01)</em> <ul> <li><a name="528" href="528">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Henri Salo (Mar 01)</em> <ul> <li><a name="532" href="532">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Kurt Seifried (Mar 02)</em> </li> <li><a name="534" href="534">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Kurt Seifried (Mar 02)</em> </li> <li><a name="535" href="535">Re: CVE-request: Joomla core information disclosure 1.7.1</a> <em>Henri Salo (Mar 02)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="530" href="530">CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws</a> <em>Jan Lieskovsky (Mar 02)</em> <ul> <li><a name="536" href="536">Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws</a> <em>Kurt Seifried (Mar 02)</em> </li> </ul> </li> <li><a name="531" href="531">Partial ASLR bypass</a> <em>Tim Brown (Mar 02)</em></li> <li><a name="537" href="537">CVE-request: systemd local denial of login or local users can create arbitrary services</a> <em>Henri Salo (Mar 04)</em> <ul> <li><a name="548" href="548">Re: CVE-request: systemd local denial of login or local users can create arbitrary services</a> <em>Kurt Seifried (Mar 04)</em> </li> </ul> </li> <li><a name="538" href="538">CVE-Request taglib vulnerabilities</a> <em>Zubin Mithra (Mar 04)</em> <ul> <li><a name="552" href="552">Re: CVE-Request taglib vulnerabilities</a> <em>Kurt Seifried (Mar 04)</em> <ul> <li><a name="553" href="553">Re: CVE-Request taglib vulnerabilities</a> <em>Zubin Mithra (Mar 04)</em> <ul> <li><a name="563" href="563">Re: CVE-Request taglib vulnerabilities</a> <em>Kurt Seifried (Mar 05)</em> </li> <li><a name="714" href="714">Re: CVE-Request taglib vulnerabilities</a> <em>Ludwig Nussel (Mar 21)</em> </li> <li><a name="717" href="717">Re: CVE-Request taglib vulnerabilities</a> <em>Kurt Seifried (Mar 21)</em> </li> <li><a name="719" href="719">Re: CVE-Request taglib vulnerabilities</a> <em>Zubin Mithra (Mar 21)</em> </li> <li><a name="747" href="747">Re: CVE-Request taglib vulnerabilities</a> <em>Ludwig Nussel (Mar 26)</em> </li> <li><a name="750" href="750">Re: CVE-Request taglib vulnerabilities</a> <em>Kurt Seifried (Mar 26)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="539" href="539">CVE Request: XML entity expansion in the XML::Atom Perl module</a> <em>Florian Weimer (Mar 04)</em> <ul> <li><a name="540" href="540">Re: CVE Request: XML entity expansion in the XML::Atom Perl module</a> <em>Florian Weimer (Mar 04)</em> </li> <li><a name="549" href="549">Re: CVE Request: XML entity expansion in the XML::Atom Perl module</a> <em>Kurt Seifried (Mar 04)</em> </li> </ul> </li> <li><a name="541" href="541">CVE request: notmuch</a> <em>Moritz M眉hlenhoff (Mar 04)</em> <ul> <li><a name="550" href="550">Re: CVE request: notmuch</a> <em>Kurt Seifried (Mar 04)</em> <ul> <li><a name="555" href="555">Re: CVE request: notmuch</a> <em>Florian Weimer (Mar 04)</em> </li> </ul> </li> </ul> </li> <li><a name="542" href="542">CVE request: XML::Atom Perl module</a> <em>Moritz Muehlenhoff (Mar 04)</em> <ul> <li><a name="544" href="544">Re: CVE request: XML::Atom Perl module</a> <em>Adam D. Barratt (Mar 04)</em> </li> </ul> </li> <li><a name="543" href="543">CVE Requests for phpCAS</a> <em>Joachim Fritschi (Mar 04)</em> <ul> <li><a name="551" href="551">Re: CVE Requests for phpCAS</a> <em>Kurt Seifried (Mar 04)</em> </li> </ul> </li> <li><a name="545" href="545">CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets</a> <em>Eugene Teo (Mar 04)</em></li> <li><a name="546" href="546">CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482</a> <em>Eugene Teo (Mar 04)</em></li> <li><a name="547" href="547">CVE-2011-3593 kernel: vlan: fix panic when handling priority tagged frames</a> <em>Eugene Teo (Mar 04)</em></li> <li><a name="554" href="554">Ruby on Rails github compromise</a> <em>Kurt Seifried (Mar 04)</em></li> <li><a name="556" href="556">CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Jan Lieskovsky (Mar 05)</em> <ul> <li><a name="568" href="568">Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Kurt Seifried (Mar 05)</em> <ul> <li><a name="612" href="612">Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Jan Lieskovsky (Mar 12)</em> <ul> <li><a name="621" href="621">Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Roland Gruber (Mar 12)</em> </li> </ul> </li> </ul> </li> <li><a name="569" href="569">Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Roland Gruber (Mar 05)</em> <ul> <li><a name="576" href="576">Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws</a> <em>Dmitry Butskoy (Mar 06)</em> </li> </ul> </li> </ul> </li> <li><a name="557" href="557">CVE Request: