oss-security

Messages by Date

2026/03/05 [oss-security] Go 1.26.1 and Go 1.25.8 are released with 5 CVE fixes Alan Coopersmith
2026/03/05 [oss-security] CVE-2025-13350 for Ubuntu Linux kernel Seth Arnold
2026/03/05 [oss-security] Fwd: [CVE-2026-2297] SourcelessFileLoader does not use io.open_code() Alan Coopersmith
2026/03/05 [oss-security] CVE-2026-3381: Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib Robert Rothenberg
2026/03/05 [oss-security] CVE-2026-3257: UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library Robert Rothenberg
2026/03/05 [oss-security] CVE-2025-40931: Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id Robert Rothenberg
2026/03/05 [oss-security] CVE-2025-40926: Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely Robert Rothenberg
2026/03/05 [oss-security] CVE-2024-57854: Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator Robert Rothenberg
2026/03/04 Re: [oss-security] CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation Yogesh Mittal
2026/03/03 [oss-security] Announcing FreeType 2.14.2, fixes CVE-2026-23865 Alan Coopersmith
2026/03/03 [oss-security] Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338) Jan Schaumann
2026/03/03 [oss-security] [OSSA-2026-003] OpenStack Vitrage: Remote code execution through Vitrage query parser (CVE-2026-28370) Jeremy Stanley
2026/03/03 [oss-security] CVE-2025-66168: Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
2026/03/03 [oss-security] CVE-2026-27446: Apache Artemis, Apache ActiveMQ Artemis: Auth bypass for Core downstream federation Justin Bertram
2026/03/03 [oss-security] Django CVE-2026-25673 and CVE-2026-25674 Natalia Bidart
2026/03/03 Re: [oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization Demi Marie Obenour
2026/03/02 [oss-security] Fwd: [siren] [Security Advisory] Active Exploitation of Weak GitHub Actions Configurations Solar Designer
2026/03/02 [oss-security] CVE-2025-59059: Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator Velmurugan Periasamy
2026/03/02 [oss-security] CVE-2025-59060: Apache Ranger: Hostname verification bypass in NiFiRegistryClient and NifiClient Velmurugan Periasamy
2026/03/02 [oss-security] Exiv2 version 0.28.8 released with fixes for 3 low-severity CVEs Kevin Backhouse
2026/03/02 Re: [oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization Florian Weimer
2026/03/01 Re: [oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization Demi Marie Obenour
2026/02/27 [oss-security] Fwd: CVE-2018-25160: HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend Robert Rothenberg
2026/02/27 [oss-security] CVE-2026-3255: HTTP::Session2 versions before 1.12 for Perl may generate weak session ids using the rand() function Robert Rothenberg
2026/02/27 [oss-security] [vim-security] Stack-buffer-overflow in build_stl_str_hl() affects Vim < 9.2.0078 Christian Brabandt
2026/02/27 [oss-security] [vim-security] Multiple Vulnerabilities in Swap File Recovery affect Vim < 9.2.0077 Christian Brabandt
2026/02/27 [oss-security] [vim-security] Heap-based Buffer Overflow and OOB Read in :terminal affects Vim < 9.2.0076 Christian Brabandt
2026/02/27 [oss-security] [vim-security] Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075 Christian Brabandt
2026/02/27 [oss-security] [vim-security] Heap-based Buffer Overflow in Emacs tags parsing affects Vim < 9.2.0074 Christian Brabandt
2026/02/27 [oss-security] [vim-security] OS Command Injection in netrw affects Vim < 9.2.0073 Christian Brabandt
2026/02/27 Re: [oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization Florian Weimer
2026/02/27 [oss-security] OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization Alan Coopersmith
2026/02/27 [oss-security] CVE-2026-28372: Telnetd Vulnerability Report Guillem Jover
2026/02/26 Re: [oss-security] Re: Telnetd Vulnerability Report Demi Marie Obenour
2026/02/26 Re: [oss-security] Telnetd Vulnerability Report Lyndon Nerenberg (VE7TFX/VE6BBM)
2026/02/26 Re: [oss-security] Telnetd Vulnerability Report Albert Veli
