Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2018/10/23 #11: Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/10/23 #10: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Jeff Law <law@...hat.com>)
• 2018/10/23 #9: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Florian Weimer <fweimer@...hat.com>)
• 2018/10/23 #8: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Solar Designer <solar@...nwall.com>)
• 2018/10/23 #7: Re: Using quilt on untrusted RPM spec files ("Stuart D. Gathman" <stuart@...hman.org>)
• 2018/10/23 #6: Re: Using quilt on untrusted RPM spec files ("Stuart D. Gathman" <stuart@...hman.org>)
• 2018/10/23 #5: GLib (2.20.0+): GVariant, GDBus and GMarkup out of bounds reads, DoS and unbounded recursion (Philip Withnall <philip@...nocode.co.uk>)
• 2018/10/23 #4: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Matthew Fernandez <matthew.fernandez@...il.com>)
• 2018/10/23 #3: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Yann Droneaud <ydroneaud@...eya.com>)
• 2018/10/23 #2: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Ramon de C Valle <rcvalle@...e.com>)
• 2018/10/23 #1: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Mikhail Klementev <jollheef@...eup.net>)
• 2018/10/22 #4: Re: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Florian Weimer <fweimer@...hat.com>)
• 2018/10/22 #3: GCC Compiler Induced Vulnerability - affects programs compiled with GCC 7 and 8 containing nested functions (Andrew Sandoval <ASandoval@...root.com>)
• 2018/10/22 #2: Re: Using quilt on untrusted RPM spec files (Jakub Wilk <jwilk@...lk.net>)
• 2018/10/22 #1: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) (Hanno Böck <hanno@...eck.de>)
• 2018/10/21 #1: Re: Attempting to patch ghostscript-9.25 (Ken Moffat <zarniwhoop@...world.com>)
• 2018/10/20 #3: Re: Attempting to patch ghostscript-9.25 (Jordan Glover <Golden_Miller83@...tonmail.ch>)
• 2018/10/20 #2: Attempting to patch ghostscript-9.25 (Ken Moffat <zarniwhoop@...world.com>)
• 2018/10/20 #1: Re: Travis CI MITM RCE (zugtprgfwprz@...rnkuller.de)
• 2018/10/18 #5: Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Jordan Glover <Golden_Miller83@...tonmail.ch>)
• 2018/10/18 #4: Re: Travis CI MITM RCE (Jakub Wilk <jwilk@...lk.net>)
• 2018/10/18 #3: Re: Using quilt on untrusted RPM spec files (Jakub Wilk <jwilk@...lk.net>)
• 2018/10/18 #2: Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/18 #1: Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Jordan Glover <Golden_Miller83@...tonmail.ch>)
• 2018/10/17 #10: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/17 #9: Linux kernel: BPF verifier bug leads to out-of-bounds access (CVE-2018-18445; 4.14.9-4.14.74; 4.15-4.18.12) (Jann Horn <jannh@...gle.com>)
• 2018/10/17 #8: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Rich Felker <dalias@...c.org>)
• 2018/10/17 #7: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2018/10/17 #6: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/10/17 #5: Re: CVE-2018-10933: libssh: authentication bypass in server code (Minh Tuan Luong <not.soledad@...il.com>)
• 2018/10/17 #4: CVE-2018-12617 Qemu: qemu-guest-agent: Integer overflow in qmp_guest_file_read may lead to crash (P J P <ppandit@...hat.com>)
• 2018/10/17 #3: CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption (P J P <ppandit@...hat.com>)
• 2018/10/17 #2: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Rich Felker <dalias@...c.org>)
• 2018/10/17 #1: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Rich Felker <dalias@...c.org>)
• 2018/10/16 #6: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/10/16 #5: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Hanno Böck <hanno@...eck.de>)
• 2018/10/16 #4: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/16 #3: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/10/16 #2: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/16 #1: CVE-2018-10933: libssh: authentication bypass in server code (Marcus Meissner <meissner@...e.de>)
• 2018/10/14 #1: Re: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability ("Larry W. Cashdollar" <larry0@...com>)
• 2018/10/11 #4: Re: Linux kernel: "Meltdown leaks with Global kernel mapping" (Dave Hansen <dave.hansen@...ux.intel.com>)
• 2018/10/11 #3: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/11 #2: jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability ("Larry W. Cashdollar" <larry0@...com>)
• 2018/10/11 #1: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Emilio Pozuelo Monfort <pochu27@...il.com>)
• 2018/10/10 #13: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/10/10 #12: ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073) (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/10 #11: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Leo Famulari <leo@...ulari.name>)
• 2018/10/10 #10: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Brandon Perry <bperry.volatile@...il.com>)
• 2018/10/10 #9: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Ian Zimmerman <itz@...y.loosely.org>)
• 2018/10/10 #8: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Alan Coopersmith <alan.coopersmith@...cle.com>)
• 2018/10/10 #7: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Eddie Chapman <eddie@...k.net>)