lightdm</a> <em>Marc Deslauriers (Mar 05)</em> <ul> <li><a name="566" href="566">Re: CVE Request: lightdm</a> <em>Kurt Seifried (Mar 05)</em> </li> </ul> </li> <li><a name="558" href="558">Open-Realty CMS 2.5.8 (2.x.x) &lt;= &quot;select_users_template&quot; Local File Inclusion Vulnerability</a> <em>YGN Ethical Hacker Group (Mar 05)</em> <ul> <li><a name="567" href="567">Re: Open-Realty CMS 2.5.8 (2.x.x) &lt;= &quot;select_users_template&quot; Local File Inclusion Vulnerability</a> <em>Kurt Seifried (Mar 05)</em> </li> </ul> </li> <li><a name="559" href="559">Etano 1.x &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>YGN Ethical Hacker Group (Mar 05)</em> <ul> <li><a name="565" href="565">Re: Etano 1.x &lt;= Multiple Cross Site Scripting Vulnerabilities</a> <em>Kurt Seifried (Mar 05)</em> </li> </ul> </li> <li><a name="560" href="560">CVE request: mwlib &lt; 0.13.5 DoS flaw</a> <em>Vincent Danen (Mar 05)</em> <ul> <li><a name="564" href="564">Re: CVE request: mwlib &lt; 0.13.5 DoS flaw</a> <em>Kurt Seifried (Mar 05)</em> </li> </ul> </li> <li><a name="561" href="561">CVE-2012-1106 assignment notification -- abrt: Setuid process core dump archived with unsafe GID permissions</a> <em>Stefan Cornelius (Mar 05)</em></li> <li><a name="570" href="570">CVE-request: phxEventManager search.php search_terms Parameter SQL Injection</a> <em>Henri Salo (Mar 05)</em> <ul> <li><a name="578" href="578">Re: CVE-request: phxEventManager search.php search_terms Parameter SQL Injection</a> <em>Kurt Seifried (Mar 06)</em> </li> </ul> </li> <li><a name="571" href="571">CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution</a> <em>Henri Salo (Mar 05)</em> <ul> <li><a name="579" href="579">Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution</a> <em>Kurt Seifried (Mar 06)</em> <ul> <li><a name="589" href="589">Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution</a> <em>Henri Salo (Mar 07)</em> </li> </ul> </li> </ul> </li> <li><a name="572" href="572">CVE request: mantisbt before 1.2.9</a> <em>Hanno B枚ck (Mar 06)</em> <ul> <li><a name="574" href="574">Re: CVE request: mantisbt before 1.2.9</a> <em>David Hicks (Mar 06)</em> <ul> <li><a name="577" href="577">Re: CVE request: mantisbt before 1.2.9</a> <em>Kurt Seifried (Mar 06)</em> </li> </ul> </li> </ul> </li> <li><a name="573" href="573">CVE-request: Joomla! Security News 2012-03</a> <em>Henri Salo (Mar 06)</em> <ul> <li><a name="580" href="580">Re: CVE-request: Joomla! Security News 2012-03</a> <em>Kurt Seifried (Mar 06)</em> </li> <li><a name="582" href="582">Re: CVE-request: Joomla! Security News 2012-03</a> <em>Kurt Seifried (Mar 06)</em> </li> </ul> </li> <li><a name="581" href="581">CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9</a> <em>Jan Lieskovsky (Mar 06)</em> <ul> <li><a name="584" href="584">Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9</a> <em>Kurt Seifried (Mar 06)</em> <ul> <li><a name="587" href="587">Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9</a> <em>Werner LEMBERG (Mar 07)</em> </li> </ul> </li> </ul> </li> <li><a name="586" href="586">CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops</a> <em>Petr Matousek (Mar 07)</em> <ul> <li><a name="588" href="588">Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops</a> <em>Kurt Seifried (Mar 07)</em> </li> </ul> </li> <li><a name="590" href="590">CVE-request: phpMyFAQ index.php URI XSS</a> <em>Henri Salo (Mar 07)</em> <ul> <li><a name="595" href="595">Re: CVE-request: phpMyFAQ index.php URI XSS</a> <em>Kurt Seifried (Mar 08)</em> </li> </ul> </li> <li><a name="591" href="591">CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection</a> <em>Henri Salo (Mar 07)</em> <ul> <li><a name="594" href="594">Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection</a> <em>Kurt Seifried (Mar 08)</em> <ul> <li><a name="598" href="598">Re: CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection</a> <em>Henri Salo (Mar 08)</em> </li> </ul> </li> </ul> </li> <li><a name="592" href="592">CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern</a> <em>Kurt Seifried (Mar 08)</em> <ul> <li><a name="593" href="593">Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern</a> <em>Kurt Seifried (Mar 08)</em> </li> <li><a name="625" href="625">Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern</a> <em>Huzaifa Sidhpurwala (Mar 13)</em> </li> </ul> </li> <li><a name="596" href="596">expat 2.1.0beta fixes 5 Denial of Service attacks, CVE&apos;s/details inside</a> <em>Kurt Seifried (Mar 08)</em> <ul> <li><a name="597" href="597">Re: expat 2.1.0beta fixes 5 Denial of Service attacks, CVE&apos;s/details inside</a> <em>Kurt Seifried (Mar 