oss-security  

Messages by Thread

• [oss-security] CVE-2026-34486: Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor Mark Thomas
• [oss-security] CVE-2026-34483: Apache Tomcat: Incomplete escaping of JSON access logs Mark Thomas
• [oss-security] CVE-2026-32990: Apache Tomcat: Fix for CVE-2025-66614 is incomplete Mark Thomas
• [oss-security] CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas
• [oss-security] CVE-2026-29146: Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default Mark Thomas
• [oss-security] CVE-2026-29145: Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled Mark Thomas
• [oss-security] CVE-2026-25854: Apache Tomcat: Occasionally open redirect Mark Thomas
• [oss-security] CVE-2026-24880: Apache Tomcat: Request smuggling via invalid chunk extension Mark Thomas
• [oss-security] CVE-2026-40046: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated Christopher L. Shannon
• [oss-security] CVE-2026-39304: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM Christopher L. Shannon
• [oss-security] CVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT Rahul Vats
• [oss-security] CVE-2026-34020: Apache OpenMeetings: Login Credentials Passed via GET Query Parameters Maxim Solodovnik
• [oss-security] CVE-2026-33266: Apache OpenMeetings: Hardcoded Remember-Me Cookie Encryption Key and Salt Maxim Solodovnik
• [oss-security] CVE-2026-33005: Apache OpenMeetings: Insufficient checks in FileWebService Maxim Solodovnik
• [oss-security] CVE-2026-34538: Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure) Rahul Vats
• [oss-security] lftp 4.9.3 does not filter non-printable characters in the output to the terminal Vincent Lefevre
• [oss-security] 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Solar Designer
  • Re: [oss-security] 4 security fixes in Flatpak, including critical CVE-2026-34078: Complete sandbox escape leading to host file access and code execution in the host context Simon McVittie
• [oss-security] libpng 1.6.57: Use-after-free vulnerability fixed: CVE-2026-34757 Cosmin Truta
• [oss-security] X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Markus Vervier
  • Re: [oss-security] X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM Solar Designer
• [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Alan Coopersmith
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Solar Designer
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Eli Schwartz
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Sam James
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Matthias Ferdinand
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Dimitri Ledkov
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Morten Linderud
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Michael Orlitzky
  • Re: [oss-security] Go 1.26.2 and Go 1.25.9 are released with 10 security fixes Demi Marie Obenour
• [oss-security] PyCA cryptography 46.0.7 released, fixes CVE-2026-39892 Alan Coopersmith
• [oss-security] CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id Robert Rothenberg
• [oss-security] CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids Robert Rothenberg
• [oss-security] Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Solar Designer
  • Re: [oss-security] Fwd: [siren] Severity: High – Potential Malicious Campaign Underway Targeting Open Source Developers via Slack Stuart D Gathman
• [oss-security] Multiple CVEs disclosed in CUPS Alan Coopersmith
  • Re: [oss-security] Multiple CVEs disclosed in CUPS Peter Gutmann
  • [oss-security] Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS Schwedas, Sven
• [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
  • [oss-security] Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
  • Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Salvatore Bonaccorso
  • Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Aaron Rainbolt
  • Re: [oss-security] systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals Vincent Lefevre
• [oss-security] CVE-2026-35554: Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition Manikumar
• [oss-security] [vim-security] Netbeans command injection in Vim < v9.2.0316 Christian Brabandt
• [oss-security] CVE-2026-27315: Apache Cassandra: cqlsh history sensitive information leak Michael Semb Wever
• [oss-security] Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034 Jacob Walls