• 2018/10/10 #6: Multiple vulnerabilities in Jenkins (Daniel Beck <ml@...kweb.net>)
• 2018/10/10 #5: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Hanno Böck <hanno@...eck.de>)
• 2018/10/10 #4: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Hanno Böck <hanno@...eck.de>)
• 2018/10/10 #3: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Eddie Chapman <eddie@...k.net>)
• 2018/10/10 #2: Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) (Magnus Klaaborg Stubman <magnus@...bman.eu>)
• 2018/10/10 #1: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Doran Moppert <dmoppert@...hat.com>)
• 2018/10/09 #12: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Alex Gaynor <alex.gaynor@...il.com>)
• 2018/10/09 #11: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/09 #10: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) ("Perry E. Metzger" <perry@...rmont.com>)
• 2018/10/09 #9: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Bob Friesenhahn <bfriesen@...ple.dallas.tx.us>)
• 2018/10/09 #8: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Hanno Böck <hanno@...eck.de>)
• 2018/10/09 #7: [CVE-2018-11796] Apache Tika Denial of Service via XML Entity Expansion Vulnerability (Tim Allison <tallison@...che.org>)
• 2018/10/09 #6: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/09 #5: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Leonid Isaev <leonid.isaev@...a.colorado.edu>)
• 2018/10/09 #4: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) (Tavis Ormandy <taviso@...gle.com>)
• 2018/10/09 #3: Linux kernel: "Meltdown leaks with Global kernel mapping" (Solar Designer <solar@...nwall.com>)
• 2018/10/09 #2: Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/10/09 #1: Re: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) (Alexander Bergmann <abergmann@...e.com>)
• 2018/10/08 #4: net-snmp 5.7.3 unauthenticated remote Denial of Service (exploit available) (Magnus Klaaborg Stubman <magnus@...bman.eu>)
• 2018/10/08 #3: CVE-2018-17407: Tex-Live buffer overflow in handling of Type 1 fonts (Nick Roessler <nicholas.e.roessler@...il.com>)
• 2018/10/08 #2: Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability (luo <a4651386@....com>)
• 2018/10/08 #1: Qemu: integer overflow issues (P J P <ppandit@...hat.com>)
• 2018/10/07 #1: Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Salvatore Bonaccorso <carnil@...ian.org>)
• 2018/10/06 #3: CVE-2018-17456 Git RCE via .gitmodules (joernchen <joernchen@...noelit.de>)
• 2018/10/06 #2: [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser (Andreas Lehmkuehler <lehmi@...che.org>)
• 2018/10/06 #1: Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability (luo <a4651386@....com>)
• 2018/10/05 #6: Re: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability (Solar Designer <solar@...nwall.com>)
• 2018/10/05 #5: CVE-2018-17977: CentOS ipsec remote denial of service vulnerability (luo <a4651386@....com>)
• 2018/10/05 #4: [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser (Andreas Lehmkuehler <lehmi@...che.org>)
• 2018/10/05 #3: [SECURITY] CVE-2018-8033 Apache OFBiz XXE Vulnerability in HttpEngine (Taher Alkhateeb <slidingfilaments@...il.com>)
• 2018/10/05 #2: [SECURITY] CVE-2011-3600 Apache OFBiz XML-RPC XXE Vulnerability (Taher Alkhateeb <slidingfilaments@...il.com>)
• 2018/10/05 #1: CVE update - fixed in Apache Ranger 1.2.0 (Velmurugan Periasamy <vel@...che.org>)
• 2018/10/04 #2: [NOTICE] CVE-2017-5658: Derived information disclosure by Apache Pony Mail (Daniel Gruno <humbedooh@...che.org>)
• 2018/10/04 #1: CVE-2018-14656: Linux kernel: arbitrary kernel memory dump into the dmesg log (Vladis Dronov <vdronov@...hat.com>)
• 2018/10/03 #3: Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Seth Arnold <seth.arnold@...onical.com>)
• 2018/10/03 #2: Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Marcus Meissner <meissner@...e.de>)
• 2018/10/03 #1: Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Florian Weimer <fw@...eb.enyo.de>)
• 2018/10/02 #3: Re: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Henri Salo <henri@...v.fi>)
• 2018/10/02 #2: arm64 Linux kernel: Privilege escalation by taking control of the KVM hypervisor (Will Deacon <will.deacon@....com>)
• 2018/10/02 #1: Re: CVE Request - Information Exposure Vulnerability in WordPress Mobile Pack Wordpress Plugin v2.1.2 (and certain versions of v2.1… (Henri Salo <henri@...v.fi>)
• 2018/10/01 #3: Re: Django security release issued: 2.1.2 (Alex Gaynor <alex.gaynor@...il.com>)
• 2018/10/01 #2: Re: Django security release issued: 2.1.2 (Solar Designer <solar@...nwall.com>)
• 2018/10/01 #1: Django security release issued: 2.1.2 (Carlton Gibson <carlton.gibson@...il.com>)
• 2018/09/29 #1: WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0007 (Michael Catanzaro <mcatanzaro@...lia.com>)
• 2018/09/28 #1: Re: Using quilt on untrusted RPM spec files (Randy Barlow <randy@...ctronsweatshop.com>)
• 2018/09/27 #2: Using quilt on untrusted RPM spec files (Matthias Gerstner <mgerstner@...e.de>)
• 2018/09/27 #1: Telegram uses SOCKS5 to share user/creds (Dhiraj Mishra <mishra.dhiraj95@...il.com>)
• 2018/09/26 #3: Apache Ignite: CVE-2018-8018, CVE-2018-1273, CVE-2018-1274: Notification on available mitigation (Alexander Gerus <agerus@...dgain.com>)

24641 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.