08)</em> </li> </ul> </li> <li><a name="599" href="599">CVE-request: Ariadne 2.7.6 XSS</a> <em>Henri Salo (Mar 09)</em> <ul> <li><a name="611" href="611">Re: CVE-request: Ariadne 2.7.6 XSS</a> <em>Kurt Seifried (Mar 09)</em> </li> </ul> </li> <li><a name="600" href="600">CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution</a> <em>Henri Salo (Mar 09)</em> <ul> <li><a name="610" href="610">Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution</a> <em>Kurt Seifried (Mar 09)</em> </li> </ul> </li> <li><a name="601" href="601">CVE Request -- libdbd-pg-perl / perl-DBD-Pg &amp;&amp; libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws</a> <em>Jan Lieskovsky (Mar 09)</em> <ul> <li><a name="609" href="609">Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg &amp;&amp; libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws</a> <em>Kurt Seifried (Mar 09)</em> </li> </ul> </li> <li><a name="606" href="606">CVE Request: Python Hash DoS (Issue 13703)</a> <em>Kurt Seifried (Mar 09)</em> <ul> <li><a name="608" href="608">Re: CVE Request: Python Hash DoS (Issue 13703)</a> <em>Kurt Seifried (Mar 09)</em> </li> </ul> </li> <li><a name="613" href="613">CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry</a> <em>Jan Lieskovsky (Mar 12)</em> <ul> <li><a name="615" href="615">Re: CVE Request -- openldap (slapd): Assertion failure by processing search queries requesting only attributes for particular entry</a> <em>Kurt Seifried (Mar 12)</em> </li> </ul> </li> <li><a name="616" href="616">CVE Request: ldm (LTSP display manager)</a> <em>Marc Deslauriers (Mar 12)</em> <ul> <li><a name="619" href="619">Re: CVE Request: ldm (LTSP display manager)</a> <em>Kurt Seifried (Mar 12)</em> </li> </ul> </li> <li><a name="620" href="620">running the distros lists</a> <em>Solar Designer (Mar 12)</em> <ul> <li><a name="622" href="622">Re: running the distros lists</a> <em>Solar Designer (Mar 12)</em> <ul> <li><a name="624" href="624">Re: running the distros lists</a> <em>Thomas Klausner (Mar 13)</em> <ul> <li><a name="626" href="626">Re: running the distros lists</a> <em>Solar Designer (Mar 13)</em> </li> <li><a name="636" href="636">Re: running the distros lists</a> <em>Kurt Seifried (Mar 14)</em> </li> <li><a name="638" href="638">Re: running the distros lists</a> <em>Solar Designer (Mar 14)</em> </li> <li><a name="639" href="639">Re: running the distros lists</a> <em>Tim Brown (Mar 14)</em> </li> <li><a name="641" href="641">Re: running the distros lists</a> <em>Kurt Seifried (Mar 14)</em> </li> <li><a name="642" href="642">Re: running the distros lists</a> <em>Josh Bressers (Mar 15)</em> </li> <li><a name="655" href="655">Re: running the distros lists</a> <em>Solar Designer (Mar 15)</em> </li> <li><a name="684" href="684">Re: running the distros lists</a> <em>Josh Bressers (Mar 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="627" href="627">CVE Request: libgdata did not verify SSL certificates</a> <em>Ludwig Nussel (Mar 14)</em> <ul> <li><a name="629" href="629">Re: CVE Request: libgdata did not verify SSL certificates</a> <em>Marc Deslauriers (Mar 14)</em> <ul> <li><a name="634" href="634">Re: CVE Request: libgdata did not verify SSL certificates</a> <em>Kurt Seifried (Mar 14)</em> </li> </ul> </li> </ul> </li> <li><a name="628" href="628">CVE request: Two Pidgin crashes</a> <em>Mark Doliner (Mar 14)</em> <ul> <li><a name="633" href="633">Re: CVE request: Two Pidgin crashes</a> <em>Kurt Seifried (Mar 14)</em> </li> </ul> </li> <li><a name="630" href="630">CVE request: pyfribidi buffer overflow flaw</a> <em>Vincent Danen (Mar 14)</em> <ul> <li><a name="635" href="635">Re: CVE request: pyfribidi buffer overflow flaw</a> <em>Kurt Seifried (Mar 14)</em> </li> </ul> </li> <li><a name="631" href="631">CVE request: gnash integer overflow</a> <em>Vincent Danen (Mar 14)</em> <ul> <li><a name="632" href="632">Re: CVE request: gnash integer overflow</a> <em>Kurt Seifried (Mar 14)</em> </li> </ul> </li> <li><a name="637" href="637">Was a CVE ever assigned for Python SimpleHTTPServer.py XSS?</a> <em>Vincent Danen (Mar 14)</em> <ul> <li><a name="640" href="640">Re: Was a CVE ever assigned for Python SimpleHTTPServer.py XSS?