• [oss-security] [OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551) Jeremy Stanley
• [oss-security] CASSANDRA-21202: CVE-2026-32588: Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing Michael Semb Wever
• [oss-security] CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass Michael Semb Wever
• [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Christian Göttsche
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Solar Designer
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
  • Re: [oss-security] libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Tianyu Chen
  • [oss-security] Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue Andrew G. Morgan
• [oss-security] CVE-2026-33227: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ Web: Improper Limitation of a Pathname to a Restricted Directory Christopher L. Shannon
• [oss-security] CVE-2026-34197: Apache ActiveMQ Broker, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans Christopher L. Shannon
• [oss-security] Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
  • [oss-security] Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
  • Re: [oss-security] Re: Heads-up: Upcoming Samba security releases (2026-04-09) Douglas Bagnall
• [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
  • Re: [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
  • Re: [oss-security] [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Rich Felker
  • [oss-security] Re: [libc musl] - Algorithmic complexity DoS in iconv GB18030 decoder Jens Jarl Nestén Hansen-Nord
• [oss-security] [ANNOUNCE] ATS is vulnerable to HTTP requests with body Masakazu Kitajo
• [oss-security] Announce: OpenSSH 10.3 released Damien Miller
  • Re: [oss-security] Announce: OpenSSH 10.3 released Agostino Sarubbo
  • Re: [oss-security] Announce: OpenSSH 10.3 released Salvatore Bonaccorso
  • Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
  • Re: [oss-security] Announce: OpenSSH 10.3 released Damien Miller
  • Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
  • Re: [oss-security] Announce: OpenSSH 10.3 released Damien Miller
  • Re: [oss-security] Announce: OpenSSH 10.3 released Demi Marie Obenour
• [oss-security] FW: libinput Security Advisory: multiple security issues in libinput Peter Hutterer
• [oss-security][CVE-2026-5271] Python install manager script aliases search path hijack Alan Coopersmith
• [oss-security] [vim-security] Path traversal issue with zip.vim and special crafted zip archives in Vim < v9.2.0280 Christian Brabandt
• [oss-security] [ADVISORY] CVE-2026-34956: Open vSwitch: Invalid memory access in conntrack FTP alg. Aaron Conole
• [oss-security] Fwd: XZ Utils 5.8.3 and a security fix Sam James
• [oss-security] [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim modeline bypass via various options affects Vim < 9.2.0276 Salvatore Bonaccorso
• [oss-security] Fwd: CVE-2026-5087: PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for Perl generates random bytes insecurely Robert Rothenberg
• [oss-security] CVE-2024-14030: Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library Robert Rothenberg
• [oss-security] CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vulnerable to a buffer overwrite flaw in the Zstandard library Robert Rothenberg
• [oss-security] CVE-2025-15618: Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key Robert Rothenberg
• [oss-security] Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Michael Straßberger
  • Re: [oss-security] Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1] Solar Designer
• [oss-security] PowerDNS Security Advisory 2026-02 for DNSdist: Multiple issues Remi Gacogne
• [oss-security] CVE-2026-32794: Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange Jens Scheffler
• [oss-security] pyca/cryptography: CVE-2026-34073: X.509: bypass of name constraints on wildcard SANs with matching peer names Alan Coopersmith
• [oss-security] The GNU C Library security advisory update for 2026-03-30 Siddhesh Poyarekar
• [oss-security] KVM shadow EPT stale rmap use-after-free Sandipan Roy
  • Re: [oss-security] KVM shadow EPT stale rmap use-after-free Demi Marie Obenour
  • Re: [oss-security] KVM shadow EPT stale rmap use-after-free Solar Designer
• [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Demi Marie Obenour
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 David A. Wheeler
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Solar Designer
