oss-security

Messages by Date

2026/01/03 Re: [oss-security] Best practices for signature verifcation Demi Marie Obenour
2026/01/03 Re: [oss-security] Re: Best practices for signature verifcation Demi Marie Obenour
2026/01/02 Re: [oss-security] Systemd vsock sshd Carlos Rodriguez-Fernandez
2026/01/02 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2026/01/02 Re: [oss-security] Re: Best practices for signature verifcation Demi Marie Obenour
2026/01/02 Re: [oss-security] Systemd vsock sshd wish42offcl98
2026/01/02 Re: [oss-security] Re: Best practices for signature verifcation Peter Gutmann
2026/01/02 Re: [oss-security] Best practices for signature verifcation Soatok Dreamseeker
2026/01/01 Re: [oss-security] Best practices for signature verifcation Clemens Lang
2026/01/01 Re: [oss-security] Re: Best practices for signature verifcation Ali Polatel
2026/01/01 [oss-security] Re: Best practices for signature verifcation Simon Josefsson
2025/12/31 Re: [oss-security] Systemd vsock sshd Pat Gunn
2025/12/31 Re: [oss-security] Re: Best practices for signature verifcation Demi Marie Obenour
2025/12/31 Re: [oss-security] Re: Best practices for signature verifcation Collin Funk
2025/12/31 Re: [oss-security] Best practices for signature verifcation Steffen Nurpmeso
2025/12/31 [oss-security] CVE-2025-48769: Apache NuttX RTOS: fs/vfs/fs_rename: use after free Tomasz Cedro
2025/12/31 [oss-security] CVE-2025-48768: Apache NuttX RTOS: fs/inode: fs_inoderemove root inode removal Tomasz Cedro
2025/12/31 [oss-security] Re: Best practices for signature verifcation Simon Josefsson
2025/12/31 Re: [oss-security] safe use of cleartext signatures? Werner Koch
2025/12/31 Re: [oss-security] Many vulnerabilities in GnuPG Peter Gutmann
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Jeffrey Walton
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Jacob Bachmeyer
2025/12/30 Re: [oss-security] Re: Best practices for signature verifcation Eli Schwartz
2025/12/30 Re: [oss-security] Re: Best practices for signature verifcation Eli Schwartz
2025/12/30 [oss-security] Re: Best practices for signature verifcation Ali Polatel
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Collin Funk
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Henrik Ahlgren
2025/12/30 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Sam James
2025/12/30 Re: [oss-security] Systemd vsock sshd Demi Marie Obenour
2025/12/30 Re: [oss-security] safe use of cleartext signatures? Demi Marie Obenour
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Peter Gutmann
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Demi Marie Obenour
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Demi Marie Obenour
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Jacob Bachmeyer
2025/12/30 Re: [oss-security] safe use of cleartext signatures? Werner Koch
2025/12/30 Re: [oss-security] safe use of cleartext signatures? (was: Many vulnerabilities in GnuPG) Jacob Bachmeyer
2025/12/30 [oss-security] Systemd vsock sshd wish42offcl98
2025/12/30 Re: [oss-security] Systemd vsock sshd Jacob Bachmeyer
2025/12/30 Re: [oss-security] Many vulnerabilities in GnuPG Alan Coopersmith
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Demi Marie Obenour
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Peter Gutmann
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Sam James
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Henrik Ahlgren
2025/12/29 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/29 [oss-security] "MongoBleed" CVE-2025-14847 in many versions of MongoDB Alan Coopersmith
2025/12/29 Re: [oss-security] Systemd vsock sshd Pat Gunn
