oss-security  

Messages by Date

• 2026/05/03 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Simon McVittie
• 2026/05/02 [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation nightmare . yeah27
• 2026/05/02 [oss-security] syzkaller "Reporting Linux kernel bugs" out of date Solar Designer
• 2026/05/02 [oss-security] CVE-2026-40561: Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Malik, Vaibhav
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Collin Funk
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Alexander Bochmann
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 [oss-security] Re: uutils coreutils CVEs Collin Funk
• 2026/05/02 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Brian May
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/02 Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Richard Kettlewell
• 2026/05/02 [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg Dahlman
• 2026/05/02 [oss-security] CVE-2026-42812: Apache Polaris: No protection on `write.metadata.path` Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42811: Apache Polaris: In plain terms, Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42810: Apache Polaris: Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. Jean-Baptiste Onofré
• 2026/05/02 [oss-security] CVE-2026-42809: Apache Polaris: An authenticated low-privileged user can abuse Polaris staged table creation to mint broad temporary storage credentials for an attacker-chosen location before Polaris validates that location Jean-Baptiste Onofré
• 2026/05/02 Re: [oss-security] uutils coreutils CVEs Jan Schaumann
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/02 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/02 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/02 [oss-security] Ubuntu back up, In Saturday after DDoS attacks cyber security
• 2026/05/02 [oss-security] uutils coreutils CVEs Collin Funk
• 2026/05/01 [oss-security] Security audit of rust-coreutils Alan Coopersmith
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
• 2026/05/01 [oss-security] CVE-2026-42440: Apache OpenNLP: OOM DoS via Unbounded Array Allocation in AbstractModelReader Richard Zowalla
• 2026/05/01 [oss-security] CVE-2026-42027: Apache OpenNLP: Arbitrary Class Instantiation via Model Manifest in ExtensionLoader Richard Zowalla
• 2026/05/01 [oss-security] CVE-2026-40682: Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor Richard Zowalla
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/05/01 Re: [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
• 2026/05/01 [oss-security] Re: CVE-2026-31431: CopyFail: linux local privilege scalation Justin Swartz
• 2026/05/01 [oss-security] Re: [EXTERNAL] Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Shrader, David Lee
• 2026/05/01 Re: [oss-security] 10+ CVEs in GStreamer Kevin Backhouse
• 2026/05/01 Re: [oss-security] CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Alan Coopersmith
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Demi Marie Obenour
• 2026/05/01 Re: [oss-security] Exim 4.99.2 fixes 4 CVEs Florian Weimer
• 2026/05/01 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Reid Sutherland
• 2026/05/01 Re: [oss-security] 10+ CVEs in GStreamer Demi Marie Obenour
• 2026/05/01 [oss-security] CVE-2026-42404: Apache Neethi: Unrestricted HTTP Redirect Following in Policy References Colm O hEigeartaigh
• 2026/05/01 [oss-security] CVE-2026-42403: Apache Neethi: Circular Policy Reference Infinite Loop Colm O hEigeartaigh
• 2026/05/01 [oss-security] CVE-2026-42402: Apache Neethi: Policy Normalization Unbounded Resource Allocation DoS Colm O hEigeartaigh
• 2026/05/01 [oss-security] Prosody XMPP server security advisory 2026-04-31 (multiple vulnerabilities) Matthew Wild
• 2026/05/01 [oss-security] CVE-2026-42167: SQL injection in ProFTPd prior to 1.3.9a Valtteri Vuorikoski
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
• 2026/04/30 Re: [oss-security] 10+ CVEs in GStreamer Solar Designer
• 2026/04/30 [oss-security] Exim 4.99.2 fixes 4 CVEs Solar Designer
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Alan Coopersmith
• 2026/04/30 [oss-security] CVE-2026-5080: Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely Robert Rothenberg
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Roman Medina-Heigl Hernandez
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eric Biggers
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation cyber security
• 2026/04/30 Re: [oss-security] Coordinated Disclosure in the LLM Age Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Greg KH
