oss-security mailing list
Recent messages:
- 2022/05/17 #9:
CVE-2022-30688: needrestart 0.8+ local privilege escalation (Thomas Liske <thomas@...sko-nw.net>)
- 2022/05/17 #8:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2022/05/17 #7:
Re: linux-distros list policy and Linux kernel (Jeremy Stanley <fungi@...goth.org>)
- 2022/05/17 #6:
Re: linux-distros list policy and Linux kernel (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
- 2022/05/17 #5:
Re: linux-distros list policy and Linux kernel (Greg KH <greg@...ah.com>)
- 2022/05/17 #4:
Re: linux-distros list policy and Linux kernel ("Jason A. Donenfeld" <Jason@...c4.com>)
- 2022/05/17 #3:
CVE-2022-26650: Apache ShenYu (incubating) Regular expression denial
of service (Zhang Yonglun <zhangyonglun@...che.org>)
- 2022/05/17 #2:
Re: linux-distros list policy and Linux kernel (Greg KH <greg@...ah.com>)
- 2022/05/17 #1:
Re: linux-distros list policy and Linux kernel (Seth Arnold <seth.arnold@...onical.com>)
- 2022/05/16 #6:
Re: linux-distros list policy and Linux kernel (Greg KH <greg@...ah.com>)
- 2022/05/16 #5:
Re: linux-distros list policy and Linux kernel (Greg KH <gregkh@...uxfoundation.org>)
- 2022/05/16 #4:
CVE-2022-25169: Apache Tika BPGParser Memory Usage DoS (Tim Allison <tallison@...che.org>)
- 2022/05/16 #3:
CVE-2022-30126: Apache Tika Regular Expression Denial of Service
in Standards Extractor (Tim Allison <tallison@...che.org>)
- 2022/05/16 #2:
Re: linux-distros list policy and Linux kernel (Thadeu Lima de Souza Cascardo <cascardo@...onical.com>)
- 2022/05/16 #1:
Re: linux-distros list policy and Linux kernel ("Jason A. Donenfeld" <Jason@...c4.com>)
- 2022/05/15 #3:
Re: linux-distros list policy and Linux kernel (Anthony Liguori <anthony@...emonkey.ws>)
- 2022/05/15 #2:
Re: linux-distros list policy and Linux kernel (Igor Seletskiy <i@...udlinux.com>)
- 2022/05/15 #1:
linux-distros list policy and Linux kernel (Solar Designer <solar@...nwall.com>)
- 2022/05/12 #1:
CVE-2022-29162: runc < 1.1.2 incorrect handling of inheritable
capabilities in default configuration (Aleksa Sarai <asarai@...e.de>)
- 2022/05/11 #6:
[SECURITY ADVISORY] curl: HSTS bypass via trailing dot (Daniel Stenberg <daniel@...x.se>)
- 2022/05/11 #5:
[SECURITY ADVISORY] curl: TLS and SSH connection too eager reuse (Daniel Stenberg <daniel@...x.se>)
- 2022/05/11 #4:
[SECURITY ADVISORY] curl: CERTINFO never-ending busy-loop (Daniel Stenberg <daniel@...x.se>)
- 2022/05/11 #3:
[SECURITY ADVISORY] curl: percent-encoded path separator in URL
host (Daniel Stenberg <daniel@...x.se>)
- 2022/05/11 #2:
[SECURITY ADVISORY] curl: cookie for trailing dot TLD (Daniel Stenberg <daniel@...x.se>)
- 2022/05/11 #1:
[SECURITY ADVISORY] curl: removes wrong file on error (Daniel Stenberg <daniel@...x.se>)
- 2022/05/10 #2:
Re: Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version (Minh Yuan <yuanmingbuaa@...il.com>)
- 2022/05/10 #1:
Linux kernel: A concurrency use-after-free in bad_flp_intr for latest kernel version (Minh Yuan <yuanmingbuaa@...il.com>)