2025/12/29 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/29 [oss-security] BSDiff (bspatch): remotely triggerable out-of-bound memory access Steffen Nurpmeso
2025/12/29 Re: [oss-security] Best practices for signature verifcation Max Jonas Werner
2025/12/29 Re: [oss-security] Best practices for signature verifcation Steffen Nurpmeso
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Lexi Groves (49016)
2025/12/29 [oss-security] CVE-2025-47411: Apache StreamPipes: Leverage of User ID for Privilege Escalation Philipp Zehnder
2025/12/29 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/29 Re: [oss-security] Systemd vsock sshd Benjamin McMahon
2025/12/29 [oss-security] Re: Many vulnerabilities in GnuPG Andreas Metzler
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Neal Gompa
2025/12/29 [oss-security] Re: Best practices for signature verifcation kf503bla
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Werner Koch
2025/12/29 Re: [oss-security] Many vulnerabilities in GnuPG Stephan Verbücheln
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Salvatore Bonaccorso
2025/12/28 Re: [oss-security] Systemd vsock sshd Jacob Bachmeyer
2025/12/28 Re: [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Demi Marie Obenour
2025/12/28 [oss-security] Best practices for signature verifcation Demi Marie Obenour
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Jeffrey Walton
2025/12/28 Re: [oss-security] Systemd vsock sshd Sam James
2025/12/28 Re: [oss-security] Systemd vsock sshd Sam James
2025/12/28 Re: [oss-security] Systemd vsock sshd yen-mummify-yeah
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Sam James
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Sam James
2025/12/28 Re: [oss-security] Many vulnerabilities in GnuPG Stephan Verbücheln
2025/12/27 Re: [oss-security] Many vulnerabilities in GnuPG Jacob Bachmeyer
2025/12/27 [oss-security] Systemd vsock sshd Greg Dahlman
2025/12/27 [oss-security] Many vulnerabilities in GnuPG Demi Marie Obenour
2025/12/27 [oss-security] CVE-2025-68637: : Insecure SSL Configuration in Uniffle HTTP Client roryqi
2025/12/27 [oss-security] CVE-2025-68460/CVE-2025-68461: Roundcube XSS + I-D prior to 1.5.12/1.6.12 Valtteri Vuorikoski
2025/12/26 [oss-security] [Advisory] WebKit/iOS 26.2: Gigacage Boundary Violation via Logic Flaw enabling OOB Access Joseph Goydish II
2025/12/26 [oss-security] CVE-2018-25153 against GNU barcode seems bogus Collin Funk
2025/12/20 [oss-security] A couple of security issues? Artem S. Tashkinov
2025/12/20 [oss-security] Re: A couple of security issues? Greg KH
2025/12/19 [oss-security] Avahi simple protocol server accepts unlimited connections [CVE-2025-59529] Alan Coopersmith
2025/12/18 [oss-security] Release: CVE-2025-67896: EXIM-Security-2025-12-09.1: Exim 4.99.1 released Heiko Schlittermann
2025/12/18 [oss-security] CVE-2025-66524: Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor David Handermann
2025/12/18 [oss-security] CVE-2025-68161: Apache Log4j Core: Missing TLS hostname verification in Socket appender Piotr Karwasz
2025/12/17 [oss-security] [kubernetes] CVE-2025-14269: Credential caching in Headlamp with Helm enabled Craig Ingram
2025/12/16 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0010 Adrian Perez de Castro
2025/12/16 Re: [oss-security] [CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings Jacob Bachmeyer
2025/12/16 [oss-security] [CVE-2025-14282] dropbear: privilege escalation via unix domain socket forwardings turistu
2025/12/16 [oss-security] CVE-2025-67895: Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2 Jarek Potiuk
2025/12/16 [oss-security] Dropbear 2025.89 fixes privilege escalation, CVE-2025-14282 Matt Johnston
2025/12/16 [oss-security] XXE vulnerabilities in electronic invoicing software (Kivitendo, peppol-py, ZUV) Hanno Böck