</a> <em>Kurt Seifried (Mar 14)</em> </li> </ul> </li> <li><a name="643" href="643">CVE request: eZ Publish: unspecified vulnerability</a> <em>Luc ABRIC (Mar 15)</em> <ul> <li><a name="647" href="647">Re: CVE request: eZ Publish: unspecified vulnerability</a> <em>Kurt Seifried (Mar 15)</em> <ul> <li><a name="651" href="651">Re: CVE request: eZ Publish: unspecified vulnerability</a> <em>Solar Designer (Mar 15)</em> </li> </ul> </li> </ul> </li> <li><a name="644" href="644">CVE Request: nginx fix for malformed HTTP responses from upstream servers</a> <em>Andrew Alexeev (Mar 15)</em> <ul> <li><a name="648" href="648">Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers</a> <em>Kurt Seifried (Mar 15)</em> </li> </ul> </li> <li><a name="645" href="645">Android CVE identifiers</a> <em>Dan Rosenberg (Mar 15)</em></li> <li><a name="646" href="646">CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON()</a> <em>Petr Matousek (Mar 15)</em></li> <li><a name="649" href="649">CVE-request: apache&apos;s mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost</a> <em>Daniel Kahn Gillmor (Mar 15)</em> <ul> <li><a name="653" href="653">Re: CVE-request: apache&apos;s mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost</a> <em>Kurt Seifried (Mar 15)</em> </li> </ul> </li> <li><a name="650" href="650">CVE Requests</a> <em>Mark Stanislav (Mar 15)</em> <ul> <li><a name="652" href="652">Re: CVE Requests</a> <em>Kurt Seifried (Mar 15)</em> <ul> <li><a name="654" href="654">Re: CVE Requests</a> <em>Mark Stanislav (Mar 15)</em> <ul> <li><a name="656" href="656">Re: CVE Requests</a> <em>Kurt Seifried (Mar 15)</em> </li> <li><a name="657" href="657">Re: CVE Requests</a> <em>Mark Stanislav (Mar 15)</em> </li> <li><a name="658" href="658">Re: CVE Requests</a> <em>Kurt Seifried (Mar 15)</em> </li> <li><a name="659" href="659">Re: CVE Requests</a> <em>Mark Stanislav (Mar 15)</em> </li> <li><a name="664" href="664">Re: CVE Requests</a> <em>Solar Designer (Mar 16)</em> </li> <li><a name="667" href="667">Re: CVE Requests</a> <em>Kurt Seifried (Mar 16)</em> </li> <li><a name="669" href="669">Re: CVE Requests</a> <em>Mark Stanislav (Mar 16)</em> </li> <li><a name="675" href="675">Re: CVE Requests</a> <em>Kurt Seifried (Mar 16)</em> </li> <li><a name="663" href="663">Re: CVE Requests</a> <em>Andreas Ericsson (Mar 16)</em> </li> <li><a name="665" href="665">Re: CVE Requests</a> <em>Adam D. Barratt (Mar 16)</em> </li> <li><a name="666" href="666">Re: CVE Requests</a> <em>Mark Stanislav (Mar 16)</em> </li> <li><a name="670" href="670">Re: CVE Requests</a> <em>Tim Brown (Mar 16)</em> </li> <li><a name="671" href="671">Re: CVE Requests</a> <em>Mark Stanislav (Mar 16)</em> </li> <li><a name="676" href="676">Re: CVE Requests</a> <em>Kurt Seifried (Mar 16)</em> </li> <li><a name="677" href="677">Re: CVE Requests</a> <em>Tim Brown (Mar 16)</em> </li> <li><a name="681" href="681">Re: CVE Requests</a> <em>Eugene Teo (Mar 18)</em> </li> <li><a name="674" href="674">Re: CVE Requests</a> <em>Kurt Seifried (Mar 16)</em> </li> <li><a name="683" href="683">Re: CVE Requests</a> <em>Andreas Ericsson (Mar 19)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="660" href="660">CVE-request: Drupal Finder SA-CONTRIB-2012-017</a> <em>Henri Salo (Mar 16)</em> <ul> <li><a name="689" href="689">Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017</a> <em>Kurt Seifried (Mar 19)</em> </li> </ul> </li> <li><a name="661" href="661">CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws</a> <em>Jan Lieskovsky (Mar 16)</em> <ul> <li><a name="668" href="668">Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws</a> <em>Kurt Seifried (Mar 16)</em> <ul> <li><a name="678" href="678">Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws</a> <em>Matthew Jordan (Mar 16)</em> </li> </ul> </li> </ul> </li> <li><a name="662" href="662">Joomla! Security News 2012-03-16</a> <em>Henri Salo (Mar 16)</em> <ul> <li><a name="691" href="691">Re: Joomla! Security News 2012-03-16</a> <em>Kurt Seifried (Mar 19)</em> </li> </ul> </li> <li><a name="672" href="672">[Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session</a> <em>Jan Lieskovsky (Mar 16)</em></li> <li><a name="673" href="673">Drupal CORE and Drupal Contrib</a> <em>Kurt Seifried (Mar 16)</em> <ul> <li><a name="679" href="679">Re: [security] Drupal CORE and Drupal Contrib</a> <em>Greg Knaddison (Mar 16)</em> <ul> <li><a name="690" href="690">Re: Re: [security] Drupal CORE and Drupal Contrib</a> <em>Kurt Seifried (Mar 19)</em> <ul> <li><a name="708" href="708">Re: Re: [security] Drupal CORE and Drupal Contrib</a> <em>Greg Knaddison (Mar 20)</em> </li> <li><a name="718" href="718">Re: Re: [security] Drupal CORE and Drupal Contrib</a> <em>Moritz Muehlenhoff (Mar 21)</em> </li> <li><a name="724" href="724">Re: Re: [security] Drupal CORE and Drupal Contrib</a> <em>Kurt Seifried (Mar 21)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="680" href="680">Re: CVE request: piwik before 1.6</a> <em>Henri Salo (Mar 18)</em> <ul> <li><a name="688" href="688">Re: CVE request: piwik before 1.6</a> <em>Kurt Seifried (Mar 19)</em> </li> </ul> </li> <li><a name="682" href="682">CVE