oss-security  

Messages by Thread

• • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Vegard Nossum
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Marco Benatto
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump David Fernandez Gonzalez
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Zbigniew Jędrzejewski-Szmek
  • Re: [oss-security] Local information disclosure in apport and systemd-coredump Solar Designer
• [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Andrei Pavel
  • Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
  • Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jakub Wilk
  • Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
  • Re: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Matthias Gerstner
  • RE: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803) Jounee Kim
  • [oss-security] how to unsubscribe (Re: ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)) Solar Designer
• [oss-security] CVE-2025-48734: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default Gary D. Gregory
• [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL Daniel Stenberg
• [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL Daniel Stenberg
• [oss-security] CVE-2025-27528: Apache InLong: JDBC Vulnerability for Invisible Character Bypass Leading to Arbitrary File Read Charles Zhang
• [oss-security] CVE-2025-27522: Apache InLong: JDBC Vulnerability during verification processing Charles Zhang
• [oss-security] CVE-2025-27526: Apache InLong: JDBC Vulnerability For URLEncode and backspace bypass Charles Zhang
• [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
  • Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Simon McVittie
  • Re: [oss-security] CVE-2025-5278: Heap Buffer Overflow in GNU Coreutils sort Alan Coopersmith
• [oss-security] Xen Security Advisory 468 v3 (CVE-2025-27462,CVE-2025-27463,CVE-2025-27464) - WinPVDrivers: Excessive permissions on user-exposed devices Xen . org security team
• [oss-security] CVE-2025-35003: Apache NuttX RTOS: NuttX Bluetooth Stack HCI and UART DoS/RCE Vulnerabilities. Tomasz Cedro
• [oss-security] CVE-2025-48708: ghostscript can embed plaintext password in encrypted PDFs Alan Coopersmith
• [oss-security] Perl 5.40 dir dup bug with threading: security consequences Vincent Lefevre
  • Re: [oss-security] Perl 5.40 dir dup bug with threading: security consequences Stig Palmquist
• [oss-security] CVE-2025-4575: OpenSSL: The x509 application adds trusted use instead of rejected use Tomas Mraz
• [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure Nicki Křížek
• [oss-security] CVE-2025-3908: OpenVPN 3 Linux v24.1 released David Sommerseth
• [oss-security] Landlock news #5 Mickaël Salaün
• [oss-security] The GNU C Library security advisories update for 2025-05-16 Carlos O'Donell
  • Re: [oss-security] The GNU C Library security advisories update for 2025-05-16 Solar Designer
  • RE: [oss-security] The GNU C Library security advisories update for 2025-05-16 Caveney, Seamus G
• [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Alan Coopersmith
  • Re: [oss-security] CPython CVE-2025-4516: Use-after-free crash using bytes.decode("unicode_escape", error="ignore|replace") Hanno Böck
• [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0004 Adrian Perez de Castro
• [oss-security] CVE-2025-26864: Apache IoTDB: Exposure of Sensitive Information in IoTDB OpenID Authentication Haonan Hou
• [oss-security] CVE-2025-26795: Apache IoTDB JDBC driver: Exposure of Sensitive Information in IoTDB JDBC driver Haonan Hou
• [oss-security] CVE-2024-24780: Apache IoTDB: Remote Code Execution with untrusted URI of User-defined function Haonan Hou
• [oss-security] EU Vulnerability Database Graeme Fowler
  • Re: [oss-security] EU Vulnerability Database Stuart Henderson
  • Re: [oss-security] EU Vulnerability Database Stuart Henderson
  • Re: [oss-security] EU Vulnerability Database Rolf Reintjes
  • [oss-security] Re: EU Vulnerability Database gmane.io
  • Re: [oss-security] EU Vulnerability Database Solar Designer
• [oss-security] Xen Security Notice 3 (CVE-2024-45332) Intel Branch Privilege Injection Andrew Cooper
• [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
  • Re: [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Marco Benatto
  • [oss-security] Re: VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack Asad Ahmed
• [oss-security] CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression Dongjoon Hyun
• [oss-security] CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
