Report statistics for distros ML

These statistics are updated as of 2018-06-30 23:59 (UTC)

Statistics by month

Statistics are grouped by month of the issue being reported to the distros list

DateAll2017-062017-072017-082017-092017-102017-112017-122018-012018-022018-032018-042018-052018-06
Number of reports7513695758461056
Average embargo time (first public)6.2410.844.696.395.834.906.705.997.282.996.527.407.305.13
Average embargo time (oss-security)6.6014.165.036.395.845.146.706.029.642.996.607.607.305.13

Data

ProjectSubjectReported (UTC)Public (UTC)oss-security postingTime of oss-security posting (UTC)CVE(s)Days embargoed (first public)Days embargoed (oss-security)
Spice[vs] spice2017-06-30 03:502017-07-11 00:00http://www.openwall.com/lists/oss-security/2017/07/14/12017-07-14 07:38CVE-2017-7506 10.8414.16
Jenkins[vs] CVE ID assignment request from the Jenkins project2017-07-07 13:132017-07-10 15:00http://www.openwall.com/lists/oss-security/2017/07/11/92017-07-11 11:52CVE-2017-1000084
CVE-2017-1000085
CVE-2017-1000086
CVE-2017-1000087
CVE-2017-1000088
CVE-2017-1000089
CVE-2017-1000090
CVE-2017-1000091
CVE-2017-1000092
CVE-2017-1000093
CVE-2017-1000094
CVE-2017-1000095
CVE-2017-1000096
3.073.94
Evince[vs] evince: Command injection vulnerability in CBT handler2017-07-10 13:572017-07-13 12:00http://www.openwall.com/lists/oss-security/2017/07/13/52017-07-13 15:43CVE-2017-10000832.923.07
Linux Kernel[vs-plain] linux kernel: CVE-2017-75332017-07-26 12:182017-08-03 14:00http://www.openwall.com/lists/oss-security/2017/08/03/22017-08-03 14:00CVE-2017-75338.078.07
Curl[vs-plain] curl: URL globbing out of bounds read (1/3)2017-08-01 10:022017-08-09 06:00http://www.openwall.com/lists/oss-security/2017/08/09/12017-08-09 06:00CVE-2017-10001017.837.83
Curl[vs-plain] curl: TFTP sends more than buffer size (2/3)2017-08-01 10:022017-08-09 06:00http://www.openwall.com/lists/oss-security/2017/08/09/22017-08-09 06:00CVE-2017-10001007.837.83
Curl[vs-plain] curl: FILE buffer read out of bounds2017-08-01 10:022017-08-09 06:00http://www.openwall.com/lists/oss-security/2017/08/09/32017-08-09 06:00CVE-2017-10000997.837.83
Linux Kernel[vs-plain] Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch2017-08-04 15:592017-08-10 20:55http://www.openwall.com/lists/oss-security/2017/08/10/52017-08-10 20:55CVE-2017-10001126.216.21
Linux Kernel[vs-plain] Linux kernel: heap out-of-bounds in AF_PACKET sockets2017-08-04 16:482017-08-10 13:25http://www.openwall.com/lists/oss-security/2017/08/10/72017-08-10 13:25CVE-2017-10001115.865.86
GNOME[vs] CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding2017-08-07 17:542017-08-10 12:41http://www.openwall.com/lists/oss-security/2017/08/10/12017-08-10 12:53CVE-2017-2885 2.782.79
file[vs] file: stack based buffer overflow2017-09-01 09:302017-09-05 16:24http://www.openwall.com/lists/oss-security/2017/09/05/32017-09-05 16:24CVE-2017-10002494.294.29
BlueZ[vs-plain] Info Leak vulnerability in BlueZ2017-09-05 20:292017-09-13 21:08http://www.openwall.com/lists/oss-security/2017/09/13/42017-09-13 21:08CVE-2017-1000250
CVE-2017-1000251
8.038.03
tcpdump[vs-plain] Re: tcpdump 4.9.2 and NixOS2017-09-06 13:082017-09-07 14:06http://www.openwall.com/lists/oss-security/2017/09/07/82017-09-07 14:06CVE-2017-11543
