oss-security  

Messages by Date

• 2025/11/20 [oss-security] gnutls 3.8.11 released with fix for CVE-2025-9820 Alan Coopersmith
• 2025/11/20 [oss-security] CVE-2025-64524 cups-filters: Heap Buffer Overflow in rastertopclx Filter Leading to Potential Arbitrary Code Execution Zdenek Dohnal
• 2025/11/19 [oss-security] CVE-2025-64408: Apache Causeway: Java deserialization vulnerability to authenticated attackers Dan Haywood
• 2025/11/18 Re: [oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] John Hein
• 2025/11/18 [oss-security] [SECURITY PATCH 8/8] commands/usbtest: Ensure string length is sufficient in usb string processing Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 7/8] commands/usbtest: Use correct string length field Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 6/8] tests/lib/functional_test: Unregister commands on module unload Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 5/8] normal/main: Unregister commands on module unload Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 4/8] gettext/gettext: Unregister gettext command on module unload Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 3/8] net/net: Unregister net_set_vlan command on unload Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 2/8] kern/file: Call grub_dl_unref() after fs->fs_close() Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 1/8] commands/test: Fix error in recursion depth calculation Daniel Kiper
• 2025/11/18 [oss-security] [SECURITY PATCH 0/8] GRUB2 vulnerabilities - 2025/11/18 Daniel Kiper
• 2025/11/17 [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) Jeremy Stanley
• 2025/11/17 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
• 2025/11/17 [oss-security] lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) Matthias Gerstner
• 2025/11/17 Re: [oss-security] CVE-2025-40300 / VMScape Solar Designer
• 2025/11/17 Re: [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
• 2025/11/17 [oss-security] GitGuardian GGShield SSL/TLS Verification Bypass (No CVE) tanish saxena
• 2025/11/16 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Salvatore Bonaccorso
• 2025/11/14 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
• 2025/11/14 [oss-security] PostgreSQL releases fixes for CVE-2025-12817 & CVE-2025-12818 Alan Coopersmith
• 2025/11/14 Re: [oss-security] CVE-2025-40300 / VMScape Moritz Mühlenhoff
• 2025/11/14 Re: [oss-security] Questionable CVE's reported against dnsmasq Jeffrey Walton
• 2025/11/14 Re: [oss-security] CVE-2025-40300 / VMScape Alan Coopersmith
• 2025/11/13 [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
• 2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
• 2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Jacob Bachmeyer
• 2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Alexander Patrakov
• 2025/11/12 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
• 2025/11/12 [oss-security] CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write in pdftoraster Zdenek Dohnal
• 2025/11/12 [oss-security] CVE-2025-57812 libcupsfilters, cups-filters 1.x: Multiple TIFF-related issues in libcupsfilters Zdenek Dohnal
• 2025/11/11 [oss-security] CVE-2025-64407: Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64405: Apache OpenOffice: Remote documents loaded without prompt via DDE function Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame Arrigo Marchiori
• 2025/11/11 [oss-security] CVE-2024-47866 Ceph: RGW DoS via improper input validation. Sage [They / Them] McTaggart
• 2025/11/11 [oss-security] CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting Jacques Le Roux
• 2025/11/11 [oss-security] CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload Jacques Le Roux
• 2025/11/07 [oss-security] Re: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 Ali Polatel
• 2025/11/07 Re: [oss-security] Becoming a CVE Naming Authority for your project Peter Gutmann
• 2025/11/06 Re: [oss-security] Becoming a CVE Naming Authority for your project Jeremy Stanley
• 2025/11/06 Re: [oss-security] Becoming a CVE Naming Authority for your project Pat Gunn
• 2025/11/06 Re: [oss-security] Becoming a CVE Naming Authority for your project Olle E. Johansson
• 2025/11/06 Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
• 2025/11/06 Re: [oss-security] runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 [email protected]
• 2025/11/06 [oss-security] scx: Unauthenticated scx_loader D-Bus Service can lead to major Denial-of-Service Matthias Gerstner
• 2025/11/05 Re: [oss-security] Questionable CVE's reported against dnsmasq Pedro Sampaio
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Pedro Sampaio
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Pedro Sampaio
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Art Manion
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Matthew Fernandez
• 2025/11/05 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
• 2025/11/05 [oss-security] Django CVE-2025-64458 and CVE-2025-64459 Natalia Bidart
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Yogesh Mittal
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Peter Gutmann
• 2025/11/05 Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
• 2025/11/05 Re: [oss-security] Becoming a CVE Naming Authority for your project Olle E. Johansson
• 2025/11/05 Re: [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Amos Jeffries
• 2025/11/05 [oss-security] [CVE-2025-62168] SQUID-2025:2 Information Disclosure in Error handling Amos Jeffries
