oss-security mailing list
Recent messages:
- 2024/04/24 #4:
Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc) (Paragon Initiative Enterprises Security Team <security@...agonie.com>)
- 2024/04/24 #3:
CVE-2024-0582 - Linux kernel use-after-free vulnerability in
io_uring, writeup and exploit strategy (Oriol Castejón <Oriol.Castejon@...dusintel.com>)
- 2024/04/24 #2:
Re: The GNU C Library security advisories update for
2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix
ou… (Florian Weimer <fweimer@...hat.com>)
- 2024/04/24 #1:
PowerDNS Recursor Security Advisory 2024-02: if recursive
forwarding is configured, crafted responses can lead to a den… (Peter van Dijk <peter.van.dijk@...erdns…)
- 2024/04/23 #6:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/23 #5:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Yash Patel <yashpatelphd@...il.com>)
- 2024/04/23 #4:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Mark Esler <mark.esler@...onical.com>)
- 2024/04/23 #3:
Re: 83 bogus CVEs assigned to Robot Operating System (ROS) (Yash Patel <yashpatelphd@...il.com>)
- 2024/04/23 #2:
83 bogus CVEs assigned to Robot Operating System (ROS) (Mark Esler <mark.esler@...onical.com>)
- 2024/04/23 #1:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/22 #6:
Re: Linux: Disabling network namespaces ("Priedhorsky, Reid" <reidpr@...l.gov>)
- 2024/04/22 #5:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/22 #4:
CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode (Imba Jin <jin@...che.org>)
- 2024/04/22 #3:
CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin (Imba Jin <jin@...che.org>)
- 2024/04/22 #2:
CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection
page (Imba Jin <jin@...che.org>)
- 2024/04/22 #1:
Wordpress Responsive theme: arbitrary HTML content injection
(CVE-2024-2848) (Hanno Böck <hanno@...eck.de>)
- 2024/04/21 #5:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/21 #4:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/21 #3:
Re: PoC for fdroidserver AllowedAPKSigningKeys
certificate pinning bypass (Jeffrey Walton <noloader@...il.com>)
- 2024/04/21 #2:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/21 #1:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/20 #3:
[Update] PoC for fdroidserver AllowedAPKSigningKeys certificate
pinning bypass (Fay Stegerman <flx@...usk.net>)
- 2024/04/20 #2:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/20 #1:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/19 #6:
Re: Linux: Disabling network namespaces (nightmare.yeah27@...ecat.org)
- 2024/04/19 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/19 #4:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/19 #3:
CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with
unverified SSL context (Elad Kalif <eladkal@...che.org>)
- 2024/04/19 #2:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/19 #1:
CVE-2024-29217: Apache Answer: XSS vulnerability when changing
personal website (Enxin Xie <linkinstar@...che.org>)
- 2024/04/18 #5:
flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal
and CWE-88 (Simon McVittie <smcv@...ian.org>)
- 2024/04/18 #4:
Re: The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-… (Solar Designer <solar@...nwall.com>)
- 2024/04/18 #3:
Re: Make your own backdoor: CFLAGS code injection,
Makefile injection, pkg-config (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/18 #2:
libreswan: IKEv1 default AH/ESP responder can crash and restart (David Morel <david.morel@...es.tech>)
- 2024/04/18 #1:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Matt Johnston <matt@....asn.au>)
- 2024/04/17 #10:
CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used (Ephraim Anierobi <ephraimanierobi@...che…)
- 2024/04/17 #9:
The GNU C Library security advisories update for 2024-04-17:
GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out… (Adhemerval Zanella Netto <zatrazz@...il…)
- 2024/04/17 #8:
Terrapin vulnerability in Jenkins CLI client (Daniel Beck <ml@...kweb.net>)
- 2024/04/17 #7:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Loganaden Velvindron <loganaden@...il.com>)
- 2024/04/17 #6:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/17 #5:
Re: Linux: Disabling network namespaces (Georgia Garcia <georgia.garcia@...onical.com>)
- 2024/04/17 #4:
Re: backdoor in upstream xz/liblzma leading to ssh
server compromise (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/17 #3:
Make your own backdoor: CFLAGS code injection, Makefile injection,
pkg-config (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/17 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/17 #1:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Greg KH <greg@...ah.com>)
- 2024/04/16 #6:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/16 #5:
Re: backdoor in upstream xz/liblzma leading to ssh server compromise (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #4:
[kubernetes] CVE-2024-3177: Bypassing mountable secrets policy
imposed by the ServiceAccount admission plugin (Rita Zhang <rita.z.zhang@...il.com>)
- 2024/04/16 #3:
Re: Linux: Disabling network namespaces (Philippe Cerfon <philcerf@...il.com>)
- 2024/04/16 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/16 #1:
Re: Linux: Disabling network namespaces (Jordan Glover <Golden_Miller83@...tonmail.ch>)
- 2024/04/15 #6:
CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys
Through Biased ECDSA Nonces in PuTTY Client (Fabian Bäumer <fabian.baeumer@....de>)
- 2024/04/15 #5:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #4:
Re: Linux: Disabling network namespaces (Simon McVittie <smcv@...ian.org>)
- 2024/04/15 #3:
Re: Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/15 #2:
Re: Linux: Disabling network namespaces (Demi Marie Obenour <demi@...isiblethingslab.com>)
- 2024/04/15 #1:
Re: less(1) with LESSOPEN mishandles \n in paths (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/14 #1:
Linux: Disabling network namespaces (Solar Designer <solar@...nwall.com>)
- 2024/04/13 #2:
Re: less(1) with LESSOPEN mishandles \n in paths (Tobias Powalowski <tobias.powalowski@...glemail.com>)
- 2024/04/13 #1:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/12 #11:
PHP security releases 8.1.28, 8.2.18, & 8.3.6 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #10:
Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to
21.1.12 and Xwayland prior to 23.2.5 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/12 #9:
Re: Re: backdoor in upstream xz/liblzma leading to
ssh server compromise (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/12 #8:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/12 #7:
CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and
readiness probes may leak basic auth credentials (Jason Gerlowski <gerlowskija@...che.org>)
- 2024/04/12 #6:
Re: less(1) with LESSOPEN mishandles \n in paths (Sam James <sam@...too.org>)
- 2024/04/12 #5:
less(1) with LESSOPEN mishandles \n in paths (Jakub Wilk <jwilk@...lk.net>)
- 2024/04/12 #4:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/12 #3:
CVE-2024-27309: Apache Kafka: Potential incorrect access control
during migration from ZK mode to KRaft mode (Colin McCabe <cmccabe@...che.org>)
- 2024/04/12 #2:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Kyle Zeng <zengyhkyle@...il.com>)
- 2024/04/12 #1:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Kyle Zeng <zengyhkyle@...il.com>)
- 2024/04/11 #15:
Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit
on /dev/shm ("Yann E. MORIN" <yann.morin.1998@...e.fr>)
- 2024/04/11 #14:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/11 #13:
Buildroot: incorrect permissons on /dev/shm (Ben Hutchings <ben.hutchings@...ensium.com>)
- 2024/04/11 #12:
[PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm (Ben Hutchings <ben.hutchings@...d.be>)
- 2024/04/11 #11:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/11 #10:
Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Michael Knap <oss-sec@...ap.com>)
- 2024/04/11 #9:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/11 #8:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/11 #7:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Donald Buczek <buczek@...gen.mpg.de>)
- 2024/04/11 #6:
Re: Is CVE-2024-30203 bogus? (Emacs) (Max Nikulin <manikulin@...il.com>)
- 2024/04/11 #5:
Re: Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
- 2024/04/11 #4:
Re: Is CVE-2024-30203 bogus? (Emacs) (Sean Whitton <spwhitton@...hitton.name>)
- 2024/04/11 #3:
Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Michael Knap <oss-sec@...ap.com>)
- 2024/04/11 #2:
Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow (Tianyu Chen <billchenchina2001@...il.com>)
- 2024/04/11 #1:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Jacob Bachmeyer <jcb62281@...il.com>)
- 2024/04/10 #23:
Re: CVE-2024-1086: Linux: nf_tables: use-after-free
vulnerability in the nft_verdict_init() function (Jonathan Wright <jonathan@...alinux.org>)
- 2024/04/10 #22:
CVE-2024-1086: Linux: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #21:
Re: New Linux LPE via GSMIOC_SETCONF_DLCI? (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #20:
Re: CERT VU#123335: Multiple Programming
Languages Fail to Escape Arguments Properly in Microsoft Windows (Steffen Nurpmeso <steffen@...oden.eu>)
- 2024/04/10 #19:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Vegard Nossum <vegard.nossum@...cle.com>)
- 2024/04/10 #18:
New Linux LPE via GSMIOC_SETCONF_DLCI? ("Dr. Christopher Kunz" <info@...istopher-kunz.de>)
- 2024/04/10 #17:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Alejandro Colomar <alx@...nel.org>)
- 2024/04/10 #16:
CERT VU#123335: Multiple Programming Languages Fail to Escape
Arguments Properly in Microsoft Windows (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2024/04/10 #15:
NodeJS Command injection via args parameter of child_process.spawn
without shell option enabled on Windows (CVE-2024-27… (Jan Schaumann <jschauma@...meister.org>)
- 2024/04/10 #14:
Fwd: Node.js security update for all active relesae lines, April 9
2024 (Rafael Gonzaga <work@...aelgss.dev>)
- 2024/04/10 #13:
Re: Analysis on who is Jia Tan, and who he could work
for, reading xz.git (Chris Down <chris@...isdown.name>)
- 2024/04/10 #12:
Re: Analysis on who is Jia Tan, and who he could work for, reading xz.git (Solar Designer <solar@...nwall.com>)
- 2024/04/10 #11:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Joey Hess <id@...yh.name>)
- 2024/04/10 #10:
Re: Analysis on who is Jia Tan, and who he could work for, reading
xz.git (Alejandro Colomar <alx@...nel.org>)
30081 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.