oss-security December 2010 archive
| Main Archive Page > Month Archives > oss-security archives |
oss-security By Subject
| Subject | Author | Date |
| [oss-security] [taviso@cmpxchg8b.com: [PATCH] install_special_mapping skips security_file_mmap check.] | ||
| Solar Designer | 09 Dec 2010 | |
| Tavis Ormandy | 09 Dec 2010 | |
| [oss-security] Breaking the links: Exploiting the linker | ||
| Tim Brown | 16 Dec 2010 | |
| Justin Ossevoort | 15 Dec 2010 | |
| Tomas Hoger | 15 Dec 2010 | |
| Tim Brown | 15 Dec 2010 | |
| [oss-security] Can I request a cve for pfsense regarding --> "pfSense "graph.php" Cross-Site Scripting Vulnerabilities" | ||
| Steven M. Christey | 06 Dec 2010 | |
| [oss-security] clamav 0.96.5 released | ||
| Josh Bressers | 03 Dec 2010 | |
| Hanno Böck | 03 Dec 2010 | |
| Thomas Biege | 03 Dec 2010 | |
| [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) | ||
| Tomas Hoger | 09 Dec 2010 | |
| Pierre Joye | 08 Dec 2010 | |
| Tomas Hoger | 07 Dec 2010 | |
| Vincent Danen | 06 Dec 2010 | |
| Steven M. Christey | 06 Dec 2010 | |
| Vincent Danen | 06 Dec 2010 | |
| [oss-security] CVE Request -- 1, ccid -- int.overflow leading to array index error 2, pcsc-lite stack-based buffer overflow in ATR decoder [was: [oss-security] CVE request: opensc buffer overflow ] | ||
| Jan Lieskovsky | 22 Dec 2010 | |
| [oss-security] CVE Request -- D-BUS -- Stack frame overflow by validating message with excessive number of nested variants | ||
| Jan Lieskovsky | 21 Dec 2010 | |
| Josh Bressers | 16 Dec 2010 | |
| Jan Lieskovsky | 16 Dec 2010 | |
| [oss-security] CVE Request -- Django 1.2.4, Django 1.1.3 and Django 1.3 beta 1 -- addressing two security flaws | ||
| Jan Lieskovsky | 23 Dec 2010 | |
| [oss-security] CVE Request -- FontForge: Stack-based buffer overflow by processing specially-crafted CHARSET_REGISTRY font file header | ||
| Josh Bressers | 02 Dec 2010 | |
| Jan Lieskovsky | 02 Dec 2010 | |
| [oss-security] CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) | ||
| Josh Bressers | 22 Dec 2010 | |
| Jan Lieskovsky | 21 Dec 2010 | |
| [oss-security] CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol | ||
| Jan Lieskovsky | 23 Dec 2010 | |
| [oss-security] CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) | ||
| Jan Lieskovsky | 01 Dec 2010 | |
| [oss-security] CVE Request -- Pidgin v2.7.6 <= x <= v2.7.8 -- MSN DirectConnect DoS (crash due NULL ptr dereference) after receiving a short P2P message | ||
| Huzaifa Sidhpurwala | 31 Dec 2010 | |
| Jan Lieskovsky | 27 Dec 2010 | |
| [oss-security] CVE Request -- Wordpress v3.0.2 SQL injection flaw + two minor XSS issues | ||
| Josh Bressers | 02 Dec 2010 | |
| Jan Lieskovsky | 02 Dec 2010 | |
| [oss-security] CVE Request -- Xfig: Stack-based buffer overflow by processing FIG image with crafted color definition | ||
| Josh Bressers | 06 Dec 2010 | |
| Jan Lieskovsky | 03 Dec 2010 | |
| [oss-security] CVE Request: CrawlTrack < 3.2.7 - remote php code execution | ||
| Anthon Pang | 31 Dec 2010 | |
| [oss-security] CVE request: Drupal views module CSRF/XSS before 2.11, XSS before 2.12 | ||
| Josh Bressers | 22 Dec 2010 | |
| Hanno Böck | 16 Dec 2010 | |
| [oss-security] CVE request: kernel: bfa driver sysfs crash | ||
| Josh Bressers | 09 Dec 2010 | |
| Eugene Teo | 08 Dec 2010 | |
