Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

oss-security mailing list - 2014/11/20

• Re: Linux user namespaces can bypass group-based restrictions (Andy Lutomirski <luto@...capital.net>)
• Re: Re: Location of OS security audit reports (Nguyen Cong <cong.nguyenthe@...hiba-tsdv.com>)
• Pending CVE assignments for SA-CORE-2014-006? (Salvatore Bonaccorso <carnil@...ian.org>)
• Re: Linux user namespaces can bypass group-based restrictions - Linux kernel (cve-assign@...re.org)
• Re: CVE request: lsyncd command injection (cve-assign@...re.org)
• Re: Requesting a CVE for pip - Local DoS with predictable temp directory names (cve-assign@...re.org)
• Re: CVE request for check_diskio nagios/icinga plugin (cve-assign@...re.org)
• Re: Re: Linux user namespaces can bypass group-based restrictions (Vitor Ventura <ventura.vitor@...il.com>)
• Re: RE: [security-vendor] Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf,… (Sven Kieske <s.kieske@...twald.de>)
• Re: Location of OS security audit reports (Sven Kieske <s.kieske@...twald.de>)
• Re: Re: Location of OS security audit reports (Niklas Kielblock <niklas@...derschwe.in>)
• Re: Re: Linux user namespaces can bypass group-based restrictions (Simon McVittie <smcv@...ian.org>)
• Re: Re: Location of OS security audit reports (Mark Kipyegon <mkipyegon@...look.com>)
• Re: Re: Location of OS security audit reports (Solar Designer <solar@...nwall.com>)
• Re: Location of OS security audit reports (Alexander Cherepanov <cherepan@...me.ru>)
• Fuzzing project brainstorming (Hanno Böck <hanno@...eck.de>)
• Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less (Alexander Cherepanov <cherepan@...me.ru>)
• Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less (Hanno Böck <hanno@...eck.de>)
• Re: Pending CVE assignments for SA-CORE-2014-006? (Gunnar Wolf <gwolf@...lf.org>)
• CVE request: heap buffer overflow in PCRE (Vasyl Kaigorodov <vkaigoro@...hat.com>)
• Re: Pending CVE assignments for SA-CORE-2014-006? (cve-assign@...re.org)
• Re: CVE request: icecast: possible leak of on-connect scripts (cve-assign@...re.org)
• Re: Fuzzing project brainstorming (Kurt Seifried <kseifried@...hat.com>)
• [AMENDED] [CVE-2014-7829] Arbitrary file existence disclosure in Action Pack (Aaron Patterson <tenderlove@...y-lang.org>)
• Re: Fuzzing project brainstorming (Hanno Böck <hanno@...eck.de>)
• Re: Fuzzing project brainstorming (Sven Kieske <s.kieske@...twald.de>)
• Xen Security Advisory 113 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling (Xen.org security team <security@....org>)
• Re: Fuzzing project brainstorming (Amos Jeffries <squid3@...enet.co.nz>)
• Re: Fuzzing project brainstorming ("M.T. Roebuck" <marvint.roebuck@...ox.lv>)
• Re: Fuzzing project brainstorming (Gynvael Coldwind <gynvael@...dwind.pl>)
• Re: Location of OS security audit reports ("M.T. Roebuck" <marvint.roebuck@...ox.lv>)
• Re: Location of OS security audit reports ("M.T. Roebuck" <marvint.roebuck@...ox.lv>)
• Re: Re: Location of OS security audit reports (Joshua Rogers <oss@...ernot.info>)
• Re: Location of OS security audit reports ("M.T. Roebuck" <marvint.roebuck@...ox.lv>)
• Re: Location of OS security audit reports ("M.T. Roebuck" <marvint.roebuck@...ox.lv>)
• CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified (Francisco Alonso <falonsoe@...hat.com>)
• Re: [security] Pending CVE assignments for SA-CORE-2014-006? (Peter Wolanin <pwolanin@...il.com>)
• Re: Fuzzing project brainstorming (Michal Zalewski <lcamtuf@...edump.cx>)
• Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified (mancha <mancha1@...o.com>)
• Re: Fuzzing project brainstorming (Hanno Böck <hanno@...eck.de>)
• Re: Re: Fuzzing project brainstorming (Hanno Böck <hanno@...eck.de>)
• Re: Re: Fuzzing project brainstorming (Daniel Kahn Gillmor <dkg@...thhorseman.net>)
• WordPress 4.0.1 Security Release (Henri Salo <henri@...v.fi>)
• Fwd: [langsec-discuss] 2nd LangSec workshop at IEEE S&P CFP and website (Sven Kieske <svenkieske@...il.com>)
• Re: Fuzzing project brainstorming (Michal Zalewski <lcamtuf@...edump.cx>)
• RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified ("Mehaffey, John" <John_Mehaffey@...tor.com>)

46 messages

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.