proj: Linux
subj: [vs-plain] Warning in bpf_probe_read_user
trep: Mon Jan 02 17:33:21 2023
tcrd: 1/9 \\ 1/12 \\ "tomorrow or so" after June 27
tpub: Wed Jan 18 05:14:51 2023
lpub: https://lore.kernel.org/bpf/20230118051443.78988-1-alexei.starovoitov@gmail.com/
toss: Sun Nov 05 22:44:05 2023
soss: [oss-security] Linux: BPF: issues with copy_from_user_nofault()
loss: https://www.openwall.com/lists/oss-security/2023/11/05/5

proj: Cargo
subj: [vs-plain] CVE-2022-46176: Cargo does not check SSH host keys
trep: Thu Jan 05 16:48:35 2023
tcrd: 2023-01-10 at 16:30 UTC
cves: CVE-2022-46176
toss: Tue Jan 10 16:58:09 2023
soss: [oss-security] CVE-2022-46176: Cargo does not check SSH host keys
loss: https://www.openwall.com/lists/oss-security/2023/01/10/3

proj: libgit2
subj: [vs-plain] CVE-2022-46176: Cargo does not check SSH host keys
trep: Thu Jan 05 16:48:35 2023
tcrd: 2023-01-10
toss: Sun Nov 05 23:08:43 2023
soss: Re: [oss-security] CVE-2022-46176: Cargo does not check SSH host keys
loss: https://www.openwall.com/lists/oss-security/2023/11/05/6

proj: X.Org libXpm
subj: [vs-plain] Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15
trep: Tue Jan 10 18:12:35 2023
tcrd: January 17
cves: CVE-2022-46285, CVE-2022-44617, CVE-2022-4883
toss: Tue Jan 17 16:48:05 2023
soss: [oss-security] Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15
loss: https://www.openwall.com/lists/oss-security/2023/01/17/2

proj: git
subj: [vs-plain] Upcoming Git security fix release
trep: Tue Jan 10 23:08:20 2023
tcrd: 2023-JAN-17 at around 10am Pacific Time
cves: CVE-2022-23521, CVE-2022-41903
toss: Tue Jan 17 18:11:20 2023
soss: [oss-security] Git 2.39.1 and friends
loss: https://www.openwall.com/lists/oss-security/2023/01/17/4

proj: OpenStack
subj: [vs] Vulnerability in OpenStack Swift (CVE-2022-47950)
trep: Wed Jan 11 00:35:07 2023
tcrd: 2023-01-17, 1500UTC
cves: CVE-2022-47950
toss: Tue Jan 17 16:01:28 2023
soss: [oss-security] [OSSA-2023-001] Swift: Arbitrary file access through custom S3 XML entities (CVE-2022-47950)
loss: https://www.openwall.com/lists/oss-security/2023/01/17/1

proj: Linux
subj: [vs-plain] Netfilter vulnerability disclosure
trep: Wed Jan 11 01:26:07 2023
tcrd: 7-day embargo
cves: CVE-2023-0179
tpub: Wed Jan 11 14:13:59 2023
lpub: https://groups.google.com/g/syzkaller/c/YRNDJBsJn_s
toss: Fri Jan 13 16:16:16 2023
soss: [oss-security] CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup
loss: https://www.openwall.com/lists/oss-security/2023/01/13/2

proj: sudo
subj: [vs] ...
trep: Thu Jan 12 14:17:36 2023
tcrd: Wednesday 18th January \\ 15:00 UTC
cves: CVE-2023-22809
toss: Thu Jan 19 07:30:23 2023
soss: [oss-security] CVE-2023-22809: Sudoedit can edit arbitrary files
loss: https://www.openwall.com/lists/oss-security/2023/01/19/1

proj: PowerDNS Recursor
subj: [vs] PowerDNS pre-notification: EMBARGO: PowerDNS Security Advisory 2023-01: PowerDNS Recursor 4.8.0 unbounded recursion results in program termination
trep: Fri Jan 13 11:17:56 2023
tcrd: 20th of January 2023
cves: CVE-2023-22617
toss: Fri Jan 20 12:34:24 2023
soss: [oss-security] Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617)
loss: https://www.openwall.com/lists/oss-security/2023/01/20/1

proj: Linux
subj: [vs-plain] null pointer dereference in Linux kernel
trep: Sun Jan 15 05:13:23 2023
tcrd: in a week (Jan 21st) \\ Tuesday, January 17
cves: CVE-2023-0394
tpub: Sun Jan 08 22:09:37 2023
lpub: https://lore.kernel.org/netdev/Y7s%2FFofVXLwoVgWt@westworld/
toss: Wed Jan 18 08:32:11 2023
soss: [oss-security] null pointer dereference in Linux kernel
loss: https://www.openwall.com/lists/oss-security/2023/01/18/2

proj: OpenStack
subj: [vs] Vulnerability in OpenStack Cinder, Glance, Nova (CVE-2022-47951)
trep: Tue Jan 17 21:53:18 2023
tcrd: 2023-01-24, 1500UTC
cves: CVE-2022-47951
toss: Tue Jan 24 16:08:35 2023
soss: [oss-security] [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
loss: https://www.openwall.com/lists/oss-security/2023/01/24/2

proj: BIND 9
subj: [vs] ...
trep: Tue Jan 24 11:59:13 2023
tcrd: 25 January 2023
cves: CVE-2022-3094, CVE-2022-3736, CVE-2022-3924
toss: Wed Jan 25 17:17:31 2023
soss: [oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924)
loss: https://www.openwall.com/lists/oss-security/2023/01/25/2

proj: OpenSSL
subj: [vs-plain] Embargoed OpenSSL security issues
trep: Wed Jan 25 12:02:11 2023
tcrd: 7th February 2023
toss: Tue Feb 07 19:29:21 2023
soss: [oss-security] Fwd: OpenSSL Security Advisory
loss: https://www.openwall.com/lists/oss-security/2023/02/07/8

proj: pesign
subj: [vs-plain] pesign: Local privilege escalation on pesign systemd service
trep: Fri Jan 27 20:45:41 2023
tcrd: Jan 31st \\ 15 UTC
cves: CVE-2022-3560
toss: Tue Jan 31 17:40:43 2023
soss: [oss-security] pesign: Local privilege escalation on pesign systemd service
loss: https://www.openwall.com/lists/oss-security/2023/01/31/6

proj: X.Org Server
subj: [vs-plain] Preview of X.Org Security Advisory for 2023-02-07
trep: Mon Jan 30 22:33:46 2023
tcrd: 2023-02-07 at 01:00 UTC
cves: CVE-2023-0494, ZDI-CAN-19596
toss: Tue Feb 07 01:37:48 2023
soss: [oss-security] X.Org Security Advisory: Security issue in the X server
loss: https://www.openwall.com/lists/oss-security/2023/02/07/1

proj: heimdal, samba
subj: [vs-plain] [vc] heimdal: CVE-2022-45142: signature validation failure
trep: Tue Jan 31 13:52:38 2023
tcrd: 2023-02-08
cves: CVE-2022-3437
toss: Wed Feb 08 06:50:02 2023
soss: [oss-security] [vs] heimdal: CVE-2022-45142: signature validation failure
loss: https://www.openwall.com/lists/oss-security/2023/02/08/1