oss-security  

Messages by Date

• 2024/04/30 Re: [oss-security] New SMTP smuggling attack Mark Esler
• 2024/04/30 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/30 Re: [oss-security] libksieve (used by kmail/kontact) sent password as username Salvatore Bonaccorso
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Gabriel Ravier
• 2024/04/29 Re: [oss-security] Re: Linux: Disabling network namespaces John Johansen
• 2024/04/29 Re: [oss-security] Linux: Disabling network namespaces John Johansen
• 2024/04/29 [oss-security] CVE-2024-27322: Deserialization vulnerability in R before 4.4.0 Alan Coopersmith
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Vegard Nossum
• 2024/04/29 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/28 [oss-security] Telegram Web app XSS / Session Hijacking 1-click Pedro Batista
• 2024/04/28 [oss-security] Suspicious hook-loading mechanism in hyprland Sam James
• 2024/04/28 Re: [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/28 Re: [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/27 Re: [oss-security] Update on the distro-backdoor-scanner effort Morten Linderud
• 2024/04/27 Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
• 2024/04/26 Re: [oss-security] Update on the distro-backdoor-scanner effort Sam James
• 2024/04/26 Re: [oss-security] Update on the distro-backdoor-scanner effort Simon McVittie
• 2024/04/26 [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• 2024/04/25 [oss-security] libksieve (used by kmail/kontact) sent password as username Jonas Schäfer
• 2024/04/24 [oss-security] Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc) Paragon Initiative Enterprises Security Team
• 2024/04/24 [oss-security] CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy Oriol Castejón
• 2024/04/24 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
• 2024/04/24 [oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor Peter van Dijk
• 2024/04/23 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
• 2024/04/23 [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
• 2024/04/23 [oss-security] 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
• 2024/04/23 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/22 [oss-security] Re: Linux: Disabling network namespaces Priedhorsky, Reid
• 2024/04/22 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/22 [oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode Imba Jin
• 2024/04/22 [oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin Imba Jin
• 2024/04/22 [oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page Imba Jin
• 2024/04/22 [oss-security] Wordpress Responsive theme: arbitrary HTML content injection (CVE-2024-2848) Hanno Böck
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/21 Re: [oss-security] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Jeffrey Walton
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/21 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/20 [oss-security] [Update] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Fay Stegerman
• 2024/04/20 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/20 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/19 [oss-security] Re: Linux: Disabling network namespaces nightmare . yeah27
• 2024/04/19 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/19 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/19 [oss-security] CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context Elad Kalif
• 2024/04/19 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
• 2024/04/19 [oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website Enxin Xie
• 2024/04/18 [oss-security] flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88 Simon McVittie
• 2024/04/18 Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer
• 2024/04/18 Re: [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Jacob Bachmeyer
• 2024/04/18 [oss-security] libreswan: IKEv1 default AH/ESP responder can crash and restart David Morel
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Matt Johnston
• 2024/04/17 [oss-security] CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Ephraim Anierobi
• 2024/04/17 [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Adhemerval Zanella Netto
• 2024/04/17 [oss-security] Terrapin vulnerability in Jenkins CLI client Daniel Beck
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• 2024/04/17 Re: [oss-security] Linux: Disabling network namespaces Georgia Garcia
• 2024/04/17 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
• 2024/04/17 [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Vegard Nossum
• 2024/04/17 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/16 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Greg KH
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/16 Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer
• 2024/04/16 [oss-security] [kubernetes] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Rita Zhang
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Philippe Cerfon
• 2024/04/16 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
• 2024/04/16 Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
• 2024/04/15 [oss-security] CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Fabian Bäumer
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/15 Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• 2024/04/15 [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
• 2024/04/14 [oss-security] Linux: Disabling network namespaces Solar Designer
• 2024/04/13 [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Tobias Powalowski
• 2024/04/13 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/12 [oss-security] PHP security releases 8.1.28, 8.2.18, & 8.3.6 Alan Coopersmith
• 2024/04/12 [oss-security] Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 Alan Coopersmith
• 2024/04/12 Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• 2024/04/12 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
• 2024/04/12 [oss-security] CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials Jason Gerlowski
• 2024/04/12 Re: [oss-security] less(1) with LESSOPEN mishandles \n in paths Sam James
• 2024/04/12 [oss-security] less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
• 2024/04/12 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/11 [oss-security] CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Colin McCabe
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
• 2024/04/11 [oss-security] Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN
• 2024/04/11 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
• 2024/04/11 [oss-security] Buildroot: incorrect permissons on /dev/shm Ben Hutchings
• 2024/04/11 [oss-security] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/11 [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• 2024/04/11 Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Donald Buczek
• 2024/04/11 [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin
• 2024/04/11 Re: [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
• 2024/04/11 [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
• 2024/04/11 [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
• 2024/04/11 [oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Tianyu Chen
• 2024/04/11 Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• 2024/04/11 ezmlm response oss-security-help
• 2024/04/11 WELCOME to [email protected] oss-security-help
• 2024/04/11 confirm subscribe to [email protected] oss-security-help
• 2023/09/17 confirm subscribe to [email protected] oss-security-help
• 2023/08/17 confirm subscribe to [email protected] oss-security-help
• 2015/11/29 ezmlm response oss-security-help
• 2014/09/24 confirm subscribe to [email protected] oss-security-help

• Later messages