2026/02/26 Re: [oss-security] Re: Telnetd Vulnerability Report Florian Weimer
2026/02/25 [oss-security] CVE-2026-27900 - Sensitive Information Exposure in Debug Logs of Terraform Provider for Linode Liang, Zhiwei
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report Steffen Nurpmeso
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report Lyndon Nerenberg (VE7TFX/VE6BBM)
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report Marco Moock
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report Steffen Nurpmeso
2026/02/25 [oss-security] Re: OpenSSL Security Advisory (updated text for CVE-2025-15467) Tomas Mraz
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report Solar Designer
2026/02/25 Re: [oss-security] Telnetd Vulnerability Report kf503bla
2026/02/25 Re: [oss-security] Re: Telnetd Vulnerability Report Marco Moock
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Eddie Chapman
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Justin Swartz
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Eddie Chapman
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Vincent Lefevre
2026/02/24 Re: [oss-security] Unsound Workshop at ECOOP 2026 Solar Designer
2026/02/24 [oss-security] Unsound Workshop at ECOOP 2026 Jan Bessai
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Lyndon Nerenberg (VE7TFX/VE6BBM)
2026/02/24 Re: [oss-security] Telnetd Vulnerability Report Solar Designer
2026/02/24 Re: [oss-security] Re: Telnetd Vulnerability Report kf503bla
2026/02/24 [oss-security] Re: Telnetd Vulnerability Report Ron Ben Yizhak
2026/02/24 [oss-security] CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL Daniel Gaspar
2026/02/24 [oss-security] CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default) Daniel Gaspar
2026/02/24 [oss-security] CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass Daniel Gaspar
2026/02/24 [oss-security] CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command Daniel Gaspar
2026/02/24 [oss-security] CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering Daniel Gaspar
2026/02/23 Re: [oss-security] Telnetd Vulnerability Report Solar Designer
2026/02/23 Re: [oss-security] Telnetd Vulnerability Report Solar Designer
2026/02/23 [oss-security] Re: Telnetd Vulnerability Report Justin Swartz
2026/02/23 [oss-security] CVE-2024-56373: Apache Airflow: SSTI to Code Execution in Airflow through Shared DB Information Jarek Potiuk
2026/02/23 [oss-security] CVE-2025-27555: Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli Jarek Potiuk
2026/02/23 [oss-security] CVE-2026-26079/CVE-2026-25916: Roundcube vulns prior to 1.5.13/1.6.13 Valtteri Vuorikoski
2026/02/22 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Tim Wadhwa-Brown (twadhwab)
2026/02/20 Re: [oss-security] OpenSC, ghostscript, cgif issues from the recent Anthropic disclosure Eli Schwartz
2026/02/20 [oss-security] OpenSC, ghostscript, cgif issues from the recent Anthropic disclosure Joe Malcolm
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Russ Allbery
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Jacob Bachmeyer
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Jacob Bachmeyer
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Russ Allbery
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Russ Allbery
2026/02/19 Re: [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Jacob Bachmeyer
2026/02/19 Re: [oss-security] Default IV & other issues in aes-js & pyaes modules, & strongMan VPN manager Soatok Dreamseeker
2026/02/19 [oss-security] Default IV & other issues in aes-js & pyaes modules, & strongMan VPN manager Alan Coopersmith
2026/02/18 Re: [oss-security] Systemd vsock sshd Solar Designer
2026/02/18 [oss-security] MIT/Heimdal Kerberos credentials cache type FILE risks Solar Designer
2026/02/18 Re: [oss-security] Re: zlib security audit by 7asecurity Sevan Janiyan
2026/02/18 [oss-security] CVE-2026-23552: Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Andrea Cosentino
2026/02/18 [oss-security] CVE-2026-25747: Apache Camel: Deserialization of Untrusted Data in Camel LevelDB Andrea Cosentino