- 2022/05/09 #4:
Re: CVE-2022-24706: Apache CouchDB: Remote Code
Execution Vulnerability in Packaging (Jan Lehnardt <jan@...che.org>)
- 2022/05/09 #3:
Re: CVE-2022-24706: Apache CouchDB: Remote Code
Execution Vulnerability in Packaging (Archange <archange@...ivis.me>)
- 2022/05/09 #2:
Re: CVE-2022-24706: Apache CouchDB: Remote Code
Execution Vulnerability in Packaging (Jan Lehnardt <jan@...che.org>)
- 2022/05/09 #1:
Re: CVE-2022-24706: Apache CouchDB: Remote Code
Execution Vulnerability in Packaging (Archange <archange@...ivis.me>)
- 2022/05/05 #3:
CVE-2022-24903: rsyslog < 8.2204.1 heap buffer overrun (Rainer Gerhards <rgerhards@...adiscon.com>)
- 2022/05/05 #2:
DPDK CVE-2022-0669 Release Notice ("Jiang, Cheng1" <cheng1.jiang@...el.com>)
- 2022/05/05 #1:
DPDK CVE-2021-3839 Release Notice ("Jiang, Cheng1" <cheng1.jiang@...el.com>)
- 2022/05/04 #1:
CVE-2022-28890: Apache Jena: Processing external DTDs (Andy Seaborne <andy@...che.org>)
- 2022/05/02 #1:
Re: CVE-2022-21449 and version reporting (Christian Fischer <christian.fischer@...enbone.net>)
- 2022/05/01 #2:
Re: CVE-2022-21449 and version reporting (John Helmert III <ajak@...too.org>)
- 2022/05/01 #1:
Re: CVE-2022-21449 and version
reporting ("Christian Fischer" <christian.fischer@...enbone.net>)
- 2022/04/30 #4:
Re: CVE-2022-21449 and version reporting ("David A. Wheeler" <dwheeler@...eeler.com>)
- 2022/04/30 #3:
Re: CVE-2022-21449 and version reporting (Jeremy Stanley <fungi@...goth.org>)
- 2022/04/30 #2:
Re: CVE-2022-21449 and version reporting (John Helmert III <ajak@...too.org>)
- 2022/04/30 #1:
Re: CVE-2022-21449 and version reporting (Christian Fischer <christian.fischer@...enbone.net>)
- 2022/04/29 #2:
CVE-2022-29265: Apache NiFi: Improper Restriction of XML External
Entity References in Multiple Components (David Handermann <exceptionfactory@...che.org>)
- 2022/04/29 #1:
Re: CVE-2022-21449 and version reporting (Iron-Bound <iron.bound@...il.com>)
- 2022/04/28 #7:
Re: CVE-2022-21449 and version reporting ("Seaman, Chad" <cseaman@...mai.com>)
- 2022/04/28 #6:
Re: CVE-2022-21449 and version reporting (Sven Schwedas <sven.schwedas@....at>)
- 2022/04/28 #5:
Re: CVE-2022-21449 and version reporting (Seth Arnold <seth.arnold@...onical.com>)
- 2022/04/28 #4:
Re: CVE-2022-21449 and version reporting (Jeremy Stanley <fungi@...goth.org>)
- 2022/04/28 #3:
Re: CVE-2022-21449 and version reporting (Brian Behlendorf <brian@...lendorf.com>)
- 2022/04/28 #2:
CVE-2022-21449 and version reporting ("Seaman, Chad" <cseaman@...mai.com>)
- 2022/04/28 #1:
Linux kernel: A concurrency use-after-free in floppy's raw_cmd (Minh Yuan <yuanmingbuaa@...il.com>)
- 2022/04/27 #5:
CVE-2022-27239: cifs-utils mount.cifs buffer overflow in ip parameter (Marcus Meissner <meissner@...e.de>)
- 2022/04/27 #4:
[SECURITY ADVISORY] curl auth/cookie leak on redirect (Daniel Stenberg <daniel@...x.se>)
- 2022/04/27 #3:
[SECURITY ADVISORY] curl bad local IPv6 connection reuse (Daniel Stenberg <daniel@...x.se>)