CVE-2017-13011
CVE-2017-12989
CVE-2017-12990
CVE-2017-12995
CVE-2017-12997
CVE-2017-11541
CVE-2017-11542
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12898
CVE-2017-12897
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-11542
CVE-2017-11541
CVE-2017-12994
CVE-2017-12996
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-11543
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
1.041.04
Linux Kernel[vs] KVM denial of service2017-09-08 11:212017-09-15 16:36http://www.openwall.com/lists/oss-security/2017/09/15/42017-09-15 16:36CVE-2017-10002527.227.22
apachevs] OPTIONSbleed bug in apache httpd2017-09-11 10:172017-09-18 13:18http://www.openwall.com/lists/oss-security/2017/09/18/22017-09-18 13:18CVE-2017-97987.137.13
Linux Kernel[vs] Qualys Security Advisory (CVE-2017-1000253)2017-09-20 09:282017-09-26 15:08http://www.openwall.com/lists/oss-security/2017/09/26/162017-09-26 15:08CVE-2017-10002536.246.24
Linux Kernel[vs-plain] Bluetooth RCE in Linux Kernel - follow up2017-09-24 19:202017-09-27 17:39http://www.openwall.com/lists/oss-security/2017/09/27/102017-09-27 17:39CVE-2017-10002512.932.93
DNSMasq[vs] DNSMasq Security vulnerabilities, public release October 2nd2017-09-25 20:592017-10-02 13:22http://www.openwall.com/lists/oss-security/2017/10/02/52017-10-02 15:47CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
6.686.78
Curl[vs-plain] curl: FTP PWD response parser out of bounds read2017-09-25 08:262017-10-04 06:06http://www.openwall.com/lists/oss-security/2017/10/04/12017-10-04 06:06CVE-2017-10002548.908.90
Linux Kernel[vs] CVE Request for powerpc kernel bug2017-10-03 00:492017-10-09 00:00http://www.openwall.com/lists/oss-security/2017/10/10/32017-10-10 04:00CVE-2017-10002555.977.13
wpa_supplicant[vs] VU#228519 and wpa_supplicant/hostapd2017-10-10 08:082017-10-16 09:08http://www.openwall.com/lists/oss-security/2017/10/16/22017-10-16 09:08CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
6.046.04
Linux Kernel[vs-plain] CVE-2017-5123 Linux kernel waitid() not calling access_ok()2017-10-09 19:062017-10-12 19:16http://www.openwall.com/lists/oss-security/2017/10/12/182017-10-12 20:02CVE-2017-51233.013.04
Curl[vs-plain] curl: IMAP FETCH response out of bounds read2017-10-17 11:542017-10-23 06:07http://www.openwall.com/lists/oss-security/2017/10/23/12017-10-23 06:07CVE-2017-10002575.765.76
Wget[vs] [FICORA #1010111] Vulnerability report2017-10-23 14:502017-10-27 08:21http://www.openwall.com/lists/oss-security/2017/10/27/12017-10-27 08:21CVE-2017-13089
CVE-2017-13090
3.733.73
PowerDNS[vs] PowerDNS prenotification2017-11-20 14:012017-11-27 16:32http://www.openwall.com/lists/oss-security/2017/11/27/12017-11-27 16:32CVE-2017-15090
CVE-2017-15091
CVE-2017-15092
CVE-2017-15093
CVE-2017-15094
7.107.10
Curl[vs-plain] (2/2) curl: FTP wildcard out of bounds read2017-11-21 08:162017-11-29 09:34http://www.openwall.com/lists/oss-security/2017/11/29/32017-11-29 09:34CVE-2017-88178.058.05
Curl[vs-plain] curl: NTLM buffer overflow via integer overflow2017-11-21 08:152017-11-29 09:34http://www.openwall.com/lists/oss-security/2017/11/29/22017-11-29 09:34CVE-2017-8816 8.058.05