2026/02/18 Re: [oss-security] Re: zlib security audit by 7asecurity Sevan Janiyan
2026/02/18 [oss-security] Multiple vulnerabilities in Jenkins Daniel Beck
2026/02/17 Re: [oss-security] zlib security audit by 7asecurity Steffen Nurpmeso
2026/02/17 Re: [oss-security] Re: zlib security audit by 7asecurity Sevan Janiyan
2026/02/17 Re: [oss-security] Re: zlib security audit by 7asecurity Jan Engelhardt
2026/02/17 [oss-security] Re: zlib security audit by 7asecurity Simon Josefsson
2026/02/17 [oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) errata 1 Jeremy Stanley
2026/02/17 Re: [oss-security] CVE-2026-25506: MUNGE 0.5-0.5.17 buffer overflow allowing key leakage Sam James
2026/02/17 [oss-security] zlib security audit by 7asecurity Sam James
2026/02/17 [oss-security] CVE-2026-25087: Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering Antoine Pitrou
2026/02/17 Re: [oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Jeremy Stanley
2026/02/17 Re: [oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Salvatore Bonaccorso
2026/02/17 [oss-security] [OSSA-2026-002] OpenStack Nova: calls qemu-img without format restrictions for resize (CVE-2026-24708) Jeremy Stanley
2026/02/16 [oss-security] CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates David Handermann
2026/02/13 [oss-security] [vim-security] NetBeans specialKeys Stack Buffer Overflow with Vim <9.1.2148 Christian Brabandt
2026/02/13 [oss-security] CVE-2025-40905: WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions Alan Coopersmith
2026/02/12 [oss-security] CVE-2025-33042: Apache Avro Java SDK: Code injection on Java generated code Ryan Skraba
2026/02/11 [oss-security] Pillow 12.1.1 released with fix for CVE-2026-25990 Alan Coopersmith
2026/02/10 [oss-security] PyCA cryptography 46.0.5 released with fix for CVE-2026-26007 Alan Coopersmith
2026/02/10 [oss-security] CVE-2026-25506: MUNGE 0.5-0.5.17 buffer overflow allowing key leakage Chris Dunlap
2026/02/10 [oss-security] PowerDNS Security Advisory 2026-01: Crafted zones can lead to increased resource usage in Recursor Otto Moerbeek
2026/02/09 Re: [oss-security] FreeRDP fixes 12 CVEs in 3.22.0 release Solar Designer
2026/02/09 [oss-security] FreeRDP fixes 12 CVEs in 3.22.0 release Alan Coopersmith
2026/02/09 [oss-security] libpng 1.6.55: Heap buffer overflow vulnerability fixed: CVE-2026-25646 Cosmin Truta
2026/02/09 [oss-security] gnutls 3.8.12 fixes CVE-2026-1584 & CVE-2025-14831 Alan Coopersmith
2026/02/09 [oss-security] CVE-2026-23906: Apache Druid: Authentication Bypass via LDAP Anonymous Bind Karan Kumar
2026/02/09 [oss-security] CVE-2026-24343: Apache HertzBeat: Uncontrolled Resource Consumption via Crafted XPath Expressions Qingran Zhao
2026/02/09 [oss-security] CVE-2026-24098: Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors Ephraim Anierobi
2026/02/09 [oss-security] CVE-2026-22922: Apache Airflow: Airflow externalLogUrl Permission Bypass Ephraim Anierobi
2026/02/09 Re: [oss-security] On patch vs commit messages Florian Weimer
2026/02/08 [oss-security] CVE-2026-23901: Apache Shiro: Brute force attack possible to determine valid user names Lenny Primak
2026/02/08 [oss-security] CVE-2026-23903: Apache Shiro: Auth bypass when accessing static files only on case-insensitive filesystems Lenny Primak
2026/02/07 [oss-security] Go 1.25.7 and Go 1.24.13 are released with 2 CVE fixes Alan Coopersmith
2026/02/06 [oss-security] On patch vs commit messages Sam James
2026/02/05 [oss-security] [vim-security] buffer overflow in helpfile option handling affects Vim <9.1.2132 Christian Brabandt
2026/02/04 [oss-security] NGINX < 1.29.5, 1.28.2 MitM injection CVE-2026-1642 Jan Schaumann
2026/02/04 [oss-security] CVE-2026-24735: Apache Answer: Revision API Improper Access Control leads to Information Disclosure Enxin Xie
2026/02/03 Re: [oss-security] Systemd vsock sshd Bastian Blank
2026/02/03 [oss-security] Django CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287, and CVE-2026-1312 Jacob Walls