request for bitlebee</a> <em>David Black (Mar 19)</em> <ul> <li><a name="687" href="687">Re: CVE request for bitlebee</a> <em>Kurt Seifried (Mar 19)</em> </li> </ul> </li> <li><a name="685" href="685">CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248</a> <em>Stefan Cornelius (Mar 19)</em></li> <li><a name="686" href="686">CVE request: eZ Publish: insecure direct object reference</a> <em>Luc ABRIC (Mar 19)</em> <ul> <li><a name="693" href="693">Re: CVE request: eZ Publish: insecure direct object reference</a> <em>Kurt Seifried (Mar 19)</em> <ul> <li><a name="707" href="707">RE: CVE request: eZ Publish: insecure direct object reference</a> <em>Luc ABRIC (Mar 20)</em> <ul> <li><a name="703" href="703">Re: CVE request: eZ Publish: insecure direct object reference</a> <em>Kurt Seifried (Mar 20)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="694" href="694">LinuxMint - temp file creation vulns in mintNanny and mintUpdate</a> <em>Kurt Seifried (Mar 19)</em></li> <li><a name="695" href="695">CVE request: maradns deleted domain record cache persistance flaw</a> <em>Vincent Danen (Mar 19)</em> <ul> <li><a name="704" href="704">Re: CVE request: maradns deleted domain record cache persistance flaw</a> <em>Kurt Seifried (Mar 20)</em> </li> </ul> </li> <li><a name="696" href="696">CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Petr Matousek (Mar 20)</em> <ul> <li><a name="698" href="698">Re: CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Eugene Teo (Mar 20)</em> <ul> <li><a name="699" href="699">Re: CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Nick Kralevich (Mar 20)</em> <ul> <li><a name="700" href="700">Re: CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Marcus Meissner (Mar 20)</em> </li> <li><a name="711" href="711">Re: CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Petr Matousek (Mar 21)</em> </li> <li><a name="701" href="701">Re: CVE request -- kernel: execshield: predictable ascii armour base address</a> <em>Kurt Seifried (Mar 20)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="697" href="697">CVE request: libtasn1 &quot;asn1_get_length_der()&quot; DER decoding issue</a> <em>Stefan Cornelius (Mar 20)</em> <ul> <li><a name="702" href="702">Re: CVE request: libtasn1 &quot;asn1_get_length_der()&quot; DER decoding issue</a> <em>Kurt Seifried (Mar 20)</em> </li> </ul> </li> <li><a name="710" href="710"> CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip</a> <em>Timo Warns (Mar 21)</em> <ul> <li><a name="789" href="789">Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip</a> <em>Timo Warns (Mar 29)</em> </li> </ul> </li> <li><a name="712" href="712">CVE request: GnuTLS TLS record handling issue / MU-201202-01</a> <em>Stefan Cornelius (Mar 21)</em> <ul> <li><a name="713" href="713">Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01</a> <em>Tomas Hoger (Mar 21)</em> </li> </ul> </li> <li><a name="715" href="715">Vulnerabilities reported in ClamAV 0.96.4</a> <em>Vincent Danen (Mar 21)</em> <ul> <li><a name="720" href="720">Re: Vulnerabilities reported in ClamAV 0.96.4</a> <em>Matt Watchinski (Mar 21)</em> <ul> <li><a name="716" href="716">Re: Vulnerabilities reported in ClamAV 0.96.4</a> <em>Vincent Danen (Mar 21)</em> </li> </ul> </li> <li><a name="721" href="721">Re: Vulnerabilities reported in ClamAV 0.96.4</a> <em>T枚r枚k Edwin (Mar 21)</em> </li> </ul> </li> <li><a name="722" href="722">atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour</a> <em>William Pitcock (Mar 21)</em> <ul> <li><a name="723" href="723">Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour</a> <em>Kurt Seifried (Mar 21)</em> <ul> <li><a name="727" href="727">Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour</a> <em>William Pitcock (Mar 22)</em> <ul> <li><a name="730" href="730">Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour</a> <em>Kurt Seifried (Mar 22)</em> </li> <li><a name="735" href="735">Re: Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour</a> <em>The Fungi (Mar 23)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="725" href="725">CVE for OpenBSD random() bug?</a> <em>Kurt Seifried (Mar 21)</em> <ul> <li><a name="726" href="726">Re: CVE for OpenBSD random() bug?</a> <em>Todd C. Miller (Mar 22)</em> <ul> <li><a name="742" href="742">Re: CVE for OpenBSD random() bug?