• [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools VMware PSIRT
  • Re: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools Solar Designer
• [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Simon McVittie
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz
  • Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer
  • Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann
  • Re: [oss-security] describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell
  • Re: [oss-security] describing affected systems Eli Schwartz
  • Re: [oss-security] screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner
• [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Alan Coopersmith
  • Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
  • Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Matt Johnston
  • Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Albert Veli
  • Re: [oss-security] Dropbear SSH 2025.88 fixes CVE-2025-47203 Dave Hart
• [oss-security] CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation Alan Coopersmith
• [oss-security] CVE-2025-46392: Apache Commons Configuration: StackOverflowError loading untrusted configuration Arnout Engelen
• [oss-security] CVE-2025-1948 & CVE-2024-13009: DoS and infoleak in Jetty Valtteri Vuorikoski
• [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
  • Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
  • [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
  • Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
  • Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Yogesh Mittal
  • [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Rafael Gonzaga
  • Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Solar Designer
  • Re: [oss-security] Fwd: Node.js security updates for all active release lines, May 2025 Salvatore Bonaccorso
• [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs Jay Faulkner
• [oss-security] CVE-2025-32873: Django: Denial-of-service possibility in strip_tags() Natalia Bidart
• [oss-security] Go 1.24.3 fixes CVE-2025-22873: os: Root permits access to parent directory Alan Coopersmith
• [oss-security] CVE-2025-27533: Apache ActiveMQ: Unchecked buffer length can cause excessive memory allocation Christopher L. Shannon
• [oss-security] CVE-2025-47153: out-of-bounds access in some 32-bit builds of Node.js Alan Coopersmith
• [oss-security] CVE-2025-46762: Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata Gang Wu
• [oss-security] PowerDNS Security Advisory 2025-02: Denial of service via crafted DoH exchange Remi Gacogne
• [oss-security] CVE-2025-31651: Apache Tomcat: Bypass of rules in Rewrite Valve Mark Thomas
• [oss-security] CVE-2025-31650: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame Mark Thomas
• [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c xiaolin
  • Re: [oss-security] CVE-2024-56431: libtheora: incorrect bitwise shift in huffdec.c Solar Designer
• [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Jan Engelhardt
  • Re: [oss-security] Re: Trailing dot in Cygwin filenames [was: failed to clone iptables,ipset,nftables] Werner Koch
• [oss-security] CVE-2024-56430: openfhe: OpenFHE through 1.2.3 has a NULL pointer dereference bug xiaolin
• [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow 田世林
  • Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
  • Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jakub Wilk
  • Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Solar Designer
  • Re: [oss-security] CVE-2025-3512: Qt Base QTextMarkdownImporter Front Matter Buffer Overflow Jacob Bachmeyer
• [oss-security] CVE-2025-23016: Integer & buffer overflow in fastcgi < 2.4.5 Alan Coopersmith
• [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ricardo Branco
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Albert Veli
  • [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Solar Designer
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Demi Marie Obenour
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Jakub Wilk
  • [oss-security] Re: [EXTERNAL] Re: [oss-security] vulnerabilities in busybox tar and cpio tools Ian Norton
  • Re: [oss-security] vulnerabilities in busybox tar and cpio tools Salvatore Bonaccorso
• [oss-security] CVE-2025-26413: Apache Kvrocks: The server was crashed by the negative offset Hulk Lin
• [oss-security] 3 new CVE's in old branch of GNU mailman Alan Coopersmith
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Thomas Ward
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Valtteri Vuorikoski
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jim P.