2026/02/02 [oss-security] [kubernetes] Multiple issues in ingress-nginx Tabitha Sable
2026/02/02 [oss-security] CVE-2026-23795: Apache Syncope: Console XXE on Keymaster parameters Francesco Chicchiriccò
2026/02/02 [oss-security] CVE-2026-23794: Apache Syncope: Reflected XSS on Enduser Login Francesco Chicchiriccò
2026/01/31 [oss-security] Security incident on plone GitHub org with force pushes Maurits van Rees
2026/01/31 [oss-security] libexpat 2.7.4 fixes CVE-2026-24515 and CVE-2026-25210 Sebastian Pipping
2026/01/30 Re: [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Jakub Wilk
2026/01/29 Re: [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Sebastian Pipping
2026/01/29 Re: [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Jakub Wilk
2026/01/28 Re: [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Alan Coopersmith
2026/01/28 [oss-security] Re: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Paul Ducklin
2026/01/28 Re: [oss-security] OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) Tomas Mraz
2026/01/28 Re: [oss-security] OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) Demi Marie Obenour
2026/01/28 Re: [oss-security] Clarification: rbash escape via history built-ins cyber security
2026/01/27 Re: [oss-security] GnuPG security release Salvatore Bonaccorso
2026/01/27 Re: [oss-security] GnuPG security release Jan Schaumann
2026/01/27 Re: [oss-security] GnuPG security release Pedro Sampaio
2026/01/27 [oss-security] GnuPG security release Sam James
2026/01/27 [oss-security] OpenSSL Security Advisory (corrected - added CVE-2026-22795 and CVE-2026-22796) Tomas Mraz
2026/01/27 [oss-security] Clarification: rbash escape via history built-ins cyber security
2026/01/27 [oss-security] OpenSSL Security Advisory Tomas Mraz
2026/01/27 [oss-security] Xen Security Advisory 478 v2 (CVE-2025-58151) - varstored: TOCTOU issues with mapped guest memory Xen . org security team
2026/01/27 [oss-security] Xen Security Advisory 479 v2 (CVE-2026-23553) - x86: incomplete IBPB for vCPU isolation Xen . org security team
2026/01/27 [oss-security] Xen Security Advisory 477 v2 (CVE-2025-58150) - x86: buffer overrun with shadow paging + tracing Xen . org security team
2026/01/26 [oss-security] CVE-2016-15057: Apache Continuum: Command injection leading to RCE Arnout Engelen
2026/01/25 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson
2026/01/25 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Peter Gutmann
2026/01/24 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Solar Designer
2026/01/23 [oss-security] CVE-2026-24656: Apache Karaf: Decanter log-socket collector has deserialization vulnerability Jean-Baptiste Onofré
2026/01/23 [oss-security] 8 CVEs in Cpython announced this week Alan Coopersmith
2026/01/23 [oss-security] CVE-2025-27821: HDFS native client: Out of bounds write in URI parser of native HDFS client Chris Nauroth
2026/01/23 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Brian Behlendorf
2026/01/23 Re: [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Stuart Henderson
2026/01/23 [oss-security] CVE-2025-56005 Undocumented RCE in PLY via `picklefile` Parameter Alan Coopersmith
2026/01/23 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson
2026/01/23 Re: [oss-security] Vulnerability management and Open Source: FOSDEM BoF Peter Gutmann
2026/01/23 [oss-security] Vulnerability management and Open Source: FOSDEM BoF Olle E. Johansson
2026/01/22 Re: [oss-security] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Demi Marie Obenour
2026/01/22 Re: [oss-security] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Christian Fischer
2026/01/21 [oss-security] CVE-2024-31884 Ceph: Incorrect usage of certificate checking via Pybind Sage [They / Them] McTaggart
2026/01/21 [oss-security] Vulnerable tmpdir handling in pytest Michael Orlitzky
2026/01/21 Re: [oss-security] WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Soatok Dreamseeker
2026/01/21 [oss-security] ISC has disclosed one vulnerability in BIND 9 (CVE-2025-13878) Michał Kępień