Linux Kernel[vs-plain] Security Bug - transparent huge pages dirty bit2017-11-22 18:502017-11-30 00:32http://www.openwall.com/lists/oss-security/2017/11/30/12017-11-30 00:32CVE-2017-10004057.247.24
Curl[vs-plain] curl: SSL out of buffer access2017-11-24 09:192017-11-29 09:34http://www.openwall.com/lists/oss-security/2017/11/29/42017-11-29 09:34CVE-2017-88185.015.01
OpenStack[vs-plain] [pre-OSSA] Vulnerability in OpenStack Nova (CVE-2017-17051)2017-11-30 12:352017-12-05 16:50http://www.openwall.com/lists/oss-security/2017/12/05/52017-12-05 16:50CVE-2017-170515.185.18
Linux Kernel[vs-plain] Info Leak in the Linux Kernel via Bluetooth2017-11-30 09:442017-12-06 16:23http://www.openwall.com/lists/oss-security/2017/12/06/32017-12-06 16:236.286.28
Linux Kernel[vs-plain] Security bug in DCCP socket2017-12-01 11:082017-12-04 20:27http://www.openwall.com/lists/oss-security/2017/12/05/12017-12-05 00:11CVE-2017-88243.393.54
PowerDNS[vs] PowerDNS prenotification2017-12-04 14:432017-12-11 12:34http://www.openwall.com/lists/oss-security/2017/12/11/12017-12-11 12:34CVE-2017-151206.916.91
glibc[vs] Qualys Security Advisory2017-12-05 14:592017-12-11 19:14http://www.openwall.com/lists/oss-security/2017/12/11/42017-12-11 19:14CVE-2017-1000408
CVE-2017-1000409
6.186.18
iscsi-initiator-utils[vs] Bug report2017-12-11 16:212017-12-13 19:21http://www.openwall.com/lists/oss-security/2017/12/13/22017-12-13 19:212.132.13
glibc[vs] GNU libc issue (–throw-keyids)2017-12-31 13:462018-01-11 21:34http://www.openwall.com/lists/oss-security/2018/01/11/52018-01-11 21:34CVE-2018-100000111.3311.33
dovecot[vs] CVE-2017-15132: dovecot: auth client leaks memory if SASL authentication is aborted.2018-01-11 10:512018-01-25 09:35http://www.openwall.com/lists/oss-security/2018/01/25/42018-01-25 09:35CVE-2017-1513213.9513.95
Linux Kernel[vs-plain] sound driver Conditional competition2018-01-12 01:192018-01-16 14:21http://www.openwall.com/lists/oss-security/2018/01/16/12018-01-16 14:214.544.54
PowerDNS,knots[vs] bug in DNS resolvers - DNSSEC validation2018-01-15 15:292018-01-22 00:00http://www.openwall.com/lists/oss-security/2018/02/09/12018-02-09 00:43CVE-2018-1000002
CVE-2018-1000003
6.3524.38
BindPackager Notification for CVE-2017-3145 [vs]2018-01-15 20:582018-01-16 14:25http://www.openwall.com/lists/oss-security/2018/01/16/72018-01-16 14:25CVE-2017-31450.730.73
DHCP[vs-plain] CVE-2017-3144: ISC DHCP can leak socket descriptors2018-01-15 21:122018-01-16 15:38http://www.openwall.com/lists/oss-security/2018/01/16/62018-01-16 15:38CVE-2017-31440.770.77
curl[vs-plain] : curl: HTTP/2 trailer out-of-bounds read2018-01-17 09:362018-01-24 07:11http://www.openwall.com/lists/oss-security/2018/01/24/32018-01-24 07:11CVE-2018-10000056.906.90
InfoZip Unzip[vs] SEC Consult SA-201801DD-0 :: Multiple vulnerabilities in InfoZip UnZip2018-01-17 20:542018-02-07 11:45http://www.openwall.com/lists/oss-security/2018/02/08/12018-02-08 07:19CVE-2018-1000035
CVE-2018-1000031
CVE-2018-1000032
CVE-2018-1000033
CVE-2018-1000034
20.6221.43
curl[vs-plain] curl: HTTP authentication leak in redirects2018-01-19 22:062018-01-24 07:11http://www.openwall.com/lists/oss-security/2018/01/24/42018-01-24 07:11CVE-2018-10000074.384.38