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Mats Wichmann
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Russ Allbery
  • Re: [oss-security] 3 new CVE's in old branch of GNU mailman Jeremy Reeder
• [oss-security] libarchive 3.7.8 fixed CVE-2024-57970, CVE-2025-1632, & CVE-2025-25724 Alan Coopersmith
• [oss-security] A bowlful of bugs in GNOME's libsoup Alan Coopersmith
• [oss-security] CVE-2025-29953: Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass Arnout Engelen
• [oss-security] CVE program averts swift end Rolf Reintjes
  • Re: [oss-security] CVE program averts swift end Brian Behlendorf
  • Re: [oss-security] CVE program averts swift end Alan Coopersmith
  • Re: [oss-security] CVE program averts swift end Marco Moock
  • Re: [oss-security] CVE program averts swift end Jan Klopper
• [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
  • Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
  • Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
  • Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Solar Designer
  • Re: [oss-security] CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH Fabian Bäumer
• [oss-security] CVE-2024-56736: Apache HertzBeat (incubating): Server-Side Request Forgery (SSRF) in Api Config Oss Chao Gong
• [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
  • Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Solar Designer
  • Re: [oss-security] CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes Stig Palmquist
• [oss-security] Security audit of PHP Alan Coopersmith
  • Re: [oss-security] Security audit of PHP Solar Designer
• [oss-security] CVE-2025-32896: Apache SeaTunnel: Unauthenticated insecure access Hailin Wang
• [oss-security] CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change David M. Johnson
• [oss-security] Re: Announce: OpenSSH 10.0 released Damien Miller
• [oss-security] CVE-2025-31498: c-ares use-after-free Brad House
• [oss-security] Vulnerabilities in Jenkins Docker images Daniel Beck
• [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() ake...@akendo.eu
  • Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Greg KH
  • Re: [oss-security] CVE-2024-50217: Linux kernel: btrfs: Use-after-free of block device file in __btrfs_free_extra_devids() Demi Marie Obenour
• [oss-security] xmlrpc-c bundles a (very old and) vulnerable copy of libexpat Sebastian Pipping
• [oss-security] CVE-2025-27391: Apache ActiveMQ Artemis: Passwords leaking from broker properties in the debug log Domenico Francesco Bruscino
• [oss-security] CVE-2025-30677: Apache Pulsar IO Kafka Connector, Apache Pulsar IO Kafka Connect Adaptor: Sensitive information logged in Pulsar's Apache Kafka Connectors Lari Hotari
• [oss-security] Announce: OpenSSH 10.0 released Damien Miller
• [oss-security] CVE-2025-30215: nats-server: Missing access controls for JS API Phil Pennock
• [oss-security] CVE-2025-31672: Apache POI: parsing OOXML based files (xlsx, docx, etc.), poi-ooxml could read unexpected data if underlying zip has duplicate zip entry names PJ Fanning
• [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Mingcong Bai
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Sebastian Pipping
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Hanno Böck
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. 李亚杰
  • Re: [oss-security] CVE-2025-31344: giflib: The giflib open-source component has a buffer overflow vulnerability. Bernhard Rosenkränzer
• [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0003 Adrian Perez de Castro
• [oss-security] PowerDNS Recursor Security Advisory 2025-01 regarding PowerDNS Recusor 5.2.0 Otto Moerbeek
• [oss-security] CVE-2025-2704 - OpenVPN 2.6.1 through 2.6.13 with possible DoS David Sommerseth
• [oss-security] use-after-free (maybe?) in libspf2 Hanno Böck
• [oss-security] CVE-2025-30232: UAF in Exim 4.96 to 4.98.1 Valtteri Vuorikoski
• [oss-security] CVE-2025-22871 : Go net/http: request smuggling through invalid chunked data Alan Coopersmith
• [oss-security] pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946 Alan Coopersmith
• [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Elad Kalif
  • Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Hanno Böck
  • Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Solar Designer
  • Re: [oss-security] CVE-2025-30473: Apache Airflow Common SQL Provider: Remote Code Execution via Sql Injection Jeffrey Walton
• [oss-security] CVE-2025-3155 GNOME Yelp: Arbitrary file read by abusing ghelp scheme Alan Coopersmith
• [oss-security] CVE-2025-30474: Apache Commons VFS: Failing to find an FTP file can reveal the URI's password in an error message Gary D. Gregory
• [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Enxin Xie
  • Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. Jacob Bachmeyer
  • Re: [oss-security] CVE-2025-29868: Apache Answer: Using externally referenced images can leak user privacy. LinkinStar
• [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
  • [oss-security] Re: XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
  • Re: [oss-security] XZ Utils: Threaded decoder frees memory too early (CVE-2025-31115) Sam James
• [oss-security] [ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages Masakazu Kitajo
• [oss-security] CVE-2025-27556: Django: Potential DoS in LoginView, LogoutView, and set_language() on Windows Natalia Bidart
• [oss-security] CVE-2025-30676: Apache OFBiz: Stored XSS Vulnerability Jacques Le Roux
• [oss-security] CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering Andrea Cosentino
• [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Arthur Mongodin
  • Re: [oss-security] Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol Solar Designer

• Earlier messages
• Later messages