Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list

• 2019/11/14 #1: Security release of kubernetes-csi sidecars - CVE-2019-11255 (Tim Allclair <tallclair@...gle.com>)
• 2019/11/12 #4: Xen Security Advisory 305 v1 (CVE-2019-11135) - TSX Asynchronous Abort speculative side channel (Xen.org security team <security@....org>)
• 2019/11/12 #3: Xen Security Advisory 304 v1 (CVE-2018-12207) - x86: Machine Check Error on Page Size Change DoS (Xen.org security team <security@....org>)
• 2019/11/12 #2: DPDK security advisory: CVE-2019-14818 (Ferruh Yigit <ferruh.yigit@...el.com>)
• 2019/11/12 #1: Re: CVE-2019-2201: libjpeg-turbo: code execution (pgajdos <pgajdos@...e.cz>)
• 2019/11/11 #1: CVE-2019-2201: libjpeg-turbo: code execution (Wolfgang Frisch <wolfgang.frisch@...e.com>)
• 2019/11/08 #8: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Florian Weimer <fw@...eb.enyo.de>)
• 2019/11/08 #7: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Russ Allbery <eagle@...ie.org>)
• 2019/11/08 #6: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0006 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2019/11/08 #5: CVE-2019-18397 - Stack buffer overflow in GNU FriBidi >= 1.0.0 (Alex Murray <alex.murray@...onical.com>)
• 2019/11/08 #4: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (John Haxby <john.haxby@...cle.com>)
• 2019/11/08 #3: Re: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (John Haxby <john.haxby@...cle.com>)
• 2019/11/08 #2: Controversy and exploitability of gcc issue 30475 |assert(int+100 > int)| (Georgi Guninski <gguninski@...il.com>)
• 2019/11/08 #1: [CVE-2019-12408][CVE-2019-12410] Uninitialized Memory Vulnerabilities fixed in Apache Arrow 0.15.1 (Micah Kornfield <emkornfield@...che.org>)
• 2019/11/07 #2: Re: independent volunteers on distros list (Solar Designer <solar@...nwall.com>)
• 2019/11/07 #1: Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? (Kees Cook <kees@...ntu.com>)
• 2019/11/06 #4: Re: Membership application for linux-distros - VMware (Solar Designer <solar@...nwall.com>)
• 2019/11/06 #3: Re: Contributing Back (Solar Designer <solar@...nwall.com>)
• 2019/11/06 #2: Re: Contributing Back (Anthony Liguori <anthony@...emonkey.ws>)
• 2019/11/06 #1: Re: Membership application for linux-distros - VMware ("Srivatsa S. Bhat" <srivatsa@...il.mit.edu>)
• 2019/11/05 #6: Re: Contributing Back (Seth Arnold <seth.arnold@...onical.com>)
• 2019/11/05 #5: Re: Contributing Back (Solar Designer <solar@...nwall.com>)
• 2019/11/05 #4: Re: Membership application for linux-distros - VMware (Solar Designer <solar@...nwall.com>)
• 2019/11/05 #3: [CVE-2019-12419] Apache CXF OpenId Connect token service does not properly validate the clientId (Colm O hEigeartaigh <coheigea@...che.org>)
• 2019/11/05 #2: [CVE-2019-12406] Apache CXF does not restrict the number of message attachments (Colm O hEigeartaigh <coheigea@...che.org>)
• 2019/11/05 #1: Re: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid (Salvatore Bonaccorso <carnil@...ian.org>)
• 2019/11/04 #3: Re: Membership application for linux-distros - VMware ("Srivatsa S. Bhat" <srivatsa@...il.mit.edu>)
• 2019/11/04 #2: Re: Membership application for linux-distros - VMware ("Srivatsa S. Bhat" <srivatsa@...il.mit.edu>)
• 2019/11/04 #1: [CVE-2019-10084] privilege escalation by authenticated Apache Impala users (Tim Armstrong <tarmstrong@...che.org>)
• 2019/11/02 #1: [ Linux kernel ] Exploitable bugs in drivers/media/platform/vivid (Alexander Popov <alex.popov@...ux.com>)
• 2019/10/31 #7: Re: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243 (Peter van Dijk <peter.van.dijk@...erdns.com>)
• 2019/10/31 #6: Xen Security Advisory 302 v5 (CVE-2019-18424) - passed through PCI devices may corrupt host memory after deassignment (Xen.org security team <security@....org>)
• 2019/10/31 #5: Xen Security Advisory 303 v4 (CVE-2019-18422) - ARM: Interrupts are unconditionally unmasked in exception handlers (Xen.org security team <security@....org>)