</a> <em>Kurt Seifried (Mar 23)</em> </li> </ul> </li> </ul> </li> <li><a name="728" href="728">MediaWiki security and maintenance release 1.18.2</a> <em>Henri Salo (Mar 22)</em> <ul> <li><a name="729" href="729">Re: MediaWiki security and maintenance release 1.18.2</a> <em>Kurt Seifried (Mar 22)</em> </li> </ul> </li> <li><a name="731" href="731">CVE-request: ImpressPages CMS Unspecified Remote Code Execution</a> <em>Henri Salo (Mar 22)</em> <ul> <li><a name="744" href="744">Re: CVE-request: ImpressPages CMS Unspecified Remote Code Execution</a> <em>Kurt Seifried (Mar 23)</em> </li> </ul> </li> <li><a name="732" href="732">CVE-request: MyBB 1.6 &lt;= SQL Injection</a> <em>Henri Salo (Mar 23)</em> <ul> <li><a name="737" href="737">Re: CVE-request: MyBB 1.6 &lt;= SQL Injection</a> <em>Kurt Seifried (Mar 23)</em> <ul> <li><a name="746" href="746">Re: CVE-request: MyBB 1.6 &lt;= SQL Injection</a> <em>Henri Salo (Mar 25)</em> </li> </ul> </li> </ul> </li> <li><a name="733" href="733">CVE Request: Geeklog 1.7.1 &lt;= Cross Site Scripting Vulnerability</a> <em>Henri Salo (Mar 23)</em> <ul> <li><a name="741" href="741">Re: CVE Request: Geeklog 1.7.1 &lt;= Cross Site Scripting Vulnerability</a> <em>Kurt Seifried (Mar 23)</em> </li> </ul> </li> <li><a name="734" href="734">CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)</a> <em>Henri Salo (Mar 23)</em> <ul> <li><a name="736" href="736">Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)</a> <em>Kurt Seifried (Mar 23)</em> </li> </ul> </li> <li><a name="738" href="738">openssl security issue or not? (CVE Request?)</a> <em>Marcus Meissner (Mar 23)</em> <ul> <li><a name="739" href="739">Re: openssl security issue or not? (CVE Request?)</a> <em>Jan Lieskovsky (Mar 23)</em> </li> <li><a name="740" href="740">Re: openssl security issue or not? (CVE Request?)</a> <em>Ivan Nestlerode (Mar 23)</em> <ul> <li><a name="743" href="743">Re: Re: openssl security issue or not? (CVE Request?)</a> <em>Marcus Meissner (Mar 23)</em> </li> </ul> </li> </ul> </li> <li><a name="745" href="745">CVEs for MediaWiki security and maintenance release 1.18.2</a> <em>Kurt Seifried (Mar 23)</em></li> <li><a name="748" href="748">CVE-2010 Request: quake3 / openarena-server: DDoS by processing &apos;getstatus&apos; and &apos;rcon&apos; packets</a> <em>Jan Lieskovsky (Mar 26)</em> <ul> <li><a name="751" href="751">Re: CVE-2010 Request: quake3 / openarena-server: DDoS by processing &apos;getstatus&apos; and &apos;rcon&apos; packets</a> <em>Kurt Seifried (Mar 26)</em> </li> </ul> </li> <li><a name="749" href="749">CVE request: quake3 reflective DoS</a> <em>Florian Weimer (Mar 26)</em></li> <li><a name="752" href="752">CVE id request: cifs-utils</a> <em>Nico Golde (Mar 26)</em> <ul> <li><a name="757" href="757">Re: CVE id request: cifs-utils</a> <em>Kurt Seifried (Mar 27)</em> </li> </ul> </li> <li><a name="753" href="753">CVE request: distutils creates ~/.pypirc insecurely</a> <em>Vincent Danen (Mar 27)</em> <ul> <li><a name="754" href="754">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Jakub Wilk (Mar 27)</em> <ul> <li><a name="760" href="760">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Vincent Danen (Mar 27)</em> </li> </ul> </li> <li><a name="756" href="756">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Kurt Seifried (Mar 27)</em> <ul> <li><a name="758" href="758">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Vincent Danen (Mar 27)</em> <ul> <li><a name="761" href="761">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Kurt Seifried (Mar 27)</em> </li> <li><a name="762" href="762">Re: CVE request: distutils creates ~/.pypirc insecurely</a> <em>Vincent Danen (Mar 27)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="755" href="755">Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)</a> <em>Solar Designer (Mar 27)</em> <ul> <li>&lt;Possible follow-ups&gt;</li> <li><a name="759" href="759">Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)</a> <em>Solar Designer (Mar 27)</em> <ul> <li><a name="763" href="763">Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)</a> <em>VSR Advisories (Mar 27)</em> </li> <li><a name="764" href="764">Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)</a> <em>Timothy D. Morgan (Mar 27)</em> <ul> <li><a name="788" href="788">Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)</a> <em>Solar Designer (Mar 29)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="765" href="765">CVE Request: PolicyKit change allows users in &quot;wheel&quot; group to become root without a password</a> <em>Tim Sammut (Mar 27)</em> <ul> <li><a name="766" href="766">Re: CVE Request: PolicyKit change allows users in &quot;wheel&quot; group to become root without a password</a> <em>Kurt Seifried (Mar 27)</em> </li> </ul> </li> <li><a name="767" href="767">CVE request: Struts2 xsltResult local code execution flaw</a> <em>David Jorm (Mar 27)</em> <ul> <li><a name="776" href="776">Re: CVE request: Struts2 xsltResult local code execution