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Tianyu Chen
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Christian Brabandt
  • Re: [oss-security] [vim-security] Vim tabpanel modeline escape affects Vim < 9.2.0272 Salvatore Bonaccorso
• [oss-security] CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Stig Palmquist
  • Re: [oss-security] CVE-2026-4176: Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Jacob Bachmeyer
• [oss-security] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
  • [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
  • [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
  • [oss-security] Re: [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability cyber security
  • Re: [oss-security] [CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability Solar Designer
• [oss-security] CVE-2025-15604: Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions Robert Rothenberg
• [oss-security] CVE-2026-3256: HTTP::Session versions through 0.53 for Perl defaults to using insecurely generated session ids Robert Rothenberg
• [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2026-0002 Adrian Perez de Castro
• [oss-security] CVE-2026-1961: Foreman: Remote Code Execution via command injection in WebSocket proxy Ondrej Gajdusek
• [oss-security] Dovecot Security Advisory OXDC-2026-0001 Aki Tuomi
• [oss-security] TigerVNC 1.16.2 security release Alan Coopersmith
• [oss-security] CVE-2026-4851: remote-to-local code execution in GRID::Machine piedcrow
• [oss-security] 7 CVEs fixed in nginx Solar Designer
• [oss-security] CVE-2014-125112: Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution Timothy Legge
• [oss-security] libpng 1.6.56: Two high-severity vulnerabilities fixed: CVE-2026-33416, CVE-2026-33636 Cosmin Truta
• [oss-security] ISC has disclosed four vulnerabilities in BIND 9 (CVE-2026-1519, CVE-2026-3104, CVE-2026-3119, CVE-2026-3591) Nicki Křížek
• [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2026-3608) Peter Davies
• [oss-security] backdoor in litellm version 1.82.7 Jan Schaumann
• [oss-security] [ADVISORY] SQUID-2026:3 Out of Bounds Read in ICP message handling (CVE-2026-33515) Amos Jeffries
• [oss-security] [ADVISORY] SQUID-2026:2 Denial of Service in ICP Request handling (CVE-2026-32748) Amos Jeffries
• [oss-security] [ADVISORY] SQUID-2026:1 Denial of Service in ICP Request handling (CVE-2026-33526) Amos Jeffries
  • Re: [oss-security] [ADVISORY] SQUID-2026:1 Denial of Service in ICP Request handling (CVE-2026-33526) Solar Designer
• [oss-security] NodeJS Security Releases fixes High, 5 Medium, 2 Low severity issues Jan Schaumann
• [oss-security] Xen Security Advisory 482 v3 (CVE-2026-31788) - Linux privcmd driver can circumvent kernel lockdown Xen . org security team
• [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Xen . org security team
  • Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Greg KH
  • Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Greg KH
  • Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Juergen Gross
  • Re: [oss-security] Xen Security Advisory 482 v2 - Linux privcmd driver can circumvent kernel lockdown Andrew Cooper
• [oss-security] The GNU C Library security advisories update for 2026-03-23 Carlos O'Donell
• [oss-security] CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref) Abhinav Agarwal
  • [oss-security] Re: CVE-2026-33150, CVE-2026-33179: libfuse io_uring memory safety vulnerabilities (use-after-free, NULL deref) Abhinav Agarwal
• [oss-security] Trivy github actions repo compromised, infostealer added Alan Coopersmith
  • Re: [oss-security] Trivy github actions repo compromised, infostealer added Jeremy Utiera
  • [oss-security] litellm pypi packages compromised, infostealer added Alan Coopersmith
• [oss-security] pyOpenSSL 26.0.0 released with two CVE fixes Alan Coopersmith
  • Re: [oss-security] pyOpenSSL 26.0.0 released with two CVE fixes Alex Gaynor
• [oss-security] [CVE-2026-30922] Denial of Service in pyasn1 via Unbounded Recursion Alan Coopersmith
• [oss-security] nghttp2 Denial of service: Assertion failure due to the missing state validation Alan Coopersmith
• [oss-security] CVE-2026-32642: Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission Justin Bertram
• [oss-security] Fwd: [CPython][CVE-2026-4519] webbrowser.open() API allows leading dashes Alan Coopersmith