| [oss-security] CVE request: kernel: buffer overflow in OSS load_mixer_volumes | ||
| Huzaifa Sidhpurwala | 31 Dec 2010 | |
| Dan Rosenberg | 31 Dec 2010 | |
| [oss-security] CVE request: kernel: CAN information leak, 2nd attempt | ||
| Steven M. Christey | 20 Dec 2010 | |
| Dan Rosenberg | 20 Dec 2010 | |
| Petr Matousek | 20 Dec 2010 | |
| Dan Rosenberg | 20 Dec 2010 | |
| Petr Matousek | 20 Dec 2010 | |
| [oss-security] CVE request: kernel: failure to revert address limit override in OOPS error path | ||
| Josh Bressers | 02 Dec 2010 | |
| Dan Rosenberg | 02 Dec 2010 | |
| [oss-security] CVE request: kernel: igb panics when receiving tag vlan packet | ||
| Josh Bressers | 06 Dec 2010 | |
| Eugene Teo | 06 Dec 2010 | |
| [oss-security] CVE request: kernel: irda: prevent integer underflow in IRLMP_ENUMDEVICES | ||
| Eugene Teo | 23 Dec 2010 | |
| [oss-security] CVE request: kernel: NULL pointer dereference in AF_ECONET | ||
| Eugene Teo | 09 Dec 2010 | |
| Nelson Elhage | 09 Dec 2010 | |
| [oss-security] CVE request: libvirt when compiled with openvz support has a potential security hole | ||
| Vincent Danen | 08 Dec 2010 | |
| Eugene Teo | 08 Dec 2010 | |
| Vincent Danen | 08 Dec 2010 | |
| [oss-security] CVE Request: local privilege escalation via /sys/kernel/debug/acpi/custom_method | ||
| Eugene Teo | 15 Dec 2010 | |
| Marcus Meissner | 15 Dec 2010 | |
| [oss-security] CVE request: MantisBT <=1.2.3 (db_type) Cross-Site Scripting & Path Disclosure Vulnerability | ||
| Josh Bressers | 16 Dec 2010 | |
| David Hicks | 15 Dec 2010 | |
| [oss-security] CVE request: MantisBT <=1.2.3 (db_type) Local File Inclusion Vulnerability | ||
| Josh Bressers | 16 Dec 2010 | |
| David Hicks | 15 Dec 2010 | |
| [oss-security] CVE request: mybb before 1.4.11 and before 1.4.12 | ||
| Hanno Böck | 06 Dec 2010 | |
| [oss-security] CVE Request: MyBB XSS bugs | ||
| Josh Bressers | 22 Dec 2010 | |
| Ulrik Persson | 20 Dec 2010 | |
| [oss-security] CVE request: opensc buffer overflow | ||
| Josh Bressers | 22 Dec 2010 | |
| Jamie Strandboge | 21 Dec 2010 | |
| Ludwig Nussel | 21 Dec 2010 | |
| [oss-security] CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability | ||
| Anthon Pang | 31 Dec 2010 | |
| [oss-security] CVE request: openx unknown vulnerability before 2.8.7 | ||
| Josh Bressers | 06 Dec 2010 | |
| Anthon Pang | 06 Dec 2010 | |
| Hanno Böck | 06 Dec 2010 | |
| [oss-security] CVE request: vanilla forums before 2.0.10, xss | ||
| Josh Bressers | 07 Dec 2010 | |
| Steven M. Christey | 06 Dec 2010 | |
| Josh Bressers | 06 Dec 2010 | |
| Hanno Böck | 06 Dec 2010 | |
| [oss-security] CVE Request: Wireshark | ||
| Ulrik Persson | 31 Dec 2010 | |
| [oss-security] CVE request: wordpress before 3.0.4 XSS | ||
| Hanno Böck | 30 Dec 2010 | |
| [oss-security] CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo | ||
| Steven M. Christey | 09 Dec 2010 | |
| Ludwig Nussel | 09 Dec 2010 | |
| Josh Bressers | 07 Dec 2010 | |
| Raphael Geissert | 07 Dec 2010 | |
| [oss-security] CVE-2010-2094: PECL's phar code is vulnerable too | ||
| Eygene Ryabinkin | 26 Dec 2010 | |
| [oss-security] Exim remote root | ||
| Mark J Cox | 10 Dec 2010 | |
| [oss-security] Exim security issue in historical release | ||
| nigel_at_nospam | 13 Dec 2010 | |