• 2025/11/05 [oss-security] [CVE-2025-54574] SQUID-2025:1 Buffer Overflow in URN Handling Amos Jeffries
• 2025/11/04 [oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH Daniel Stenberg
• 2025/11/04 Re: [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Solar Designer
• 2025/11/04 Re: [oss-security] Becoming a CVE Naming Authority for your project Greg KH
• 2025/11/04 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Demi Marie Obenour
• 2025/11/04 [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Amos Jeffries
• 2025/11/04 Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
• 2025/11/04 [oss-security] CVE-2025-58337: Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server Mingyu Chen
• 2025/11/04 [oss-security] Becoming a CVE Naming Authority for your project Rodrigo Freire
• 2025/11/04 Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
• 2025/11/04 [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
• 2025/11/04 [oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes Daniel Stenberg
• 2025/11/03 Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
• 2025/11/03 Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
• 2025/11/03 Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
• 2025/11/03 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
• 2025/11/02 Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
• 2025/11/02 Re: [oss-security] Questionable CVE's reported against dnsmasq Jeremy Stanley
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Collin Funk
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
• 2025/11/01 Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
• 2025/10/31 Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
• 2025/10/31 Re: [oss-security] Multiple vulnerabilities in Jenkins plugins Solar Designer
• 2025/10/31 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer
• 2025/10/31 Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
• 2025/10/31 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability nightmare . yeah27
• 2025/10/31 [oss-security] OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875) Matthias Gerstner
• 2025/10/31 Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
• 2025/10/31 Re: [oss-security] Questionable CVE's reported against dnsmasq Petr Menšík
• 2025/10/30 Re: [oss-security] Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Eddie Chapman
• 2025/10/30 [oss-security] CVE-2025-62232: Apache APISIX: APISIX basic-auth logs plaintext credentials at info level Ashish Tiwari
• 2025/10/29 Re: [oss-security] Questionable CVE's reported against dnsmasq Salvatore Bonaccorso
• 2025/10/29 Re: [oss-security] Questionable CVE's reported against dnsmasq Douglas Bagnall
• 2025/10/29 Re: [oss-security] Questionable CVE's reported against dnsmasq Alan Coopersmith
• 2025/10/29 [oss-security] CVE-2025-62503: Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables) Kaxil Naik
• 2025/10/29 [oss-security] CVE-2025-62402: Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API Kaxil Naik
• 2025/10/29 [oss-security] CVE-2025-54941: Apache Airflow: Command injection in "example_dag_decorator" Kaxil Naik
• 2025/10/29 [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-11232) Wlodek Wencel
• 2025/10/29 [oss-security] CVE-2025-30189: Dovecot IMAP Server: Using auth caching causes the first lookup to be cached for all lookups Camelia Lavender
• 2025/10/29 Re: [oss-security] Multiple vulnerabilities in Jenkins plugins Sebastian Pipping
• 2025/10/29 [oss-security] Multiple vulnerabilities in Jenkins plugins Daniel Beck
• 2025/10/28 Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
• 2025/10/28 Re: [oss-security] Questionable CVE's reported against dnsmasq Stuart Henderson
• 2025/10/28 [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland Olivier Fourdan
• 2025/10/28 Re: [oss-security] Questionable CVE's reported against dnsmasq Simon McVittie
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Eli Schwartz
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq nightmare . yeah27
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Hank Leininger
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Matthew Fernandez
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Michael Orlitzky
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Collin Funk
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Jeffrey Walton
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Stuart Henderson
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Moritz Mühlenhoff
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
• 2025/10/27 [oss-security] CVE-2025-61795: Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS Mark Thomas
• 2025/10/27 [oss-security] CVE-2025-55754: Apache Tomcat: console manipulation via escape sequences in log messages Mark Thomas
• 2025/10/27 [oss-security] CVE-2025-55752: Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled Mark Thomas
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Andrew Latham
• 2025/10/27 Re: [oss-security] Questionable CVE's reported against dnsmasq Jeremy Stanley
• 2025/10/27 [oss-security] Questionable CVE's reported against dnsmasq Alan Coopersmith
• 2025/10/26 [oss-security] OOB read / segfault and endless loop in courier mail server 1.5.0 Hanno Böck
• 2025/10/24 [oss-security] Xen Security Advisory 476 v1 (CVE-2025-58149) - Incorrect removal of permissions on PCI device unplug Xen . org security team
