Hi,
Once in a while, Oracle publishes what they call Critical Patch Update
documents, which list many vulnerabilities addressed across many Oracle
products, some of them Open Source and some not. This is great, but it
would be even better if Oracle also communicated to oss-security about
those vu
Severity: critical
Affected versions:
- Apache Wicket 7.0.0 through 7.18.*
- Apache Wicket 8.0.0-M1 through 8.16.*
- Apache Wicket 9.0.0-M1 through 9.18.*
- Apache Wicket 10.0.0-M1 through 10.2.*
Description:
The request handling in the core in Apache Wicket 7.0.0 on any platform allows
an att
On 1/21/25 21:00, Mark Michelson wrote:
Note: This release had to be fast-tracked because the security issue was
made public before an embargo could be lifted. We are awaiting a CVE
assignment and will update this advisory with the CVE number once it is
assigned.
CVE-2025-0650 has been assign
Jenkins is an open source automation server which enables developers around
the world to reliably build, test, and deploy their software.
The following releases contain fixes for security vulnerabilities:
* Bitbucket Server Integration Plugin 4.1.4
* Eiffel Broadcaster Plugin 2.10.3
* GitLab Plug
On Tue, Jan 21, 2025 at 11:38:16PM -0500, Demi Marie Obenour wrote:
> On Tue, Jan 21, 2025 at 06:31:31PM -0800, Tavis Ormandy wrote:
> > It looks like an OEM leaked the patch for a major upcoming CPU
> > vulnerability, i.e. "AMD Microcode Signature Verification
> > Vulnerability":
> >
> > https://
Hello,
For CVE assignments there is no need for a Root CNA. You can request a
CVE ID from any CNA which has a valid scope for the affected
component/product.
Root CNAs work only with other CNAs to onboard them, provide support,
and mediate disputes. Red Hat works in both roles, but only the CNA i
On Wed, Jan 22, 2025 at 12:50:21PM +0100, Greg KH wrote:
> But this topic has come up recently in talking with other open source
> CNA groups. The "real" solution for it is to talk to a different root
> CNA (i.e. anyone other than MITRE). For open source projects, that
> _should_ be Red Hat, but
On Tue, Jan 21, 2025 at 06:31:31PM -0800, Tavis Ormandy wrote:
> It looks like an OEM leaked the patch for a major upcoming CPU
> vulnerability, i.e. "AMD Microcode Signature Verification
> Vulnerability":
>
> https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/
Note: This release had to be fast-tracked because the security issue was
made public before an embargo could be lifted. We are awaiting a CVE
assignment and will update this advisory with the CVE number once it is
assigned.
Description
===
Multiple versions of OVN (Open Virtual Network
Hi all,
On January 10, 2025, we contacted the GNU C Library's security team
about a buffer overflow that we discovered in assert()'s implementation
(CVE-2025-0395). Because this vulnerability seems relatively minor (for
reasons detailed below), it was decided that it could be discussed and
patched
On Wed, Jan 22, 2025 at 11:17:54AM +0100, Matthias Gerstner wrote:
> Hello list,
>
> I am currently experiencing for the second time that a CVE request
> submitted via the Mitre web form [1] is not receiving a response. A
> similar topic was already shortly discussed in the past [2].
>
> I reques
Hello list,
I am currently experiencing for the second time that a CVE request
submitted via the Mitre web form [1] is not receiving a response. A
similar topic was already shortly discussed in the past [2].
I requested two CVEs on Jan 13. One got assigned within 24 hours, for
the other one I sti
12 matches
Mail list logo