- 2022/04/27 #2:
[SECURITY ADVISORY] curl credential leak on redirect (Daniel Stenberg <daniel@...x.se>)
- 2022/04/27 #1:
[SECURITY ADVISORY] curl OAUTH2 bearer bypass in connection re-use (Daniel Stenberg <daniel@...x.se>)
- 2022/04/26 #3:
[morningman@....com: CVE-2022-23942: Apache
Doris(incubating) hardcoded cryptography initialization] (Seth Arnold <seth.arnold@...onical.com>)
- 2022/04/26 #2:
CVE-2022-23942: Apache Doris(incubating) hardcoded cryptography
initialization (陈明雨 <morningman@....com>)
- 2022/04/26 #1:
CVE-2022-24706: Apache CouchDB: Remote Code Execution
Vulnerability in Packaging (Jan Lehnardt <jan@...che.org>)
- 2022/04/22 #7:
CVE-2022-29464 :: WSO2 Unrestricted arbitrary file upload, and remote
code to execution vulnerability. ("Myers, Christopher" <Christopher.Myers@...or.edu>)
- 2022/04/22 #6:
[kubernetes] CVE-2021-25746: Ingress-nginx directive injection via annotations (CJ Cullen <cjcullen@...gle.com>)
- 2022/04/22 #5:
[kubernetes] CVE-2021-25745: Ingress-nginx `path` can be pointed to
service account token file (CJ Cullen <cjcullen@...gle.com>)
- 2022/04/22 #4:
Re: Linux: UaF due to concurrency issue in io_uring
timeouts (Salvatore Bonaccorso <carnil@...ian.org>)
- 2022/04/22 #3:
Linux: UaF due to concurrency issue in io_uring timeouts (David Bouman <dbouman03@...il.com>)
- 2022/04/22 #2:
Re: CVE-2022-1419: Linux kernel: A concurrency
use-after-free in vgem_gem_dumb_create (Greg KH <greg@...ah.com>)
- 2022/04/22 #1:
Re: CVE-2022-1419: Linux kernel: A concurrency
use-after-free in vgem_gem_dumb_create (Marcus Meissner <meissner@...e.de>)
- 2022/04/21 #2:
Re: CVE-2022-1419: Linux kernel: A concurrency
use-after-free in vgem_gem_dumb_create (Greg KH <greg@...ah.com>)
- 2022/04/21 #1:
CVE-2022-1419: Linux kernel: A concurrency use-after-free in vgem_gem_dumb_create (Minh Yuan <yuanmingbuaa@...il.com>)
- 2022/04/20 #3:
tpm2-abrmd: possibly surprising security model for local users could
result in a local DoS against TPM configuration and … (Matthias Gerstner <mgerstner@...e.de>)
- 2022/04/20 #2:
CVE-2022-1215 libinput format string vulnerability (Peter Hutterer <peter.hutterer@...hat.com>)
- 2022/04/20 #1:
CVE-2022-29266: Apache APISIX: apisix/jwt-auth may leak secrets in
error response (Zeping Bai <bzp2010@...che.org>)
- 2022/04/16 #1:
Re: Browser-mediated attacks on WebDriver servers (Gabriel Corona <gabriel.corona@...t-bretagne.fr>)
- 2022/04/14 #3:
mutt 2.2.3 released - fixes CVE-2022-1328 (Alan Coopersmith <alan.coopersmith@...cle.com>)
- 2022/04/14 #2:
Re: Browser-mediated attacks on WebDriver servers (Gabriel Corona <gabriel.corona@...t-bretagne.fr>)
- 2022/04/14 #1:
Multiple vulnerabilities in swhkd hotkey helper for Wayland (Matthias Gerstner <mgerstner@...e.de>)
- 2022/04/13 #3:
CVE-2022-27479: Apache Superset: SQL injection vulnerability in
chart data API (Ville Brofeldt <villebro@...che.org>)
- 2022/04/13 #2:
CVE-2022-0617: udf:A null-ptr-deref bug be triggered