• 2025/10/23 [oss-security] PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor Otto Moerbeek
• 2025/10/22 [oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2025-8677, CVE-2025-40778, CVE-2025-40780) Michał Kępień
• 2025/10/21 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Demi Marie Obenour
• 2025/10/21 Re: [oss-security] BoringSSL private key loading is not constant time Jacob Bachmeyer
• 2025/10/21 [oss-security] Xen Security Advisory 475 v2 (CVE-2025-58147,CVE-2025-58148) - x86: Incorrect input sanitisation in Viridian hypercalls Xen . org security team
• 2025/10/20 [oss-security] CVE-2025-57738: Apache Syncope: Remote Code Execution by delegated administrators Francesco Chicchiriccò
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Lucas Holt
• 2025/10/18 [oss-security] CVE-2025-61581: Apache Traffic Control: ReDoS issue in Traffic Router configuration Arnout Engelen
• 2025/10/18 RE: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Caveney, Seamus G
• 2025/10/18 Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Fabio Degrigis
• 2025/10/18 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time David Benjamin
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Jacob Bachmeyer
• 2025/10/18 [oss-security] Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros nightmare . yeah27
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Hanno Böck
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Jeremy Stanley
• 2025/10/18 Re: [oss-security] Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
• 2025/10/18 Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Amit
• 2025/10/18 [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Alex Gaynor
• 2025/10/18 [oss-security] CVE-2025-61733: Apache Kylin: Authentication bypass Li Yang
• 2025/10/18 Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
• 2025/10/18 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Stuart D Gathman
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Katie
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/18 Re: [oss-security] Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH
• 2025/10/18 [oss-security] CVE-2025-55039: Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks Holden Karau
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Jeffrey Walton
• 2025/10/18 [oss-security] Resource consumption weakness in Postgres-using applications & frameworks Peter Bex
• 2025/10/18 [oss-security] OpenSSL Security Advisory Tomas Mraz
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Amit
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Demi Marie Obenour
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Jeremy Stanley
• 2025/10/18 [oss-security] Announce: OpenSSH 10.2 released Damien Miller
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software David A. Wheeler
• 2025/10/18 Re: [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Mike O'Connor
• 2025/10/18 [oss-security] Announce: OpenSSH 10.1 released Damien Miller
• 2025/10/18 Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Solar Designer
• 2025/10/18 [oss-security] CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou
• 2025/10/18 Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Dan Cross
• 2025/10/18 Re: [oss-security] CVE-2025-55188: 7-Zip: Arbitrary file write on extraction, may lead to code execution Solar Designer
• 2025/10/18 Re: [oss-security] How to do secure coding and create secure software Dan Cross
• 2025/10/18 [oss-security] CVE-2025-54539: Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data Krzysztof Porębski
• 2025/10/18 [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• 2025/10/18 [oss-security] redis: CVE-2025-49844: Lua Use-After-Free may lead to remote code execution Jan Schaumann
• 2025/10/18 Re: [oss-security] Linux kernel: eBPF vulnerabilities Willy Tarreau
• 2025/10/18 Re: [oss-security] fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962. Matthias Andree
• 2025/10/17 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Peter Gutmann
• 2025/10/17 [oss-security] Go 1.25.2 and Go 1.24.8 fix 10 vulnerabilities Alan Coopersmith
• 2025/10/17 Re: [oss-security] How to do secure coding and create secure software Amit
• 2025/10/17 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
• 2025/10/17 [oss-security] [Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244) VMware PSIRT
• 2025/10/17 [oss-security] several vulnerabilities fixed in Go 1.25.2 and Go 1.24.8 Jan Schaumann
• 2025/10/17 Re: [oss-security] process exit statuses (was: CVE-2023-51767) Simon McVittie
• 2025/10/17 Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Jacob Bachmeyer
• 2025/10/17 [oss-security] CVE-2024-44088: Apache Geode: Reflected XSS William Hodges
• 2025/10/17 [oss-security] Re: [EXT] Re: [oss-security] CVE-2023-51767: a bogus CVE in OpenSSH Theo de Raadt
• 2025/10/17 [oss-security] FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin Marco Benatto
• 2025/10/17 Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Vincent Lefevre
• 2025/10/17 [oss-security] libexpat 2.7.3 improves fixes to CVE-2024-8176 and CVE-2025-59375 Sebastian Pipping
• 2025/10/17 Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Solar Designer
• 2025/10/17 [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Vincent Lefevre
• 2025/10/17 Re: [oss-security] Announce: OpenSSH 10.1 released David Leadbeater
• 2025/10/17 [oss-security] CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang

• Earlier messages