Next Page >>
mailing list
Folks,
We have created the "IPv6 Hackers" mailing-list for discussion of IPv6
security issues. The charter of the list is:
---- cut here ----
This list was created for the discussion of IPv6 security issues and
low/packet-level issues related to the IPv6 protocols. It is meant to
provide forum for IPv6 security researchers and IPv6 networking
professionals to discuss low-level IPv6 networking and security issues
>> more secure system in practice. We propose several small changes in
>> browser behavior and HTTP standards that will make HTTP authentication
>> schemes, such as digest authentication, a viable option in future
>> application development.
>> _______________________________________________
>> Webappsec mailing list
>> Webappsec@lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/webappsec
>>
> _______________________________________________
> Webappsec mailing list
A patch for this issue [1] has been applied to trunk and will be
included in the next releases of 6.0.x and 5.5.x
Credit:
This issue was reported directly [2] to the tomcat users public mailing
list by David Horheim.
Security researchers are reminded that undisclosed vulnerabilities in
Apache Tomcat should, in the first instance, be reported to the private
security mailing list. [3]
References:
. 2009-05-12:
Core notifies Apple Security Team that this is a multi-vendor issue
(affecting, for example, multiple Linux distributions), and asks if the
patch process of the CUPS vulnerability will be coordinated using the
vendor-sec mailing list [2].
. 2009-05-12:
Apple Product Security Team notifies Core they will contact vendor-sec
about this issue very soon and proposes to reschedule the advisory
publication date to June 2nd. The vendor also notifies the issue was
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
ze/MD5 checksum: 970874 2dccfb8e2287cd9e6285545e43dac87a
http://security.debian.org/pool/updates/main/v/vim/vim-python_7.0-122+1etch5_ia64.deb
Size/MD5 checksum: 1585804 06a43c2668bf468ffe521880cc497518
http://security.debian.org/pool/updates/main/v/vim/vim-common_7.0-122+1etch5_ia64.deb
specifications of core protocols and/or providing advice on security
aspects of them.
The call for consensus is available at:
http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
voice your opinion on the relevant mailing-list sending an e-mail to
opsec@ietf.org . You don't need to subscribe to the mailing list to post a
message (although your message will be held for moderator approval before
it is distributed to the list members).
The deadline for posting your opinion is January 9th (next Friday).
> specifications of core protocols and/or providing advice on security
> aspects of them.
>
> The call for consensus is available at:
> http://www.ietf.org/mail-archive/web/opsec/current/msg00373.html . You can
> voice your opinion on the relevant mailing-list sending an e-mail to
> opsec@ietf.org . You don't need to subscribe to the mailing list to post a
> message (although your message will be held for moderator approval before
> it is distributed to the list members).
>
> The deadline for posting your opinion is January 9th (next Friday).
There's a very short reference from May 2007 to the concept of using
different hostnames to protect against XSS:
See Brian Eaton's post to WebSecurity mailing list, May 18th, 2007,
titled "Re: [WEB SECURITY] How to avoid XSS into PDF Files, using java".
http://www.webappsec.org/lists/websecurity/archive/2007-05/msg00087.html
fcorella@pomcor.com wrote:
> Hello,
* number of CVEs/BIDs covered
* relevance of the covered alerts
* sustainable future benefit (e.g. in the case of supporting APIs)
* how well the development was coordinated via the public OpenVAS
mailing lists (teams may win as well)
* code quality (documentation, design, style)
Contest sponsors are (sorted by amount sponsored):
* Intevation GmbH, www.intevation.net
technique described by Michal Zalewski, and the paper references 2
BugTraq submissions by Zalewski that nicely explain this concept. These
are (from the paper):
[27] “A new TCP/IP blind data injection technique?” (BugTraq mailing
list post),
Michal Zalewski, December 10th, 2003
http://www.securityfocus.com/archive/1/347130
[28] “Breaking the checksum (a new TCP/IP blind data injection technique)”
(BugTraq mailing list post), Michal Zalewski, December 14th, 2003
>92BF0143814; Sat, 1 Sep 2007 08:52:53 -0600 (MDT)
>Received: (qmail 15667 invoked from network); 31 Aug 2007 22:21:09 -0000
>X-Message-Delivery: Vj0zLjQuMDt1cz0wO2k9MDtsPTA7YT0w
>X-Message-Info:
>JGTYoYF78jEJJSXcFk0NH6H2SWDavuwx7zBAbu09QKc2wfCvlGFYYsunEZhyLfyhQaxxb5avDEAJpQf0p0jr0g==
>Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <bugtraq.list-id.securityfocus.com>
>List-Post: <mailto:bugtraq@securityfocus.com>
>List-Help: <mailto:bugtraq-help@securityfocus.com>
>List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-4896
Florian Streibelt reported a a directory traversal flaw in the way the
Mailing List Managing Made Joyful mailing list manager processed
users' requests originating from the administrator web interface
without enough input validation. A remote, authenticated attacker could
use these flaws to write and / or delete arbitrary files.
For the stable distribution (lenny), these problems have been fixed in
Historically, Ubuntu sends Ubuntu Security Notices (USNs) to bugtraq,
full-disclosure and our own announce mailing list. After a recent review
of our publication process, we decided we will no longer post USNs to
bugtraq and full-disclosure.
People interested in receiving USNs by email should subscribe to the
ubuntu-security-announce mailing list directly:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
An archive of all USNs can be found at:
in phpList, through which any Internet user can gain access to possibly
sensitive information. These vulnerabilities:
1) allow anybody who is able to register (or to obtain a "unique user
id") to obtain a copy of any email previously sent by the system,
regardless of the mailing list to which the message belongs (including
hidden or private mailing lists for which normal users can't usually
register).
2) allow anybody to read the subject of every email sent by the system.
Sent wirelessly from my BlackBerry device on the Bell network.
Envoyé sans fil par mon terminal mobile BlackBerry sur le réseau de Bell.
-----Original Message-----
From: Security Mailing List <s3clist@hotmail.com>
Date: Thu, 15 Mar 2012 10:33:19
To: Zach C.<fxchip@gmail.com>
Cc: <bugtraq@securityfocus.com>
Subject: Re: Android wireless accepts fake response (No interaction requires)
(Vulnerability ?)
adopt this document as a working group item, so that your input will be
very much appreciated.
To voice your opinion, please send it to tcpm@ietf.org, and CC me
(fernando@gont.com.ar), so that I make sure that your post makes it to
the mailing-list, even if you are not subscribed to it. (Alternatively,
you can send me your input, and I could forward it to the tcpm@ietf.org
mailing-list).
Thanks!
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwuEOgACgkQYy49rUbZzloR+gCcDNaQ8olvsw5OZC3u/LqrR9gD
at:
http://www.bugzilla.org/
Comments and follow-ups can be directed to the mozilla.support.bugzilla
newsgroup or the support-bugzilla mailing list.
http://www.bugzilla.org/support/ has directions for accessing these
forums.
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktkcd0ACgkQNxpp46476aoxeACbB6wY5WanzYJDuMlYs//hAgC3
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwKi/8ACgkQHYflSXNkfP8lDQCgmUbglUUE9WETk6b1Y5V8GDaw
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuWw9EACgkQ62zWxYk/rQej9ACfdegOdRf45VOaZ2Tk7dcw9bZe
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku6AHEACgkQHYflSXNkfP8DRQCfYZFSLP5uMNC+k5iyoQ+5sD55
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkwM8rsACgkQNxpp46476aqiMQCfZmJr090XSr9fDzJ6xIIC6qKw
Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:
http://secunia.com/corporate/jobs/
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/advisories/mailing_lists/
======================================================================
10) Verification
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuK5dwACgkQXm3vHE4uylpW2ACfXp04ENsdiPu2KoeFzOm26wf/
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuNduQACgkQNxpp46476aqgwwCfdrLLEO0kvD8Ac38dFsmJ7/H0
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJL+tgoAAoJECIIoQCMVaAcSaAH/3jZR5PcKihjU5K0g1eP6nYU
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAku7gOQACgkQHYflSXNkfP/s9ACfWLS6O+LVnRo184+hB48h+Gsz
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEUEARECAAYFAkv6nT0ACgkQXm3vHE4uylqOWgCfU4CwVH+/8CnUiAQqiCc3hd1u
Next Page>>
|