flaw</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="768" href="768">CVE-request: e107 HTB23004</a> <em>Henri Salo (Mar 27)</em> <ul> <li><a name="781" href="781">Re: CVE-request: e107 HTB23004</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="769" href="769">CVE-request: clamav floating point exception in OLE2 scanner DoS (2007)</a> <em>Henri Salo (Mar 27)</em> <ul> <li><a name="780" href="780">Re: CVE-request: clamav floating point exception in OLE2 scanner DoS (2007)</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="770" href="770">CVE-request: Joomla core information disclosure 372-20111003</a> <em>Henri Salo (Mar 28)</em></li> <li><a name="771" href="771">CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6</a> <em>Huzaifa Sidhpurwala (Mar 28)</em> <ul> <li><a name="777" href="777">Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="772" href="772">CVE request: eZ Publish XSS</a> <em>Luc ABRIC (Mar 28)</em> <ul> <li><a name="782" href="782">Re: CVE request: eZ Publish XSS</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="773" href="773">CVE 2012-1565 Insecure object reference</a> <em>Luc ABRIC (Mar 28)</em></li> <li><a name="774" href="774">CVE-request: Joomla 20120305 / 20120306</a> <em>Henri Salo (Mar 28)</em> <ul> <li><a name="783" href="783">Re: CVE-request: Joomla 20120305 / 20120306</a> <em>Kurt Seifried (Mar 28)</em> </li> </ul> </li> <li><a name="775" href="775">CVE request: phppgadmin before 5.0.4 XSS</a> <em>Hanno B枚ck (Mar 28)</em> <ul> <li><a name="784" href="784">Re: CVE request: phppgadmin before 5.0.4 XSS</a> <em>Kurt Seifried (Mar 28)</em> <ul> <li><a name="799" href="799">Re: CVE request: phppgadmin before 5.0.4 XSS</a> <em>Henri Salo (Mar 30)</em> </li> </ul> </li> </ul> </li> <li><a name="778" href="778">CVE request: egroupware before 1.8.002 various security issues</a> <em>Hanno B枚ck (Mar 28)</em> <ul> <li><a name="779" href="779">Re: CVE request: egroupware before 1.8.002 various security issues</a> <em>Kurt Seifried (Mar 28)</em> <ul> <li><a name="787" href="787">Re: CVE request: egroupware before 1.8.002 various security issues</a> <em>Hanno B枚ck (Mar 28)</em> <ul> <li><a name="795" href="795">Re: CVE request: egroupware before 1.8.002 various security issues</a> <em>Kurt Seifried (Mar 29)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="785" href="785">Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa</a> <em>Kurt Seifried (Mar 28)</em> <ul> <li><a name="791" href="791">Re: Interesting blog entry - Finding v6 hosts by efficiently mapping ip6.arpa</a> <em>Florian Weimer (Mar 29)</em> </li> </ul> </li> <li><a name="786" href="786">CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080</a> <em>Henri Salo (Mar 28)</em> <ul> <li><a name="794" href="794">Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080</a> <em>Kurt Seifried (Mar 29)</em> </li> </ul> </li> <li><a name="790" href="790">CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu-&gt;arch.apic inconsistency</a> <em>Petr Matousek (Mar 29)</em> <ul> <li><a name="793" href="793">Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu-&gt;arch.apic inconsistency</a> <em>Kurt Seifried (Mar 29)</em> </li> </ul> </li> <li><a name="792" href="792">CVE request: TYPO3-CORE-SA-2012-001</a> <em>Florian Weimer (Mar 29)</em> <ul> <li><a name="796" href="796">Re: CVE request: TYPO3-CORE-SA-2012-001</a> <em>Kurt Seifried (Mar 29)</em> </li> </ul> </li> <li><a name="797" href="797">CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081</a> <em>Henri Salo (Mar 30)</em> <ul> <li><a name="798" href="798">Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081</a> <em>Henri Salo (Mar 30)</em> </li> <li><a name="804" href="804">Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081</a> <em>Kurt Seifried (Mar 30)</em> </li> </ul> </li> <li><a name="800" href="800">CVE DISPUTE notification: postgresql-jdbc: SQL injection due improper escaping of JDBC statement parameters</a> <em>Jan Lieskovsky (Mar 30)</em></li> <li><a name="801" href="801">postgresql-jdbc 8.1 SQL injection with postgresql server 9.1</a> <em>Ludwig Nussel (Mar 30)</em> <ul> <li><a name="802" href="802">Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1</a> <em>Robert Haas (Mar 30)</em> <ul> <li><a name="803" href="803">Re: [pgsql-security] postgresql-jdbc 8.1 SQL injection with postgresql server 9.1</a> <em>Robert Haas (Mar 30)</em> </li> </ul> </li> <li><a name="812" href="812">Re: postgresql-jdbc 8.1 SQL injection with postgresql server 9.1</a> <em>Florian Weimer (Mar 30)</em> </li> </ul> </li> <li><a name="805" href="805">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Tomas Hoger (Mar 30)</em> <ul> <li><a