quagga[vs] Quagga security issues2018-02-10 11:162018-02-15 23:07http://www.openwall.com/lists/oss-security/2018/02/15/42018-02-15 23:07CVE-2018-5378
CVE-2018-5379
CVE-2018-5380
CVE-2018-5381
5.495.49
dovecot[vs] Dovecot Security Advisory: CVE-2017-14461 rfc822_parse_domain Information Leak Vulnerability2018-02-26 12:042018-03-01 06:51http://www.openwall.com/lists/oss-security/2018/03/01/22018-03-01 06:51CVE-2017-144612.782.78
dovecot[vs] Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS2018-02-26 12:032018-03-01 06:51http://www.openwall.com/lists/oss-security/2018/03/01/32018-03-01 06:51CVE-2017-151302.782.78
DHCP,BindMultiple vulnerabilities in ISC products (ISC DHCP and BIND) will be disclosed 28 February 2018 [vs]2018-02-27 22:382018-02-28 20:29http://www.openwall.com/lists/oss-security/2018/02/28/12018-02-28 20:29CVE-2018-5734
CVE-2018-5732
CVE-2018-5733
0.910.91
389-ds[vs] Remote DoS flaw in 389-ds-base2018-03-02 10:482018-03-06 03:56http://www.openwall.com/lists/oss-security/2018/03/06/22018-03-06 03:56CVE-2018-10543.713.71
curl[vs-plain] : curl LDAP NULL pointer dereference2018-03-07 08:252018-03-14 06:55http://www.openwall.com/lists/oss-security/2018/03/14/22018-03-14 06:55CVE-2018-10001216.946.94
curlRe: [vs-plain] curl: FTP path trickery leads to NIL byte out of bounds write2018-03-07 22:062018-03-14 06:55http://www.openwall.com/lists/oss-security/2018/03/14/12018-03-14 06:55CVE-2018-10001206.376.37
Linux Kernel[vs-plain] CVE-2018-1068: kernel: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets2018-03-13 12:382018-03-16 09:30http://www.openwall.com/lists/oss-security/2018/03/16/12018-03-16 09:30:50CVE-2018-10682.872.87
pcs[vs-plain] pcs: EMBARGOED CVE-2018-1079 and CVE-2018-10862018-03-26 09:122018-04-09 00:00http://www.openwall.com/lists/oss-security/2018/04/09/22018-04-09 11:28CVE-2018-1079
CVE-2018-1086
13.6214.09
nghttp2[vs-plain] nghttp2 vulnerability2018-04-08 14:142018-04-12 15:20http://www.openwall.com/lists/oss-security/2018/04/12/42018-04-12 15:20CVE-2018-10001684.054.05
PackageKit[vs] Multiple local root vulnerabilities involving PackageKit2018-04-09 14:062018-04-23 14:44http://www.openwall.com/lists/oss-security/2018/04/23/32018-04-23 14:44CVE-2018-110614.0314.03
curl[vs-plain] curl: RTSP RTP buffer over-read2018-03-08 15:572018-03-14 06:55http://www.openwall.com/lists/oss-security/2018/03/14/32018-03-14 06:55CVE-2018-10001225.625.62
gluster[vs] gluster : privilege escalation on gluster server nodes2018-04-10 13:232018-04-18 12:24http://www.openwall.com/lists/oss-security/2018/04/18/12018-04-18 12:24CVE-2018-10887.967.96
OpenSSL[vs-plain] OpenSSL: RSA key generation follows several non constant time code paths2018-04-11 08:032018-04-16 16:46http://www.openwall.com/lists/oss-security/2018/04/16/32018-04-16 16:465.365.36
Linux Kernel[vs-plain] [CVE request] Linux ptrace() bug leading to DoS or possibly corruption2018-04-17 14:252018-05-01 15:35http://www.openwall.com/lists/oss-security/2018/05/01/32018-05-01 15:35CVE-2018-100019914.0514.05
Linux Kernel[vs-plain] NULL pointer dereference on oom kill of large mlocked process2018-04-18 01:092018-04-24 22:48http://www.openwall.com/lists/oss-security/2018/04/24/32018-04-24 22:48CVE-2018-10002006.906.90