• 2019/10/31 #4: Xen Security Advisory 301 v3 (CVE-2019-18423) - add-to-physmap can be abused to DoS Arm hosts (Xen.org security team <security@....org>)
• 2019/10/31 #3: Xen Security Advisory 299 v4 (CVE-2019-18421) - Issues with restartable PV type change operations (Xen.org security team <security@....org>)
• 2019/10/31 #2: Xen Security Advisory 298 v3 (CVE-2019-18425) - missing descriptor table limit checking in x86 PV emulation (Xen.org security team <security@....org>)
• 2019/10/31 #1: Xen Security Advisory 296 v4 (CVE-2019-18420) - VCPUOP_initialise DoS (Xen.org security team <security@....org>)
• 2019/10/30 #5: Re: Membership application for linux-distros - VMware (Solar Designer <solar@...nwall.com>)
• 2019/10/30 #4: Re: Membership application for linux-distros - VMware (Solar Designer <solar@...nwall.com>)
• 2019/10/30 #3: Python-3.5.8.tar.xz does NOT contain the fix for bpo-38243 (Peter van Dijk <peter.van.dijk@...erdns.com>)
• 2019/10/30 #2: [CVE-2019-12417] Apache Airflow stored xss and local file disclosure vulnerability <= 1.10.5 (Ash Berlin-Taylor <ash@...che.org>)
• 2019/10/30 #1: Re: Bodhi: Script injection (Henri Salo <henri@...v.fi>)
• 2019/10/29 #3: Re: Membership application for linux-distros - VMware ("Srivatsa S. Bhat" <srivatsa@...il.mit.edu>)
• 2019/10/29 #2: WebKitGTK and WPE WebKit Security Advisory WSA-2019-0005 (Carlos Alberto Lopez Perez <clopez@...lia.com>)
• 2019/10/29 #1: Bodhi: Script injection (Randy Barlow <randy@...ctronsweatshop.com>)
• 2019/10/27 #1: Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem? (Stiepan <stie@...tonmail.ch>)
• 2019/10/26 #2: Re: Do distros want to see CVEs for Linux kernel USB bugs? (Igor Seletskiy <i@...udlinux.com>)
• 2019/10/26 #1: Re: Do distros want to see CVEs for Linux kernel USB bugs? (Marcus Meissner <meissner@...e.de>)
• 2019/10/25 #17: Security fixes from Android 10 release which are relevant outside the Android ecosystem? (Moritz Mühlenhoff <jmm@...til.org>)
• 2019/10/25 #16: Re: Formal verification of open source software (Julien Lepiller <security@...iller.eu>)
• 2019/10/25 #15: Do distros want to see CVEs for Linux kernel USB bugs? (Andrey Konovalov <andreyknvl@...il.com>)
• 2019/10/25 #14: Re: Formal verification of open source software (Georgi Guninski <gguninski@...il.com>)
• 2019/10/25 #13: Re: Formal verification of open source software (Pascal Cuoq <cuoq@...st-in-soft.com>)
• 2019/10/25 #12: Re: Formal verification of open source software (Hanno Böck <hanno@...eck.de>)
• 2019/10/25 #11: Formal verification of open source software (Georgi Guninski <gguninski@...il.com>)
• 2019/10/25 #10: Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline (Xen.org security team <security@....org>)
• 2019/10/25 #9: Xen Security Advisory 300 v3 (CVE-2019-17351) - Linux: No grant table and foreign mapping limits (Xen.org security team <security@....org>)
• 2019/10/25 #8: Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption (Xen.org security team <security@....org>)
• 2019/10/25 #7: Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID (Xen.org security team <security@....org>)
• 2019/10/25 #6: Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug (Xen.org security team <security@....org>)
• 2019/10/25 #5: Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID (Xen.org security team <security@....org>)
• 2019/10/25 #4: Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update (Xen.org security team <security@....org>)
• 2019/10/25 #3: Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation (Xen.org security team <security@....org>)
• 2019/10/25 #2: Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline (Xen.org security team <security@....org>)
• 2019/10/25 #1: Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts (Xen.org security team <security@....org>)
• 2019/10/24 #4: CVE-2019-11043: PHP: env_path_info underflow in fpm_main.c can lead to RCE (Solar Designer <solar@...nwall.com>)