name="806" href="806">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Solar Designer (Mar 30)</em> <ul> <li><a name="807" href="807">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Jeff Law (Mar 30)</em> <ul> <li><a name="808" href="808">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Solar Designer (Mar 30)</em> </li> <li><a name="809" href="809">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Jeff Law (Mar 30)</em> </li> <li><a name="810" href="810">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Solar Designer (Mar 30)</em> </li> <li><a name="811" href="811">Re: glibc crypt(3), crypt_r(3), PHP crypt() may use alloca()</a> <em>Jeff Law (Mar 30)</em> </li> </ul> </li> </ul> </li> </ul> </li> <li><a name="813" href="813">SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver</a> <em>Steffen Dettmer (Mar 31)</em> <ul> <li><a name="814" href="814">Re: SQL injection attack possible when connecting to PostgreSQL 9.1 with version 8.1 JDBC driver</a> <em>Kurt Seifried (Mar 31)</em> </li> </ul> </li> </ul> <hr id="end"> <div class="nav-prev"><a href="/cgi-bin/nav.cgi?from=oss-sec%2F2012%2Fq1&goto=prev&view=thread"><img src="/images/left-icon-16x16.png" width=16 height=16 alt="Previous">Previous period</a></div> <div class="nav-next"><a href="/cgi-bin/nav.cgi?from=oss-sec%2F2012%2Fq1&goto=next&view=thread">Next period<img src="/images/right-icon-16x16.png" width=16 height=16 alt="Next"></a></div> </main><!-- content --> <footer id="nst-foot"> <form class="nst-search" id="nst-foot-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <div class="flexlists"> <div class="fl-unit"> <h2><a class="nlink" href="https://nmap.org/">Nmap Security Scanner</a></h2> <ul> <li><a class="nlink" href="https://nmap.org/book/man.html">Ref Guide</a> <li><a class="nlink" href="https://nmap.org/book/install.html">Install Guide</a> <li><a class="nlink" href="https://nmap.org/docs.html">Docs</a> <li><a class="nlink" href="https://nmap.org/download.html">Download</a> <li><a class="nlink" href="https://nmap.org/oem/">Nmap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://npcap.com/">Npcap packet capture</a></h2> <ul> <li><a class="nlink" href="https://npcap.com/guide/">User's Guide</a> <li><a class="nlink" href="https://npcap.com/guide/npcap-devguide.html#npcap-api">API docs</a> <li><a class="nlink" href="https://npcap.com/#download">Download</a> <li><a class="nlink" href="https://npcap.com/oem/">Npcap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://seclists.org/">Security Lists</a></h2> <ul> <li><a class="nlink" href="https://seclists.org/nmap-announce/">Nmap Announce</a> <li><a class="nlink" href="https://seclists.org/nmap-dev/">Nmap Dev</a> <li><a class="nlink" href="https://seclists.org/fulldisclosure/">Full Disclosure</a> <li><a class="nlink" href="https://seclists.org/oss-sec/">Open Source Security</a> <li><a class="nlink" href="https://seclists.org/dataloss/">BreachExchange</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://sectools.org">Security Tools</a></h2> <ul> <li><a class="nlink" href="https://sectools.org/tag/vuln-scanners/">Vuln scanners</a> <li><a class="nlink" href="https://sectools.org/tag/pass-audit/">Password audit</a> <li><a class="nlink" href="https://sectools.org/tag/web-scanners/">Web scanners</a> <li><a class="nlink" href="https://sectools.org/tag/wireless/">Wireless</a> <li><a class="nlink" href="https://sectools.org/tag/sploits/">Exploitation</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://insecure.org/">About</a></h2> <ul> <li><a class="nlink" href="https://insecure.org/fyodor/">About/Contact</a> <li><a class="nlink" href="https://insecure.org/privacy.html">Privacy</a> <li><a class="nlink" href="https://insecure.org/advertising.html">Advertising</a> <li><a class="nlink" href="https://nmap.org/npsl/">Nmap Public Source License</a> </ul> </div> <div class="fl-unit social-links"> <a class="nlink" href="https://twitter.com/nmap" title="Visit us on Twitter"> <img width="32" height="32" src="/shared/images/nst-icons.svg#twitter" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://facebook.com/nmap" title="Visit us on Facebook"> <img width="32" height="32" src="/shared/images/nst-icons.svg#facebook" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://github.com/nmap/" title="Visit us on Github"> <img width="32" height="32" src="/shared/images/nst-icons.svg#github" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://reddit.com/r/nmap/" title="Discuss Nmap on Reddit"> <img width="32" height="32" src="/shared/images/nst-icons.svg#reddit" alt="" aria-hidden="true"> </a> </div> </div> </footer> </div><!-- wrapper --> </body> </html> <!-- MHonArc v2.6.19 -->