• 2026/04/30 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Salvatore Bonaccorso
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/29 Re: [oss-security] lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Sam James
• 2026/04/29 [oss-security] Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
• 2026/04/29 [oss-security] [CVE-2026-37555] libsndfile IMA-ADPCM integer overflow (incomplete fix for CVE-2022-33065) Feng Ning
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Solar Designer
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Aaron Rainbolt
• 2026/04/29 [oss-security] inetutils-2.8 released with 2 CVE fixes Alan Coopersmith
• 2026/04/29 [oss-security] gnutls 3.8.13 released with 12 CVE fixes and more Alan Coopersmith
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Zube
• 2026/04/29 [oss-security] OSSA-2026-008: OpenStack Ironic: Command Injection in Ironic IPMI Console Implementations (CVE-2026-42510) - errata 1 Goutham Pacha Ravi
• 2026/04/29 [oss-security] CVE-2026-7381: Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting Robert Rothenberg
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Sam James
• 2026/04/29 Re: [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Eddie Chapman
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Brian May
• 2026/04/29 [oss-security] CVE-2026-31431: CopyFail: linux local privilege scalation Jan Schaumann
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Clemens Lang
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Renaud Allard
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Willy Tarreau
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Jeremy Stanley
• 2026/04/29 [oss-security] Xen Security Advisory 489 v2 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
• 2026/04/29 [oss-security] CVE-2026-7111: Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption Stig Palmquist
• 2026/04/29 Re: [oss-security] Coordinated Disclosure in the LLM Age Lucas Holt
• 2026/04/29 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-7168: cross-proxy Digest auth state leak Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6276: stale custom cookie host causes cookie leak Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-7009: OCSP stapling bypass with Apple SecTrust Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6253: proxy credentials leak over redirect-to proxy Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-6429: netrc credential leak with reused proxy connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-5773: wrong reuse of SMB connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection Daniel Stenberg
• 2026/04/28 [oss-security] [ADVISORY] curl: CVE-2026-4873: connection reuse ignores TLS requirement Daniel Stenberg
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Peter Gutmann
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Jacob Bachmeyer
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Jacob Bachmeyer
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Solar Designer
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Ellenor Bjornsdottir
• 2026/04/28 [oss-security] CVE-2026-40560: Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence Timothy Legge
• 2026/04/28 Re: [oss-security] [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Alan Coopersmith
• 2026/04/28 [oss-security] Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
• 2026/04/28 [oss-security] Re: [SECURITY] Out-of-Bounds Read in MPLS Extension Parsing — traceroute 2.1.2 Dmitry Butskoy
• 2026/04/28 Re: [oss-security] Coordinated Disclosure in the LLM Age Greg Dahlman
• 2026/04/28 [oss-security] Xen Security Advisory 489 v1 (CVE-2026-23559,CVE-2026-23560,CVE-2026-23561,CVE-2026-23562,CVE-2026-42486) - Multiple RBAC issues in XAPI Xen . org security team
• 2026/04/28 [oss-security] CVE-2026-41873: Pony Mail: Admin account takeover via request smuggling Arnout Engelen
• 2026/04/28 [oss-security] The GNU C Library security advisories update for 2026-04-28 Carlos O'Donell
• 2026/04/28 [oss-security] Coordinated Disclosure in the LLM Age Jeremy Stanley
• 2026/04/28 [oss-security] Xen Security Advisory 487 v2 (CVE-2026-31787) - Linux kernel double free in Xen privcmd driver Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 486 v2 (CVE-2026-23558) - grant table v2 race in status page mapping Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 485 v2 (CVE-2026-31786) - Linux kernel out of bounds read via Xen-related sysfs file Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 484 v2 (CVE-2026-23557) - Xenstored DoS via XS_RESET_WATCHES command Xen . org security team