Ghostscript[vs-plain] CVE-2018-10194 Ghostscript 9.18 stack-based buffer overflow2018-04-18 14:262018-04-19 22:22http://www.openwall.com/lists/oss-security/2018/04/19/52018-04-19 22:22CVE-2018-101941.331.33
Knot Resolver[vs] Knot Resolver 2.3.0 security release2018-04-19 18:552018-04-23 12:30http://www.openwall.com/lists/oss-security/2018/04/23/22018-04-23 12:30CVE-2018-11103.733.73
quassecore[vs-plain] quassecore RCE and DDOS2018-04-22 15:042018-04-24 21:28http://www.openwall.com/lists/oss-security/2018/04/27/12018-04-26 22:392.274.32
Linux Kernel[vs-plain] [VS] Linux kernel: memory corruption during exception handling leading to DoS2018-04-24 10:192018-05-08 17:35http://www.openwall.com/lists/oss-security/2018/05/08/5 http://www.openwall.com/lists/oss-security/2018/05/08/42018-05-08 17:35CVE-2018-8897
CVE-2018-1087
14.3014.30
curl[vs-plain] curl (1/2): FTP shutdown response buffer overflow2018-05-07 10:462018-05-16 06:25http://www.openwall.com/lists/oss-security/2018/05/16/12018-05-16 06:25CVE-2018-10003008.828.82
curl[vs-plain] curl (2/2): RTSP bad headers buffer over-read2018-05-07 10:462018-05-16 06:25http://www.openwall.com/lists/oss-security/2018/05/16/22018-05-16 06:25CVE-2018-10003018.828.82
procps-ng[vs] Qualys Security Advisory2018-05-05 01:102018-05-17 17:17http://www.openwall.com/lists/oss-security/2018/05/17/12018-05-17 17:17CVE-2018-1120
CVE-2018-1121
CVE-2018-1122
CVE-2018-1123
CVE-2018-1124
CVE-2018-1125
CVE-2018-1126
12.6712.67
Bind[vs-plain] Multiple BIND CVEs for disclosure on 16 May 20182018-05-15 22:252018-05-18 22:08http://www.openwall.com/lists/oss-security/2018/05/18/22018-05-18 22:08CVE-2018-5736
CVE-2018-5737
2.992.99
Prosody[vs] prosody: insufficient stream header validation2018-05-28 13:442018-05-31 18:31http://www.openwall.com/lists/oss-security/2018/05/31/22018-05-31 18:31CVE-2018-108473.203.20
pppd[vs] Buffer Overflow in pppd EAP-TLS implementation2018-06-06 15:102018-06-11 18:57http://www.openwall.com/lists/oss-security/2018/06/11/12018-06-11 18:57CVE-2018-115745.165.16
Linux Kernel[vs-plain] Linux Kernel infoleak caused by incorrect handling of the SG_IO ioctl.2018-06-08 10:212018-06-08 19:38http://www.openwall.com/lists/oss-security/2018/06/08/12018-06-08 19:38CVE-2018-10002040.390.39
Bind[vs] BIND vulnerability CVE-2018-5738 will be announce 12 June 20182018-06-08 21:222018-06-13 00:07http://www.openwall.com/lists/oss-security/2018/06/13/12018-06-13 00:07CVE-2018-57384.114.11
gluster[vs] gluster : privilege escalation on gluster server nodes when TLS is enabled2018-06-12 13:342018-06-20 19:58http://www.openwall.com/lists/oss-security/2018/06/20/12018-06-20 19:58CVE-2018-108418.278.27
Intel CPU[vs-plain] CVE-2018-36652018-06-13 17:482018-06-15 14:55http://www.openwall.com/lists/oss-security/2018/06/15/52018-06-15 14:55CVE-2018-36651.881.88
Git-annex[vs] git-annex vulnerability2018-06-15 16:102018-06-26 16:02http://www.openwall.com/lists/oss-security/2018/06/26/42018-06-26 16:02CVE-2018-10857
CVE-2018-10859
10.9910.99
mailing-lists/distros/stats.txt · Last modified: 2018/07/09 11:50 by kristianf
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux