oss-security  

Messages by Thread

• [oss-security] [SECURITY PATCH 2/8] kern/file: Call grub_dl_unref() after fs->fs_close() Daniel Kiper
• [oss-security] [SECURITY PATCH 1/8] commands/test: Fix error in recursion depth calculation Daniel Kiper
• [oss-security] [SECURITY PATCH 0/8] GRUB2 vulnerabilities - 2025/11/18 Daniel Kiper
• [oss-security] lightdm-kde-greeter: Privilege Escalation from lightdm Service User to root in KAuth Helper Service (CVE-2025-62876) Matthias Gerstner
• [oss-security] GitGuardian GGShield SSL/TLS Verification Bypass (No CVE) tanish saxena
• [oss-security] PostgreSQL releases fixes for CVE-2025-12817 & CVE-2025-12818 Alan Coopersmith
• [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
  • Re: [oss-security] CVE-2025-40300 / VMScape Alan Coopersmith
  • Re: [oss-security] CVE-2025-40300 / VMScape Moritz Mühlenhoff
  • Re: [oss-security] CVE-2025-40300 / VMScape Solar Designer
  • Re: [oss-security] CVE-2025-40300 / VMScape Bjoern Franke
• [oss-security] CVE-2025-64503 libcupsfilters, cups-filters 1.x: out of bounds write in pdftoraster Zdenek Dohnal
• [oss-security] CVE-2025-57812 libcupsfilters, cups-filters 1.x: Multiple TIFF-related issues in libcupsfilters Zdenek Dohnal
• [oss-security] CVE-2025-64407: Apache OpenOffice: URL fetching can be used to exfiltrate arbitrary INI file values and environment variables Arrigo Marchiori
• [oss-security] CVE-2025-64406: Apache OpenOffice: Possible memory corruption during CSV import Arrigo Marchiori
• [oss-security] CVE-2025-64405: Apache OpenOffice: Remote documents loaded without prompt via DDE function Arrigo Marchiori
• [oss-security] CVE-2025-64404: Apache OpenOffice: Remote documents loaded without prompt via background and bullet images Arrigo Marchiori
• [oss-security] CVE-2025-64403: Apache OpenOffice: Remote documents loaded without prompt via "external data sources" in Calc Arrigo Marchiori
• [oss-security] CVE-2025-64402: Apache OpenOffice: Remote documents loaded without prompt via OLE objects Arrigo Marchiori
• [oss-security] CVE-2025-64401: Apache OpenOffice: Remote documents loaded without prompt via IFrame Arrigo Marchiori
• [oss-security] CVE-2024-47866 Ceph: RGW DoS via improper input validation. Sage [They / Them] McTaggart
• [oss-security] CVE-2025-61623: Apache OFBiz: Reflected Cross-site Scripting Jacques Le Roux
• [oss-security] CVE-2025-59118: Apache OFBiz: Critical Remote Command Execution via Unrestricted File Upload Jacques Le Roux
• [oss-security] Re: runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 Ali Polatel
• Re: [oss-security] runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881 [email protected]
• [oss-security] scx: Unauthenticated scx_loader D-Bus Service can lead to major Denial-of-Service Matthias Gerstner
• [oss-security] Django CVE-2025-64458 and CVE-2025-64459 Natalia Bidart
• [oss-security] [CVE-2025-62168] SQUID-2025:2 Information Disclosure in Error handling Amos Jeffries
• [oss-security] [CVE-2025-54574] SQUID-2025:1 Buffer Overflow in URN Handling Amos Jeffries
• [oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH Daniel Stenberg
• [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Amos Jeffries
  • Re: [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Solar Designer
  • Re: [oss-security] [CVE-2019-18860] SQUID-2023:6 Cross Site Scripting in cachemgr.cgi Amos Jeffries
• [oss-security] CVE-2025-58337: Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode for doris-mcp-server MCP Server Mingyu Chen
• [oss-security] Becoming a CVE Naming Authority for your project Rodrigo Freire
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Greg KH
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Olle E. Johansson
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Pedro Sampaio
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Peter Gutmann
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Matthew Fernandez
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Art Manion
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Pedro Sampaio
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Olle E. Johansson
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Peter Gutmann
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Yogesh Mittal
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Pat Gunn
  • Re: [oss-security] Becoming a CVE Naming Authority for your project Jeremy Stanley
• [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
  • Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Demi Marie Obenour
  • Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
  • Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Salvatore Bonaccorso
  • Re: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley
  • [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) Jeremy Stanley
• [oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes Daniel Stenberg
• [oss-security] OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875) Matthias Gerstner
• [oss-security] CVE-2025-62232: Apache APISIX: APISIX basic-auth logs plaintext credentials at info level Ashish Tiwari
• [oss-security] CVE-2025-62503: Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables) Kaxil Naik
• [oss-security] CVE-2025-62402: Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API Kaxil Naik
• [oss-security] CVE-2025-54941: Apache Airflow: Command injection in "example_dag_decorator" Kaxil Naik
• [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-11232) Wlodek Wencel
• [oss-security] CVE-2025-30189: Dovecot IMAP Server: Using auth caching causes the first lookup to be cached for all lookups Camelia Lavender
• [oss-security] CVE-2025-61795: Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS Mark Thomas
• [oss-security] CVE-2025-55754: Apache Tomcat: console manipulation via escape sequences in log messages Mark Thomas
• [oss-security] CVE-2025-55752: Apache Tomcat: Directory traversal via rewrite with possible RCE if PUT is enabled Mark Thomas
• [oss-security] Questionable CVE's reported against dnsmasq Alan Coopersmith
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Jeremy Stanley
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Andrew Latham
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Stuart Henderson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Matthew Fernandez
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Eli Schwartz
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Stuart Henderson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Salvatore Bonaccorso
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Petr Menšík
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Sebastian Pipping
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Jeffrey Walton
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Moritz Mühlenhoff
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Collin Funk
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Michael Orlitzky
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Hank Leininger
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Douglas Bagnall
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Collin Funk
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Solar Designer
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Jeremy Stanley
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Russ Allbery
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Alexander Patrakov
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Jacob Bachmeyer
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Jeffrey Walton
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Peter Gutmann
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Art Manion
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Pedro Sampaio
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Olle E. Johansson
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Demi Marie Obenour
  • Re: [oss-security] Questionable CVE's reported against dnsmasq nightmare . yeah27
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Simon McVittie
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Alan Coopersmith
  • Re: [oss-security] Questionable CVE's reported against dnsmasq Christian Fischer
• [oss-security] OOB read / segfault and endless loop in courier mail server 1.5.0 Hanno Böck
• [oss-security] Xen Security Advisory 476 v1 (CVE-2025-58149) - Incorrect removal of permissions on PCI device unplug Xen . org security team
• [oss-security] PowerDNS Security Advisory 2025-06: Crafted delegations or IP fragments can poison cached delegations in Recursor Otto Moerbeek
• [oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2025-8677, CVE-2025-40778, CVE-2025-40780) Michał Kępień
• [oss-security] Xen Security Advisory 475 v2 (CVE-2025-58147,CVE-2025-58148) - x86: Incorrect input sanitisation in Viridian hypercalls Xen . org security team
• [oss-security] CVE-2025-57738: Apache Syncope: Remote Code Execution by delegated administrators Francesco Chicchiriccò
• [oss-security] CVE-2025-61581: Apache Traffic Control: ReDoS issue in Traffic Router configuration Arnout Engelen
• [oss-security] CVE-2025-61733: Apache Kylin: Authentication bypass Li Yang
• [oss-security] CVE-2025-55039: Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks Holden Karau
• [oss-security] Resource consumption weakness in Postgres-using applications & frameworks Peter Bex
• [oss-security] Announce: OpenSSH 10.2 released Damien Miller
• [oss-security] Announce: OpenSSH 10.1 released Damien Miller
  • Re: [oss-security] Announce: OpenSSH 10.1 released David Leadbeater
  • Re: [oss-security] Announce: OpenSSH 10.1 released Demi Marie Obenour
  • Re: [oss-security] Announce: OpenSSH 10.1 released David Leadbeater
• [oss-security] CVE-2025-48459: Apache IoTDB: Deserialization of untrusted Data Haonan Hou
• [oss-security] CVE-2025-54539: Apache ActiveMQ NMS AMQP Client: Deserialization of Untrusted Data Krzysztof Porębski
• [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time Jeffrey Walton
  • Re: [oss-security] BoringSSL private key loading is not constant time Peter Gutmann
  • Re: [oss-security] BoringSSL private key loading is not constant time Alex Gaynor
