proj: Varnish Cache
subj: [vs-plain] [ vs ] Embargoed Vulnerability in Varnish Cache
trep: Mon May 05 09:02:56 2025
cves: VSV00016, CVE-2025-47905
tcrd: May 12, 2025
toss: Tue May 13 15:19:54 2025
soss: [oss-security] VSV00016: Varnish Cache 6.0, 7.6, 7.7 - Request Smuggling Attack
loss: https://www.openwall.com/lists/oss-security/2025/05/13/5

proj: open-vm-tools
subj: [vs] [EMBARGOED] CVE-2025-22247
trep: Mon May 05 10:35:42 2025
cves: CVE-2025-22247
tcrd: May 12th, 2025
toss: Mon May 12 16:30:16 2025
soss: [oss-security] CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools
loss: https://www.openwall.com/lists/oss-security/2025/05/12/2

proj: OpenStack Ironic
subj: [vs] Vulnerability in OpenStack Ironic (CVE-2025-44021)
trep: Mon May 05 19:32:11 2025
cves: CVE-2025-44021
tcrd: 2025-05-08, 1700UTC
toss: Thu May 08 18:43:11 2025
soss: [oss-security] OSSA-2025-001 / CVE-2025-44021: OpenStack Ironic fails to restrict paths used for file:// image URLs
loss: https://www.openwall.com/lists/oss-security/2025/05/08/1

proj: Kea
subj: [vs] ...
trep: Wed May 14 16:00:20 2025
cves: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
tcrd: 28 May 2025
toss: Wed May 28 16:40:45 2025
soss: [oss-security] ISC has disclosed three vulnerabilities in Kea (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)
loss: https://www.openwall.com/lists/oss-security/2025/05/28/7

proj: BIND 9
subj: [vs] ...
trep: Tue May 20 08:46:07 2025
cves: CVE-2025-40775
tcrd: 21 May 2025
toss: Wed May 21 12:47:24 2025
soss: [oss-security] CVE-2025-40775: BIND 9: DNS message with invalid TSIG causes an assertion failure
loss: https://www.openwall.com/lists/oss-security/2025/05/21/1

proj: curl
subj: [vs-plain] : curl prenotification for CVE-2025-4947
trep: Tue May 20 15:23:50 2025
cves: CVE-2025-4947
tcrd: May 28 2025
lpub: https://github.com/curl/curl/pull/17382
tpub: Mon May 19 08:54:00 2025
toss: Wed May 28 05:49:51 2025
soss: [oss-security] [SECURITY ADVISORY] curl: QUIC certificate check skip with wolfSSL
loss: https://www.openwall.com/lists/oss-security/2025/05/28/4

proj: curl
subj: [vs-plain] : curl prenotification for CVE-2025-5025
trep: Thu May 22 07:55:52 2025
cves: CVE-2025-5025
tcrd: May 28 2025
lpub: https://github.com/curl/curl/commit/e1f65937a96a451292e92313396
tpub: Wed May 21 20:45:00 2025
toss: Wed May 28 05:49:57 2025
soss: [oss-security] [SECURITY ADVISORY] curl: No QUIC certificate pinning with wolfSSL
loss: https://www.openwall.com/lists/oss-security/2025/05/28/5

proj: apport, systemd-coredump
subj: [vs-plain] Local information disclosure in apport and systemd-coredump
trep: Fri May 23 20:32:54 2025
cves: CVE-2025-5054, CVE-2025-4598
tcrd: Thursday, May 29 \\ 16:00 UTC
toss: Thu May 29 17:17:22 2025
soss: [oss-security] Local information disclosure in apport and systemd-coredump
loss: https://www.openwall.com/lists/oss-security/2025/05/29/3

proj: Linux
subj: [vs-plain] Re: VULNERABILITY REPORT: Out-of-Bounds Read in HFS+ Filesystem's hfsplus_bnode_read Function
trep: Sun May 25 05:37:34 2025
toss: Tue Jun 03 03:00:54 2025
soss: [oss-security] Linux kernel: HFS+ filesystem implementation issues, exposure in distros
loss: https://www.openwall.com/lists/oss-security/2025/06/03/2