• [oss-security] [vim-security]: Command injection via newline in glob() affects Vim < 9.2.0202 Christian Brabandt
• [oss-security] [kubernetes] CVE-2026-4342: ingress-nginx comment-based nginx configuration injection Tabitha Sable
• [oss-security] Off-by-one heap buffer overflow in libuv Ali Raza
  • [oss-security] Re: Off-by-one heap buffer overflow in libuv Ali Raza
  • [oss-security] Re: Off-by-one heap buffer overflow in libuv Ali Raza
  • [oss-security] Re: Off-by-one heap buffer overflow in libuv Ali Raza
  • Re: [oss-security] Off-by-one heap buffer overflow in libuv Stuart Henderson
• [oss-security] [OSSA-2026-004] Glance: Server-Side Request Forgery (SSRF) vulnerabilities in OpenStack Glance image import functionality (CVE-2026-pending) Brian Rosmaita
• [oss-security] CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack Timothy Legge
• [oss-security] CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes Timothy Legge
  • Re: [oss-security] CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes Salvatore Bonaccorso
• [oss-security] CVE-2026-31973: samtools <= 1.23 NULL pointer dereference in cram-size Robert Davies
• [oss-security] CVE-2026-31972: samtools <= 1.21 Use-after-free in mpileup leading to an invalid read Robert Davies
• [oss-security] HTSlib <= 1.23 Multiple vulnerabilities in the CRAM file reader Robert Davies
• [oss-security] CVE-2026-31970: HTSlib <= 1.23 heap buffer overflow in the BGZF index file reader Robert Davies
• [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2026-0001 Adrian Perez de Castro
• [oss-security] [SBA-ADV-20251205-01] LibreChat 0.8.1-rc2 RAG API Authentication Bypass SBA Research Security Advisory
• [oss-security] libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Sebastian Pipping
  • Re: [oss-security] libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Alan Coopersmith
• [oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888) Qualys Security Advisory
  • Re: [oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888) Michal Zalewski
  • Re: [oss-security] snap-confine + systemd-tmpfiles = root (CVE-2026-3888) Michael Orlitzky
• [oss-security] Xen Security Advisory 481 v2 (CVE-2026-23555) - Xenstored DoS by unprivileged domain Xen . org security team
• [oss-security] Xen Security Advisory 480 v3 (CVE-2026-23554) - Use after free of paging structures in EPT Xen . org security team
• [oss-security] CVE-2026-28563: Apache Airflow: DAG authorization bypass Rahul Vats
• [oss-security] CVE-2026-26929: Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata Rahul Vats
• [oss-security] CVE-2026-28779: Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications Rahul Vats
• [oss-security] CVE-2026-30911: Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization Rahul Vats
• [oss-security] [kubernetes] CVE-2026-3864: CSI Driver for NFS path traversal via subDir may delete unintended directories on the NFS server Rita Zhang
• [oss-security] CVE-2026-4177: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter Timothy Legge
• [oss-security][CVE-2026-3644] CPython Incomplete control character validation in http.cookies Alan Coopersmith
• [oss-security] [CVE-2026-4224] CPython Stack overflow parsing XML with deeply nested DTD content models Alan Coopersmith
• [oss-security] 10+ CVEs in GStreamer Solar Designer
• [oss-security] Foswi­ki 2.1.11 is re­leased, fixes CVE-2026-2861 Michael Daum
  • Re: [oss-security] Foswi­ki 2.1.11 is re­leased, fixes CVE-2026-2861 Solar Designer
  • Re: [oss-security] Foswi­ki 2.1.11 is re­leased, fixes CVE-2026-2861 Michael Daum
• Re: [oss-security] OpenSSH GSSAPI keyex patch issue Solar Designer
  • Re: [oss-security] OpenSSH GSSAPI keyex patch issue Dmitry Belyavskiy
  • Re: [oss-security] OpenSSH GSSAPI keyex patch issue Jeffrey Walton
  • Re: [oss-security] OpenSSH GSSAPI keyex patch issue Dmitry Belyavskiy
  • Re: [oss-security] OpenSSH GSSAPI keyex patch issue Solar Designer
  • Re: [oss-security] OpenSSH GSSAPI keyex patch issue Dmitry Belyavskiy
• [oss-security] CVE-2025-54920: Apache Spark: Spark History Server Code Execution Vulnerability Holden Karau
• [oss-security] Some telnet clients leak environment variables Justin Swartz
  • Re: [oss-security] Some telnet clients leak environment variables Stuart Henderson
  • Re: [oss-security] Some telnet clients leak environment variables Solar Designer

• Earlier messages
• Later messages