proj: Git
subj: [vs-plain] Upcoming Git security fix release
trep: Thu Jan 09 19:01:09 2025
cves: CVE-2024-50349, CVE-2024-52006
tcrd: January 14th, 2025 at 10am Pacific Time or soon thereafter
toss: Tue Jan 14 18:04:02 2025
soss: [oss-security] git: 2 vulnerabilities fixed
loss: https://www.openwall.com/lists/oss-security/2025/01/14/4

proj: rsync
subj: [vs] patches for 6 vulnerabilities
trep: Thu Jan 09 22:29:10 2025
cves: CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
tcrd: 2025-01-14 @ 19:00 UTC
toss: Tue Jan 14 18:03:17 2025
soss: [oss-security] RSYNC: 6 vulnerabilities
loss: https://www.openwall.com/lists/oss-security/2025/01/14/3

proj: Linux
subj: [vs-plain] Kernel bug found in the latest upstream relegated to ocfs2
trep: Thu Jan 23 04:05:44 2025
tcrd: No later than Feb 6
toss: Thu Feb 06 17:37:28 2025
soss: [oss-security] Linux: kernel BUG at fs/ocfs2/refcounttree.c:2678 ocfs2_refcount_cal_cow_clusters in 6.13.0
loss: https://www.openwall.com/lists/oss-security/2025/02/06/5
tpub: Sun Jan 19 13:49:22 2025
lpub: https://lore.kernel.org/all/tencent_A3FB116603B2596D123C55CCC8DC2E6E1F07@qq.com/

proj: BIND 9
subj: [vs] ...
trep: Tue Jan 28 14:09:40 2025
cves: CVE-2024-11187, CVE-2024-12705
tcrd: 29 January 2025
toss: Wed Jan 29 16:58:31 2025
soss: [oss-security] ISC has disclosed two vulnerabilities in BIND 9 (CVE-2024-11187, CVE-2024-12705)
loss: https://www.openwall.com/lists/oss-security/2025/01/29/1

proj: curl
subj: [vs-plain] : curl pre-notification (1/3): CVE-2025-0167
trep: Tue Jan 28 15:34:55 2025
cves: CVE-2025-0167
tcrd: February 5 2025 around 08:00 UTC
toss: Wed Feb 05 08:21:44 2025
soss: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0167: netrc and default credential leak
loss: https://www.openwall.com/lists/oss-security/2025/02/05/1
tpub: Fri Jan 03 17:21:00 2025
lpub: https://github.com/curl/curl/commit/0e120c5b925e8ca75d5319e

proj: curl
subj: [vs-plain] : curl pre-notification (2/3): CVE-2025-0665
trep: Tue Jan 28 15:35:00 2025
cves: CVE-2025-0665
tcrd: February 5 2025 around 08:00 UTC
toss: Wed Feb 05 08:21:49 2025
soss: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0665: eventfd double close
loss: https://www.openwall.com/lists/oss-security/2025/02/05/2
tpub: Thu Dec 12 14:58:00 2024
lpub: https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf

proj: curl
subj: [vs-plain] : curl pre-notification (3/3): CVE-2025-0725
trep: Tue Jan 28 15:35:08 2025
cves: CVE-2025-0725
tcrd: February 5 2025 around 08:00 UTC
toss: Wed Feb 05 08:21:52 2025
soss: [oss-security] [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow
loss: https://www.openwall.com/lists/oss-security/2025/02/05/3
tpub: Fri Jan 24 13:04:00 2025
lpub: https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7

proj: OpenSSL
subj: [vs-plain] Embargoed OpenSSL security issues
trep: Tue Jan 28 19:04:37 2025
cves: CVE-2024-12797
tcrd: 11th February, 2025
toss: Tue Feb 11 17:01:50 2025
soss: [oss-security] CVE-2024-12797: OpenSSL: RFC7250 handshakes with unauthenticated servers don't abort as expected
loss: https://www.openwall.com/lists/oss-security/2025/02/11/3

proj: pam_pkcs11
subj: [vs] encrypted subject
trep: Thu Jan 30 17:31:26 2025
cves: CVE-2025-24531
tcrd: 2025-02-06
toss: Thu Feb 06 14:55:28 2025
soss: [oss-security] pam_pkcs11: Possible Authentication Bypass in Error Situations (CVE-2025-24531)
loss: https://www.openwall.com/lists/oss-security/2025/02/06/3