2026/01/21 Re: [oss-security] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Jakub Wilk
2026/01/21 Re: [oss-security] WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Hanno Böck
2026/01/20 Re: [oss-security] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Alexander Bochmann
2026/01/20 Re: [oss-security] WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Alan Coopersmith
2026/01/20 Re: [oss-security] WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality Moritz Mühlenhoff
2026/01/20 [oss-security] CVE-2026-22444: Apache Solr: Insufficient file-access checking in standalone core-creation requests Jason Gerlowski
2026/01/20 [oss-security] CVE-2026-22022: Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin Jason Gerlowski
2026/01/20 [oss-security] The GNU C Library security advisories update for 2026-01-20 Carlos O'Donell
2026/01/20 [oss-security] GNU InetUtils Security Advisory: remote authentication by-pass in telnetd Simon Josefsson
2026/01/20 [oss-security] WordPress Plugin "Under Construction & Maintenance Mode": Exposed debug functionality mohammed gaming 222
2026/01/17 Re: [oss-security] CVE-2025-8110 in Gogs self-hosted git service Michael Orlitzky
2026/01/17 Re: [oss-security] CVE-2025-8110 in Gogs self-hosted git service Collin Funk
2026/01/17 Re: [oss-security] CVE-2025-8110 in Gogs self-hosted git service Chad Dougherty
2026/01/17 [oss-security] Re: CVE-2025-68121: Regression and Incomplete Fix for Go TLS Session Resumption Coia Prant
2026/01/17 [oss-security] CVE-2025-68121: Regression and Incomplete Fix for Go TLS Session Resumption Coia Prant
2026/01/16 Re: [oss-security] Re: Best practices for signature verifcation Jacob Bachmeyer
2026/01/16 [oss-security] [OSSA-2026-001] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) errata 1 Jeremy Stanley
2026/01/16 Re: [oss-security] NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Jan Schaumann
2026/01/16 Re: [oss-security] NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Michel Lind
2026/01/16 [oss-security] The GNU C Library security advisories update for 2026-01-16 (part 2) Carlos O'Donell
2026/01/16 [oss-security] The GNU C Library security advisories update for 2026-01-16 Siddhesh Poyarekar
2026/01/16 [oss-security] CVE-2025-60021: Apache bRPC: Remote command injection vulnerability in heap builtin service Guangming Chen
2026/01/16 Re: [oss-security] [CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Jeremy Stanley
2026/01/15 Re: [oss-security] [CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Salvatore Bonaccorso
2026/01/15 Re: [oss-security] Re: Best practices for signature verifcation Peter Gutmann
2026/01/15 Re: [oss-security] Fwd: [FD] zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility via Unbounded strcpy() on User-Supplied Archive Name Alan Coopersmith
2026/01/15 [oss-security] CVE-2025-68675: Apache Airflow: proxy credentials for various providers might leak in task logs Ephraim Anierobi
2026/01/15 [oss-security] CVE-2025-68438: Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated Ephraim Anierobi
2026/01/15 Re: [oss-security] Go 1.25.6 and Go 1.24.12 are released with 6 CVE fixes Steffen Nurpmeso
2026/01/15 [oss-security] Go 1.25.6 and Go 1.24.12 are released with 6 CVE fixes Alan Coopersmith
2026/01/15 Re: [oss-security] The Curious Case of Stack Pivot Detection Adam Zabrocki
2026/01/15 [oss-security] [CVE-2026-22797] OpenStack keystonemiddleware: Privilege Escalation via Identity Headers in External OAuth2 Tokens (CVE-2026-22797) Jeremy Stanley
2026/01/13 Re: [oss-security] Null Pointer Dereference in HarfBuzz Jacob Bachmeyer
2026/01/13 Re: [oss-security] NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Jan Schaumann
2026/01/13 Re: [oss-security] NodeJS Security Releases (CVE-2025-55131, CVE-2025-55130, CVE-2025-59465, and others) Alan Coopersmith
2026/01/13 [oss-security] CVE-2025-66169: Apache Camel: Cypher injection vulnerability in Camel-Neo4j component Andrea Cosentino

Earlier messages