• 2019/10/24 #3: Re: Re: Membership application for linux-distros - VMware (Dhaval Giani <dhaval.giani@...cle.com>)
• 2019/10/24 #2: Re: Membership application for linux-distros - VMware (Steven Rostedt <rostedt@...dmis.org>)
• 2019/10/24 #1: Membership application for linux-distros - VMware ("Srivatsa S. Bhat" <srivatsa@...il.mit.edu>)
• 2019/10/23 #3: Re: Membership application for linux-distros - VMware (Sasha Levin <sashal@...nel.org>)
• 2019/10/23 #2: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/10/23 #1: CVE-2019-12415 - XML External Entity (XXE) Processing in Apache POI (Dominik Stadler <centic@...che.org>)
• 2019/10/22 #2: Re: [CVE-2019-15587] Loofah XSS Vulnerability (Mike Dalessio <mike.dalessio@...il.com>)
• 2019/10/22 #1: [CVE-2019-15587] Loofah XSS Vulnerability (Mike Dalessio <mike.dalessio@...il.com>)
• 2019/10/17 #3: CVE-2019-18192: Insecure permissions on Guix profile directory (Ludovic Courtès <ludo@....org>)
• 2019/10/17 #2: CVE-2019-0210: Apache Thrift: out-of-bounds read vulnerability ("Jens Geyer" <jensg@...che.org>)
• 2019/10/17 #1: CVE-2019-0205: Apache Thrift: potential DoS when processing untrusted Thrift payload (Jens Geyer <jensgeyer@...mail.com>)
• 2019/10/16 #7: BIND9 CVE-2019-6475 and CVE-2019-6476 (ISC Security Officer <security-officer@....org>)
• 2019/10/16 #6: Multiple vulnerabilities in Jenkins plugins (Daniel Beck <ml@...kweb.net>)
• 2019/10/16 #5: [SBA-ADV-20190913-04] CVE-2019-16520: WordPress Plugin - All in One SEO Pack <= 3.2.6 - Stored XSS (SBA Research Advisory <advisory@...-research.org>)
• 2019/10/16 #4: [SBA-ADV-20190913-03] CVE-2019-16523: WordPress Plugin - Events Manager <= 5.9.5 - Stored XSS (SBA Research Advisory <advisory@...-research.org>)
• 2019/10/16 #3: [SBA-ADV-20190913-02] CVE-2019-16521: WordPress Plugin - Broken Link Checker <= 1.11.8 - Reflected XSS (SBA Research Advisory <advisory@...-research.org>)
• 2019/10/16 #2: [SBA-ADV-20190913-01] CVE-2019-16522: WordPress Plugin - EU Cookie Law (GDPR) <= 3.0.6 and possibly upwards - Stored XS… (SBA Research Advisory <advisory@...-res…)
• 2019/10/16 #1: Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0 (Vishwas Babu <vishwasbabuaj@...il.com>)
• 2019/10/15 #2: Re: Sudo: CVE-2019-14287 ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2019/10/15 #1: Re: Statistics for distros lists updated for 2019Q3 (Kristian Fiskerstrand <k_f@...too.org>)
• 2019/10/14 #1: Sudo: CVE-2019-14287 ("Todd C. Miller" <Todd.Miller@...o.ws>)
• 2019/10/13 #1: Statistics for distros lists updated for 2019Q3 (Kristian Fiskerstrand <k_f@...too.org>)
• 2019/10/10 #1: Re: CVE-2019-17365: Nix per-user profile directory hijack (Michael Orlitzky <michael@...itzky.com>)
• 2019/10/09 #7: Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow (Tina Li <tli@...italocean.com>)
• 2019/10/09 #6: Re: CVE-2019-17365: Nix per-user profile directory hijack ("Graham Christensen" <graham@...hamc.com>)
• 2019/10/09 #5: Koji CVE-2019-17109: koji hub allows arbitrary upload destinations (Patrick Uiterwijk <puiterwijk@...hat.com>)
• 2019/10/09 #4: CVE-2019-17365: Nix per-user profile directory hijack (Michael Orlitzky <michael@...itzky.com>)
• 2019/10/09 #3: Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow (bo Zhang <zhangbo5891001@...il.com>)
• 2019/10/09 #2: Re: Multiple vulnerabilities in Centreon-Web and Centreon-VM (Guillaume Quéré <guillaume@...re.eu>)
• 2019/10/09 #1: Announce: OpenSSH 8.1 released (Damien Miller <djm@...nbsd.org>)
• 2019/10/08 #3: CVE-2019-16760: Cargo prior to Rust 1.26.0 may download the wrong dependency (Pietro Albini <pietro@...troalbini.org>)
• 2019/10/08 #2: [OSSA-2019-005] Octavia Amphora-Agent not requiring Client-Certificate (CVE-2019-17134) (Daniel 'f0o' Preussker <daniel@...ussker.net>)
• 2019/10/08 #1: Multiple vulnerabilities in Centreon-Web and Centreon-VM (Guillaume Quéré <guillaume@...re.eu>)
• 2019/10/04 #1: CVE-2018-11768: Apache Hadoop HDFS FSImage Corruption (Akira Ajisaka <aajisaka@...che.org>)

25627 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.