  • Re: [oss-security] BoringSSL private key loading is not constant time Peter Gutmann
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time Demi Marie Obenour
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time David Benjamin
  • Re: [oss-security] BoringSSL private key loading is not constant time Jacob Bachmeyer
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time Jacob Bachmeyer
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time Hanno Böck
  • Re: [oss-security] BoringSSL private key loading is not constant time Alex Gaynor
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
  • Re: [oss-security] BoringSSL private key loading is not constant time Billy Brumley
• [oss-security] redis: CVE-2025-49844: Lua Use-After-Free may lead to remote code execution Jan Schaumann
• [oss-security] Go 1.25.2 and Go 1.24.8 fix 10 vulnerabilities Alan Coopersmith
• [oss-security] [Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244) VMware PSIRT
• [oss-security] several vulnerabilities fixed in Go 1.25.2 and Go 1.24.8 Jan Schaumann
• [oss-security] CVE-2024-44088: Apache Geode: Reflected XSS William Hodges
• [oss-security] FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin Marco Benatto
• [oss-security] libexpat 2.7.3 improves fixes to CVE-2024-8176 and CVE-2025-59375 Sebastian Pipping
• [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Vincent Lefevre
  • Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Solar Designer
  • Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Vincent Lefevre
  • Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Jacob Bachmeyer
  • Re: [oss-security] rplay (Mark R. Boyns) potential security issues (unsanitized data, unchecked malloc...) Fabio Degrigis
• [oss-security] CVE-2025-61735: Apache Kylin: Server-Side Request Forgery Li Yang
• Re: [oss-security] Linux kernel: KASAN: out-of-bounds Read in proc_pid_stack on RISC-V Solar Designer
• [oss-security] CVE-2025-61734: Apache Kylin: improper restriction of file read Li Yang
• [oss-security] Fwd: Heads-up: Upcoming Samba security releases Douglas Bagnall
  • [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Demi Marie Obenour
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Peter Gutmann
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
  • RE: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Caveney, Seamus G
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Douglas Bagnall
  • Re: [oss-security] Samba security releases for CVE-2025-10230 and CVE-2025-9640 Demi Marie Obenour
• [oss-security] CVE-2025-47410: Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system William Hodges
• [oss-security] WebKitGTK and WPE WebKit Security Advisory WSA-2025-0007 Adrian Perez de Castro
• [oss-security] GHSL-2025-042: Use After Free (UAF) in Poppler - CVE-2025-52885 Alan Coopersmith
• [oss-security] CVE-2025-62228: Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers Leonard Xu
• [oss-security] fetchmail-SA-2025-01: SMTP AUTH denial of service Alan Coopersmith
  • Re: [oss-security] fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962. Matthias Andree
• [oss-security] Django CVE-2025-59681 and CVE-2025-59682 Jacob Walls
• [oss-security] CVE-2025-61622: Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory Chaokun Yang
• [oss-security] malware in SoopSocks package on PyPi Alan Coopersmith
• [oss-security] How to do secure coding and create secure software Amit
  • Re: [oss-security] How to do secure coding and create secure software Solar Designer
  • Re: [oss-security] How to do secure coding and create secure software Jeremy Stanley
  • Re: [oss-security] How to do secure coding and create secure software Amit
  • Re: [oss-security] How to do secure coding and create secure software lists
  • Re: [oss-security] How to do secure coding and create secure software Solar Designer
  • Re: [oss-security] How to do secure coding and create secure software Jacob Bachmeyer
  • Re: [oss-security] How to do secure coding and create secure software Solar Designer
  • Re: [oss-security] Shellshock (was: How to do secure coding and create secure software) David A. Wheeler
  • Re: [oss-security] How to do secure coding and create secure software Amit
  • Re: [oss-security] How to do secure coding and create secure software Solar Designer
  • Re: [oss-security] How to do secure coding and create secure software Eli Schwartz
  • Re: [oss-security] How to do secure coding and create secure software Jeffrey Walton
  • Re: [oss-security] How to do secure coding and create secure software Amit
  • Re: [oss-security] How to do secure coding and create secure software Dan Cross
  • Re: [oss-security] How to do secure coding and create secure software Dan Cross
  • Re: [oss-security] How to do secure coding and create secure software Jeremy Stanley
  • Re: [oss-security] How to do secure coding and create secure software David A. Wheeler
  • Re: [oss-security] How to do secure coding and create secure software Amit

• Earlier messages
• Later messages