2025/12/15 [oss-security] uriparser 1.0.0 fixes CVE-2025-67899 (DoS, CWE-674) Sebastian Pipping
2025/12/14 [oss-security] additional React vulnerabilities (CVE-2025-55183, CVE-2025-55184, CVE-2025-67779) Jan Schaumann
2025/12/14 [oss-security] Re: Update: CVE-2025-67896: EXIM-Security-2025-12-09.1: Exim 4.99: Remote heap corruption Heiko Schlittermann
2025/12/12 Re: [oss-security] CVE-2025-54947: Apache StreamPark: Use hard-coded key vulnerability Solar Designer
2025/12/12 [oss-security] CVE-2025-54947: Apache StreamPark: Use hard-coded key vulnerability Huajie Wang
2025/12/12 [oss-security] CVE-2025-54981: Apache StreamPark: Weak Encryption Algorithm in StreamPark Huajie Wang
2025/12/12 [oss-security] CVE-2025-65995: Apache Airflow: Disclosure of secrets to UI via kwargs Ephraim Anierobi
2025/12/12 [oss-security] CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI Ephraim Anierobi
2025/12/11 [oss-security] CVE-2025-58137: Apache Fineract: IDOR via self-service API Adam Monsen
2025/12/11 [oss-security] CVE-2025-58130: Apache Fineract: Server Key not masked Adam Monsen
2025/12/11 [oss-security] CVE-2025-23408: Apache Fineract: weak password policy Adam Monsen
2025/12/11 Re: [oss-security] CVE-2025-8110 in Gogs self-hosted git service Martin Weinelt
2025/12/11 Re: [oss-security] CVE-2025-8110 in Gogs self-hosted git service Jakub Wilk
2025/12/11 [oss-security] Update: EXIM-Security-2025-12-09.1: Exim 4.99: Remote heap corruption Heiko Schlittermann
2025/12/10 Re: [oss-security] LibreOffice puts searched text into the PRIMARY selection (Linux, X11) Vincent Lefevre
2025/12/10 [oss-security] CVE-2025-8110 in Gogs self-hosted git service Alan Coopersmith
2025/12/10 [oss-security] smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003) Matthias Gerstner
2025/12/10 Re: [oss-security] LibreOffice puts searched text into the PRIMARY selection (Linux, X11) Marco Moock
2025/12/10 [oss-security] Multiple vulnerabilities in Jenkins and Jenkins plugins Kevin Guerroudj
2025/12/10 [oss-security] LibreOffice puts searched text into the PRIMARY selection (Linux, X11) Vincent Lefevre
2025/12/10 [oss-security] CVE-2025-66675: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - version ranges fixed Lukasz Lenart
2025/12/10 [oss-security] EXIM-Security-2025-12-09.1: Exim 4.99: Remote heap corruption Heiko Schlittermann
2025/12/09 [oss-security] CVE-2025-26866: Apache HugeGraph-Server: RAFT and deserialization vulnerability VGalaxies
2025/12/08 Re: [oss-security] CVE-2025-62408: c-ares 1.32.3-1.34.5 use after free() Demi Marie Obenour
2025/12/08 [oss-security] CVE-2025-62408: c-ares 1.32.3-1.34.5 use after free() Brad House
2025/12/08 [oss-security] PowerDNS Security Announcement 2025-07 and 2025-08 regarding PowerDNS Recursor Otto Moerbeek
2025/12/05 [oss-security] CPython vulnerable to CVE-2025-13836, CVE-2025-13837, & CVE-2025-12084 Alan Coopersmith
2025/12/05 [oss-security] CVE-2025-66418 & CVE-2025-66471 fixed in urllib3 2.6.0 Alan Coopersmith
2025/12/05 [oss-security] Go 1.25.5 and Go 1.24.11 are released - fix CVE-2025-61729 & CVE-2025-61727 Alan Coopersmith
2025/12/05 [oss-security] CVE-2025-66566 fixed in lz4-java 1.10.1 Alan Coopersmith
2025/12/05 [oss-security] Island: Sandboxing tool powered by Landlock Mickaël Salaün
2025/12/04 [oss-security] React2Shell (CVE-2025-55182/CVE-2025-66478) Jeffrey Walton
2025/12/04 [oss-security] Re: [webkit-gtk] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0009 Adrian Perez de Castro
2025/12/04 [oss-security] CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo Eric Covener
2025/12/04 [oss-security] CVE-2025-65082: Apache HTTP Server: CGI environment variable override Eric Covener