• 2026/04/28 [oss-security] Xen Security Advisory 483 v2 (CVE-2026-23556) - oxenstored keeps quota related use counts across domain destruction Xen . org security team
• 2026/04/27 [oss-security][CVE-2026-3087] shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Alan Coopersmith
• 2026/04/27 [oss-security] CVE-2026-41602: Apache Thrift: Go TFramedTransport uint32 overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2025-48431: Apache Thrift glibc language bindings: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41603: Apache Thrift: Java TSSLTransportFactory hostname verification Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41604: Apache Thrift: Swift Range crash in skip() Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41605: Apache Thrift: Swift Compact Protocol integer overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41606: Apache Thrift: c_glib dispatch stack overflow Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41607: Apache Thrift: C++ JSON OOB read Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-41636: Apache Thrift: Node.js skip() recursion Jens Geyer
• 2026/04/27 [oss-security] CVE-2026-40355, CVE-2026-40356: MIT krb5 1.18+ Unauthenticated Network read overrun and null pointer dereference Cem Onat Karagun
• 2026/04/27 [oss-security][CVE-2026-6357] pip self-update functionality can import newly installed modules after wheel installation Alan Coopersmith
• 2026/04/27 [oss-security] [OSSA-2026-008] Ironic: Command Injection in IPMI Console Implementations (CVE pending) Jay Faulkner
• 2026/04/27 [oss-security] CVE-2026-41409: Apache MINA: CWE-502 Deserialization of Untrusted Data Emmanuel Lécharny
• 2026/04/27 [oss-security] CVE-2026-7040: Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have heap overflow when processing some malformed UTF-8 characters Robert Rothenberg
• 2026/04/27 [oss-security] ZDRES-059: CVE-2026-41635: Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE Emmanuel Lécharny
• 2026/04/27 [oss-security] uriparser 1.0.1 fixes CVE-2026-42371 (integer overflow) Sebastian Pipping
• 2026/04/27 [oss-security] plasma-login-manager: Weaknesses in plasmaloginauthhelper (CVE-2026-25710) Matthias Gerstner
• 2026/04/26 [oss-security] CVE-2026-40860: Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40858: Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40473: Apache Camel: Camel-Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40453: Apache Camel: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40048: Apache Camel: Camel-PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-40022: Apache Camel: Camel-Platform-HTTP-Main: Authentication Bypass on Non-Root Context Paths in camel main runtime Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-33454: Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant) Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-33453: Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution Andrea Cosentino
• 2026/04/26 [oss-security] CVE-2026-27172: Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store Andrea Cosentino
• 2026/04/26 [oss-security] libexpat 2.8.0 fixes CVE-2026-41080 (insufficient entropy) Sebastian Pipping
• 2026/04/25 [oss-security] CVE-2026-41081: Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure Richard Zowalla
• 2026/04/25 [oss-security] CVE-2026-40557: Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections Richard Zowalla
• 2026/04/25 [oss-security] bubblewrap CVE-2026-41163: Privilege escalation if setuid root, via ptrace Simon McVittie
• 2026/04/24 [oss-security] rust-openssl-v0.10.78 fixes 5 CVEs Alan Coopersmith
• 2026/04/24 [oss-security] CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users Rahul Vats
• 2026/04/24 [oss-security] CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities Rahul Vats
• 2026/04/23 [oss-security] CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC Wenjun Ruan
• 2026/04/23 [oss-security] CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. Wenjun Ruan
• 2026/04/23 [oss-security] CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia Christopher L. Shannon
• 2026/04/23 [oss-security] CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues Christopher L. Shannon
• 2026/04/23 [oss-security] CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI Christopher L. Shannon
• 2026/04/23 [oss-security] PowerDNS Authoritative Server 4.9.14 and 5.0.4 released Miod Vallat
• 2026/04/23 [oss-security] CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking Stig Palmquist
