oss-security  

Messages by Thread

• • Re: [oss-security] Update on the distro-backdoor-scanner effort Vegard Nossum
  • Re: [oss-security] Update on the distro-backdoor-scanner effort Gabriel Ravier
  • Re: [oss-security] Update on the distro-backdoor-scanner effort Jacob Bachmeyer
  • Re: [oss-security] Update on the distro-backdoor-scanner effort Hank Leininger
• [oss-security] libksieve (used by kmail/kontact) sent password as username Jonas Schäfer
  • Re: [oss-security] libksieve (used by kmail/kontact) sent password as username Salvatore Bonaccorso
• [oss-security] Security Issues and Abandonment of PHP ECC library (mdanter/ecc, phpecc/phpecc) Paragon Initiative Enterprises Security Team
• [oss-security] CVE-2024-0582 - Linux kernel use-after-free vulnerability in io_uring, writeup and exploit strategy Oriol Castejón
• [oss-security] PowerDNS Recursor Security Advisory 2024-02: if recursive forwarding is configured, crafted responses can lead to a denial of service in Recursor Peter van Dijk
• [oss-security] 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
  • [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
  • [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Mark Esler
  • [oss-security] Re: 83 bogus CVEs assigned to Robot Operating System (ROS) Yash Patel
• [oss-security] CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode Imba Jin
• [oss-security] CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin Imba Jin
• [oss-security] CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page Imba Jin
• [oss-security] Wordpress Responsive theme: arbitrary HTML content injection (CVE-2024-2848) Hanno Böck
• Re: [oss-security] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Jeffrey Walton
• [oss-security] [Update] PoC for fdroidserver AllowedAPKSigningKeys certificate pinning bypass Fay Stegerman
• [oss-security] CVE-2024-29733: Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context Elad Kalif
• [oss-security] CVE-2024-29217: Apache Answer: XSS vulnerability when changing personal website Enxin Xie
• [oss-security] flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88 Simon McVittie
• [oss-security] libreswan: IKEv1 default AH/ESP responder can crash and restart David Morel
• [oss-security] CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Ephraim Anierobi
• [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Adhemerval Zanella Netto
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Charles Fol
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Erik Auerswald
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Solar Designer
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Charles Fol
  • Re: [oss-security] The GNU C Library security advisories update for 2024-04-17: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence Florian Weimer
• [oss-security] Terrapin vulnerability in Jenkins CLI client Daniel Beck
• [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Vegard Nossum
  • Re: [oss-security] Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config Jacob Bachmeyer
• Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer
  • Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
  • Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron
  • Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Matt Johnston
  • Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer
  • Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• [oss-security] [kubernetes] CVE-2024-3177: Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Rita Zhang
• [oss-security] CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Fabian Bäumer
• [oss-security] Linux: Disabling network namespaces Solar Designer
  • Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
  • Re: [oss-security] Linux: Disabling network namespaces Solar Designer
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
  • Re: [oss-security] Linux: Disabling network namespaces Mickaël Salaün
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • Re: [oss-security] Linux: Disabling network namespaces Georgia Garcia
  • Re: [oss-security] Linux: Disabling network namespaces Solar Designer
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • Re: [oss-security] Linux: Disabling network namespaces Solar Designer
  • Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • [oss-security] Re: Linux: Disabling network namespaces Priedhorsky, Reid
  • Re: [oss-security] Linux: Disabling network namespaces Solar Designer
  • Re: [oss-security] Linux: Disabling network namespaces Jordan Glover
  • Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • Re: [oss-security] Linux: Disabling network namespaces John Johansen
  • Re: [oss-security] Linux: Disabling network namespaces Simon McVittie
  • Re: [oss-security] Linux: Disabling network namespaces Solar Designer
  • [oss-security] Re: Linux: Disabling network namespaces nightmare . yeah27
  • Re: [oss-security] Re: Linux: Disabling network namespaces John Johansen
  • Re: [oss-security] Linux: Disabling network namespaces Philippe Cerfon
  • Re: [oss-security] Linux: Disabling network namespaces Demi Marie Obenour
• [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Tobias Powalowski
• [oss-security] PHP security releases 8.1.28, 8.2.18, & 8.3.6 Alan Coopersmith
• [oss-security] Re: Fwd: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.12 and Xwayland prior to 23.2.5 Alan Coopersmith
• Re: [oss-security] Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk
• [oss-security] CVE-2024-31391: Apache Solr Operator: Solr-Operator liveness and readiness probes may leak basic auth credentials Jason Gerlowski
• [oss-security] less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
  • Re: [oss-security] less(1) with LESSOPEN mishandles \n in paths Sam James
  • [oss-security] Re: less(1) with LESSOPEN mishandles \n in paths Jakub Wilk
• [oss-security] CVE-2024-27309: Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Colin McCabe
• [oss-security] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Ben Hutchings
  • [oss-security] Buildroot: incorrect permissons on /dev/shm Ben Hutchings
  • [oss-security] Re: Buildroot: incorrect permissons on /dev/shm Ben Hutchings
  • [oss-security] Re: [Buildroot] Buildroot: incorrect permissons on /dev/shm Yann E. MORIN
  • [oss-security] Re: Buildroot: incorrect permissons on /dev/shm Peter Korsgaard
  • [oss-security] Re: [Buildroot] [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Yann E. MORIN
  • [oss-security] Re: [PATCH] package/skeleton-init-sysv: Set sticky bit on /dev/shm Peter Korsgaard
• Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Donald Buczek
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Greg KH
  • Re: [oss-security] New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz
• [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
  • Re: [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Sean Whitton
  • [oss-security] Re: Is CVE-2024-30203 bogus? (Emacs) Max Nikulin
• [oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Tianyu Chen
  • [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
  • [oss-security] Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap
• Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
  • Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
  • Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
  • Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Alejandro Colomar
  • Re: [oss-security] Analysis on who is Jia Tan, and who he could work for, reading xz.git Jacob Bachmeyer
• WELCOME to [email protected] oss-security-help
• ezmlm response oss-security-help
  • ezmlm response oss-security-help
• confirm subscribe to [email protected] oss-security-help
  • confirm subscribe to [email protected] oss-security-help
  • confirm subscribe to [email protected] oss-security-help
  • confirm subscribe to [email protected] oss-security-help

• Later messages