| [oss-security] Fix for CVE-2010-4524 and CVE-2010-1677 ready for verfication | ||
| Earl Hood | 30 Dec 2010 | |
| [oss-security] FYI -- Tor v0.2.1.28 addressing CVE-2010-1676 -- remotely exploitable heap-based buffer overflow | ||
| Jan Lieskovsky | 21 Dec 2010 | |
| [oss-security] Interesting behavior with struct initiailization | ||
| Geoff Keating | 03 Dec 2010 | |
| Robert Seacord | 03 Dec 2010 | |
| [oss-security] IO::Socket::SSL perl module: CVE-2010-4501/CVE-2010-4334 dupe | ||
| Tomas Hoger | 29 Dec 2010 | |
| Moritz Muehlenhoff | 24 Dec 2010 | |
| [oss-security] Issues without CVE names in PHP 5.3.4/5.2.15 release | ||
| Pierre Joye | 13 Dec 2010 | |
| Vincent Danen | 13 Dec 2010 | |
| Pierre Joye | 13 Dec 2010 | |
| Vincent Danen | 13 Dec 2010 | |
| [oss-security] kernel: Dangerous interaction between clear_child_tid, set_fs(), and kernel oopses | ||
| Solar Designer | 09 Dec 2010 | |
| Solar Designer | 09 Dec 2010 | |
| Nelson Elhage | 08 Dec 2010 | |
| Solar Designer | 08 Dec 2010 | |
| Solar Designer | 08 Dec 2010 | |
| Dan Rosenberg | 02 Dec 2010 | |
| Nelson Elhage | 02 Dec 2010 | |
| [oss-security] Subject: [oss-security] CVE request: kernel: install_special_mapping skips security_file_mmap check | ||
| Josh Bressers | 10 Dec 2010 | |
| Petr Matousek | 10 Dec 2010 | |
| Breaking the links: Exploiting the linker | ||
| Jamie Nguyen | 22 Dec 2010 | |
| Tim Brown | 22 Dec 2010 | |
| Jamie Nguyen | 22 Dec 2010 | |
| Tim Brown | 16 Dec 2010 | |
| Ralf Wildenhues | 16 Dec 2010 | |
| Clarifications on the D-Bus specification | ||
| Havoc Pennington | 13 Dec 2010 | |
| Rémi Denis-Courmont | 11 Dec 2010 | |
| CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) | ||
| Tomas Hoger | 08 Dec 2010 | |
| Maksymilian Arciemowicz | 08 Dec 2010 | |
| Tomas Hoger | 08 Dec 2010 | |
| Maksymilian Arciemowicz | 07 Dec 2010 | |
| CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) | ||
| Earl Hood | 30 Dec 2010 | |
| Jeff Breidenbach | 30 Dec 2010 | |
| Raphael Geissert | 22 Dec 2010 | |
| Earl Hood | 21 Dec 2010 | |
| CVE Request -- OfflineIMAP -- 1), failed to validate remote SSL server certificate 2), allows SSLv2 protocol | ||
| Johannes Stezenbach | 23 Dec 2010 | |
| Nicolas Sebrecht | 23 Dec 2010 | |
| John Goerzen | 23 Dec 2010 | |
| dave b | 23 Dec 2010 | |
| CVE Request -- perl-CGI two ids, perl-CGI-Simple one id (CVE-2010-3172 already assigned for Bugzilla part) | ||
| Ludwig Nussel | 16 Dec 2010 | |
| Mark Stosberg | 01 Dec 2010 | |
| Reed Loden | 01 Dec 2010 | |
| CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability | ||
| Anthon Pang | 31 Dec 2010 | |
| CVE-2010-2094: PECL's phar code is vulnerable too | ||
| Felipe Pena | 26 Dec 2010 | |
| Eygene Ryabinkin | 26 Dec 2010 | |
| Felipe Pena | 26 Dec 2010 | |
| Interesting behavior with struct initiailization | ||
| Bhadrinath | 05 Dec 2010 | |
| Dan Rosenberg | 05 Dec 2010 | |
| Bhadrinath | 05 Dec 2010 | |
| Bhadrinath | 05 Dec 2010 | |
| Issues without CVE names in PHP 5.3.4/5.2.15 release | ||
| Raphael Geissert | 13 Dec 2010 | |
| NULL byte poisoning fix in php 5.3.4+ | ||
| Steven M. Christey | 09 Dec 2010 | |
| Pierre Joye | 09 Dec 2010 | |
| Steven M. Christey | 09 Dec 2010 | |
| Pierre Joye | 09 Dec 2010 | |
| Pierre Joye | 09 Dec 2010 | |
- Last message date: 31 Dec 2010
- Archived on: 01 Jan 2011 GMT