2025/12/04 [oss-security] CVE-2025-59775: Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF Eric Covener
2025/12/04 [oss-security] CVE-2025-58098: Apache HTTP Server: Server Side Includes adds query string to #exec cmd=... Eric Covener
2025/12/04 [oss-security] CVE-2025-55753: Apache HTTP Server: mod_md (ACME), unintended retry intervals Eric Covener
2025/12/04 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0009 Adrian Perez de Castro
2025/12/04 [oss-security] CVE-2025-66516: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected Tim Allison
2025/12/03 [oss-security] CVE-2025-53960: Apache StreamPark: Use the user’s password as the secret key Vulnerability Huajie Wang
2025/12/03 Re: [oss-security] libpng 1.6.52: Out-of-bounds vulnerability fixed: CVE-2025-66293 Greg Roelofs
2025/12/03 Re: [oss-security] libpng 1.6.52: Out-of-bounds vulnerability fixed: CVE-2025-66293 Cosmin Truta
2025/12/03 Re: [oss-security] libpng 1.6.52: Out-of-bounds vulnerability fixed: CVE-2025-66293 Alan Coopersmith
2025/12/03 [oss-security] libpng 1.6.52: Out-of-bounds vulnerability fixed: CVE-2025-66293 Cosmin Truta
2025/12/03 [oss-security] CVE-2025-55182: RCE in React Server Components Jan Schaumann
2025/12/03 Re: [oss-security] 5 CVE's fixed in Fluent Bit Christian Fischer
2025/12/03 Re: [oss-security] Questionable CVE's reported against dnsmasq Christian Fischer
2025/12/02 [oss-security] FW: X.Org Security Advisory: multiple security issues in xkbcomp Peter Hutterer
2025/12/02 [oss-security] [vim-security] A Windows uncontrolled search path vulnerability affects Vim < 9.1.1947 Christian Brabandt
2025/12/02 Re: [oss-security] 5 CVE's fixed in Fluent Bit Christian Brabandt
2025/12/02 [oss-security] Django CVE-2025-13372 and CVE-2025-64460 Natalia Bidart
2025/12/02 Re: [oss-security] 5 CVE's fixed in Fluent Bit Christian Fischer
2025/12/01 [oss-security] expat looking for help with another unfixed non-public denial-of-service vulnerability [CVE-2025-66382] Alan Coopersmith
2025/12/01 Re: [oss-security] 5 CVE's fixed in Fluent Bit Christian Brabandt
2025/12/01 [oss-security] CVE-2025-12183 in lz4-java, fixed in new fork Alan Coopersmith
2025/12/01 [oss-security] [kubernetes] CVE-2025-13281: Portworx Half-Blind SSRF in kube-controller-manager Nathan Herz
2025/12/01 [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0008 Adrian Perez de Castro
2025/12/01 [oss-security] CVE-2025-64775: Apache Struts: File leak in multipart request processing causes disk exhaustion (DoS) - S2-068 Lukasz Lenart
2025/11/30 [oss-security] CVE-2025-59789: Apache bRPC: Stack Exhaustion via Unbounded Recursion in JSON Parser Wang Weibing
2025/11/28 [oss-security] CVE-2025-59792: Apache Kvrocks: MONITOR command reveals plaintext credentials to non-admins Hulk Lin
2025/11/28 [oss-security] CVE-2025-59790: Apache Kvrocks: RESET command grants admin privileges Hulk Lin
2025/11/28 [oss-security] CVE-2023-48796: Apache DolphinScheduler: Sensitive information disclosure Lidong Dai
2025/11/27 [oss-security] CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues Zdenek Dohnal
2025/11/27 [oss-security] CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack Zdenek Dohnal
2025/11/26 [oss-security] CVE-2025-59454: Apache CloudStack: Lack of user permission validation leading to data leak for few APIs Harikrishna Patnala
2025/11/26 [oss-security] CVE-2025-59302: Apache CloudStack: Potential remote code execution on Javascript engine defined rules Harikrishna Patnala
2025/11/26 [oss-security] CVE-2025-54057: Apache SkyWalking: Stored XSS vulnerability Zhenxu Ke
2025/11/26 [oss-security] Unbound: 1.24.2 addresses CVE-2025-11411 (again) Yorgos Thessalonikefs
2025/11/26 [oss-security] CVE-2025-62728: Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs Stamatis Zampetakis