when write to an ICB inode (butt3rflyh4ck <butterflyhuangxx@...il.com>)
- 2022/04/13 #1:
Re: Linux kernel: A concurrency use-after-free
between drm_setmaster_ioctl and drm_mode_getresources (Salvatore Bonaccorso <carnil@...ian.org>)
- 2022/04/12 #7:
git v2.35.2 and friends for CVE-2022-24765 (Junio C Hamano <gitster@...ox.com>)
- 2022/04/12 #6:
CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when
evaluated on raw not validated user input in tag attributes… (Yasser Zamani <yasserzamani@...che.org>)
- 2022/04/12 #5:
Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
- 2022/04/12 #4:
Re: Linux kernel: A concurrency use-after-free
between drm_setmaster_ioctl and drm_mode_getresources (Greg KH <greg@...ah.com>)
- 2022/04/12 #3:
Linux kernel: A concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (Minh Yuan <yuanmingbuaa@...il.com>)
- 2022/04/12 #2:
[SECURITY][ANNOUNCE] Apache Subversion 1.14.2 released ("markphip@...il.com" <markphip@...che.org>)
- 2022/04/12 #1:
[SECURITY][ANNOUNCE] Apache Subversion 1.10.8 released ("markphip@...il.com" <markphip@...che.org>)
- 2022/04/11 #5:
Re: CVE-2022-28893: Linux kernel: Use after free in
SUNRPC subsystem ("Mike O'Connor" <mjo@...o.mi.org>)
- 2022/04/11 #4:
Re: CVE-2022-28893: Linux kernel: Use after free in
SUNRPC subsystem (Greg KH <greg@...ah.com>)
- 2022/04/11 #3:
CVE-2022-28893: Linux kernel: Use after free in SUNRPC subsystem (Felix Fu <foyjog@...il.com>)
- 2022/04/11 #2:
Django: CVE-2022-28347: Potential SQL injection via
QuerySet.explain(**options) on PostgreSQL (Mariusz Felisiak <felisiak.mariusz@...il.com>)
- 2022/04/11 #1:
Django: CVE-2022-28346: Potential SQL injection in
``QuerySet.annotate()``, ``aggregate()``, and ``extra()`` (Mariusz Felisiak <felisiak.mariusz@...il.com>)
- 2022/04/08 #8:
Re: WebKitGTK and WPE WebKit Security Advisory
WSA-2022-0004 (John Helmert III <ajak@...too.org>)
- 2022/04/08 #7:
Re: WebKitGTK and WPE WebKit Security Advisory
WSA-2022-0004 (John Helmert III <ajak@...too.org>)
- 2022/04/08 #6:
WebKitGTK and WPE WebKit Security Advisory WSA-2022-0004 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
- 2022/04/08 #5:
Re: zgrep, xzgrep: arbitrary-file-write vulnerability (Axel Beckert <abe@...xchevaux.org>)
- 2022/04/08 #4:
CVE-2022-1158: Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to
pfns outside the userspace region (Qiuhao Li <qiuhao@...ec.org>)
- 2022/04/08 #3:
Re: zgrep, xzgrep: arbitrary-file-write vulnerability (Levente Polyak <levente@...entepolyak.net>)
- 2022/04/08 #2:
Re: zgrep, xzgrep: arbitrary-file-write vulnerability (Jakub Wilk <jwilk@...lk.net>)
- 2022/04/08 #1:
Announce: OpenSSH 9.0 released (Damien Miller <djm@....openbsd.org>)
- 2022/04/07 #8:
zgrep, xzgrep: arbitrary-file-write vulnerability (Jim Meyering <jim@...ering.net>)
- 2022/04/07 #7:
CVE-2022-26612: Apache Hadoop: Arbitrary file write in
FileUtil#unpackEntries on Windows (Gautham Banasandra <gaurava@...che.org>)
27765 messages
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.