• 2026/04/23 [oss-security] PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues Otto Moerbeek
• 2026/04/22 [oss-security] [vim-security] OS Command Injection in netrw affects Vim < 9.2.0383 Christian Brabandt
• 2026/04/22 Re: [oss-security] CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Steffen Nurpmeso
• 2026/04/22 [oss-security] CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit Matthias Klumpp
• 2026/04/22 [oss-security] [SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass Arturo Bernal
• 2026/04/21 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
• 2026/04/21 Re: [oss-security] UAF in rsync 3.4.1 and below Sam James
• 2026/04/21 Re: [oss-security] CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
• 2026/04/21 Re: [oss-security] CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Sam James
• 2026/04/21 [oss-security] CVE-2025-15638: Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt Robert Rothenberg
• 2026/04/21 [oss-security] CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow Robert Rothenberg
• 2026/04/21 [oss-security] CVE-2026-40706: ntfs-3g 2022.10.3: Heap buffer overflow Rostislav
• 2026/04/21 [oss-security] Fwd: X.Org Security Advisory: CVE-2026-4367: libXpm Out-of-bounds read in xpmNextWord() Olivier Fourdan
• 2026/04/21 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky
• 2026/04/21 [oss-security] Libgcrypt security releases 1.12.2, 1.11.3, 1.10.x Valtteri Vuorikoski
• 2026/04/20 [oss-security] The GNU C Library security advisories update for 2026-04-20 Carlos O'Donell
• 2026/04/20 [oss-security] Fwd: [CVE-2026-3219] pip doesn't reject concatenated ZIP and tar archives Alan Coopersmith
• 2026/04/20 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
• 2026/04/20 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud
• 2026/04/20 [oss-security] [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
• 2026/04/20 [oss-security] Re: [ADVISORY] CVE-2026-5367: Heap over-read in OVN DHCPv6 Client ID processing Ales Musil
• 2026/04/20 [oss-security] Re: [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
• 2026/04/20 [oss-security] [ADVISORY] CVE-2026-5265: Heap Over-Read in ICMP Error Response Generation Ales Musil
• 2026/04/20 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov
• 2026/04/19 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
• 2026/04/19 Re: [oss-security] CVE-2025-27363: FontForge affected by FreeType heap-buffer-overflow; upstream maintainer declines under Community-guidelines #D1 Sam James
• 2026/04/19 Re: [oss-security] [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Alan Coopersmith
• 2026/04/19 [oss-security] [CVE REQUEST] terminal-controller-mcp: trivially bypassable command blocklist enables unrestricted RCE (CVSS 10.0) Pico 🧬
• 2026/04/18 [oss-security] CVE-2026-41113: RCE in sagredo fork of qmail Alan Coopersmith
• 2026/04/18 Re: [oss-security] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer
• 2026/04/18 [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
• 2026/04/18 [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
• 2026/04/18 [oss-security] Re: lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
• 2026/04/17 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James
• 2026/04/17 [oss-security] lcms2 <= 2.18 CubeSize() integer overflow: stock Ubuntu 24.04 Poppler / evince-thumbnailer / OpenJDK crashers (different triggers), no CVE Abhinav Agarwal
• 2026/04/17 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz
• 2026/04/17 [oss-security] CVE-2026-40948: Apache Airflow Keycloak Provider: OAuth Login CSRF — Missing State Parameter in Keycloak Auth Manager Jarek Potiuk
• 2026/04/17 [oss-security] Xen Security Advisory 488 v1 - x86: Floating Point Divider State Sampling Xen . org security team
• 2026/04/17 [oss-security] ngtcp2: qlog_parameters_set_transport_params_stack_overflow [CVE-2026-40170] Alan Coopersmith
• 2026/04/17 [oss-security] cups: 8 various moderate vulnerabilities Zdenek Dohnal
• 2026/04/17 Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
• 2026/04/17 [oss-security] CVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5) Rahul Vats
• 2026/04/17 [oss-security] CVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to Rahul Vats
• 2026/04/17 [oss-security] CVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf Rahul Vats
• 2026/04/17 [oss-security] CVE-2026-32690: Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1 Rahul Vats
• 2026/04/17 [oss-security] CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error Rahul Vats

• Earlier messages