2025/11/26 [oss-security] 5 CVE's fixed in Fluent Bit Alan Coopersmith
2025/11/25 [oss-security] CVE-2025-59390: Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly. Karan Kumar
2025/11/24 [oss-security] CVE-2025-65998: Apache Syncope: Default AES key used for internal password encryption Francesco Chicchiriccò
2025/11/21 [oss-security] libpng 1.6.51: Four buffer overflow vulnerabilities fixed: CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018 Cosmin Truta
2025/11/20 [oss-security] gnutls 3.8.11 released with fix for CVE-2025-9820 Alan Coopersmith
2025/11/20 [oss-security] CVE-2025-64524 cups-filters: Heap Buffer Overflow in rastertopclx Filter Leading to Potential Arbitrary Code Execution Zdenek Dohnal
2025/11/19 [oss-security] CVE-2025-64408: Apache Causeway: Java deserialization vulnerability to authenticated attackers Dan Haywood
2025/11/18 Re: [oss-security] SQLite - Integer Overflow in FTS5 Extension [CVE-2025-7709] John Hein
2025/11/18 [oss-security] [SECURITY PATCH 8/8] commands/usbtest: Ensure string length is sufficient in usb string processing Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 7/8] commands/usbtest: Use correct string length field Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 6/8] tests/lib/functional_test: Unregister commands on module unload Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 5/8] normal/main: Unregister commands on module unload Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 4/8] gettext/gettext: Unregister gettext command on module unload Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 3/8] net/net: Unregister net_set_vlan command on unload Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 2/8] kern/file: Call grub_dl_unref() after fs->fs_close() Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 1/8] commands/test: Fix error in recursion depth calculation Daniel Kiper
2025/11/18 [oss-security] [SECURITY PATCH 0/8] GRUB2 vulnerabilities - 2025/11/18 Daniel Kiper
2025/11/17 [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) Jeremy Stanley
2025/11/17 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
2025/11/17 [oss-security] lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) Matthias Gerstner
2025/11/17 Re: [oss-security] CVE-2025-40300 / VMScape Solar Designer
2025/11/17 Re: [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
2025/11/17 [oss-security] GitGuardian GGShield SSL/TLS Verification Bypass (No CVE) tanish saxena
2025/11/16 Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Salvatore Bonaccorso
2025/11/14 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
2025/11/14 [oss-security] PostgreSQL releases fixes for CVE-2025-12817 & CVE-2025-12818 Alan Coopersmith
2025/11/14 Re: [oss-security] CVE-2025-40300 / VMScape Moritz Mühlenhoff
2025/11/14 Re: [oss-security] Questionable CVE's reported against dnsmasq Jeffrey Walton
2025/11/14 Re: [oss-security] CVE-2025-40300 / VMScape Alan Coopersmith
2025/11/13 [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Jacob Bachmeyer
2025/11/13 Re: [oss-security] Questionable CVE's reported against dnsmasq Alexander Patrakov
2025/11/12 Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
2025/11/12 [oss-security] CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write in pdftoraster Zdenek Dohnal
2025/11/12 [oss-security] CVE-2025-57812 libcupsfilters, cups-filters 1.x: Multiple TIFF-related issues in libcupsfilters Zdenek Dohnal
2025/11/11 [oss-security] CVE-2025-64407: Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Arrigo Marchiori
2025/11/11 [oss-security] CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import Arrigo Marchiori

Earlier messages