Affiliation/Organization: Red Hat Security Response Team


Time to Patch Stats

For vulnerabilities disclosed through this affiliation where we have sufficient data to calculate the time to patch (2 vulns), the following statistics apply:

Min Time To Patch:16 days
Avg Time To Patch:28 days
Max Time To Patch:41 days

Other Affiliations

Creditees Affiliated with Red Hat Security Response Team have also affiliated with:

Red Hat (2)

Website:

Creditees currently or formerly associated with Red Hat Security Response Team (12):
(ordered by association date)

Known SinceNameVulns Through Affiliation
2010-01-24Marc Schoenefeld,3
2010-04-05Eugene Teo3
2010-10-13Marc Schoenefeld14
2010-11-04Jan Pokorny1
2011-02-03Huzaifa Sidhpurwala6
2012-03-29Red Hat Security Response1
2012-04-18Red Hat Security Response Team5
2012-05-15Kevin Fenzi1
2012-05-23David Jorm3
2012-08-20Jan Lieskovsky1
2012-08-31Petr Matousek1
2012-11-05Murray McAllister1

Disclosed Vulnerabilities (40):

Discl. DateOSVDB IDCVE IDCrediteesTitle
2013-04-17 92544 2013-1927 Red Hat Security Response Team
 icedtea-web JAR File Format Verification Arbitrary Code Execution
2013-03-07 91121 2013-0315 David Jorm
 JBoss Enterprise Portal Platform GateIn Portal Component export/import Gadget XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
2013-01-24 89583 2012-0874 David Jorm
 JBoss Enterprise Application Platform / JBoss Enterprise Web Platform Multiple Servlet Initial Authentication Bypass
2012-11-28 87926 2012-2252
2012-2251		 Red Hat Security Response Team
 rssh --rsh Command Line Option Local Command Filter Bypass
2012-11-05 87147 2012-4433 Murray McAllister
 GEGL operations/external/ppm-load.c PPM Image Dimension Handling Overflow
2012-11-03 86878 2012-4564 Huzaifa Sidhpurwala
 LibTIFF tools/ppm2tiff.c ppm2tiff Utility PPM Image Handling Overflow
2012-10-10 86549 2012-4504 Red Hat Security Response Team
 libproxy px_pac_reload() Function Content-Length Header Handling Remote Overflow
2012-08-31 85723 2012-3552 Petr Matousek
 Linux Kernel Socket Option Handling Synchronization Failure Remote DoS
2012-08-27 84978 2012-3535 Huzaifa Sidhpurwala
 OpenJPEG JPEG2000 File Handling Overflow
2012-08-20 84835 2012-3402 Jan Lieskovsky
 GIMP plug-ins/common/psd.c PSD Image File Header Decoding Overflow
2012-07-19 84090 2012-3401 Huzaifa Sidhpurwala
 LibTIFF tools/tiff2pdf.c t2p_read_tiff_init() Function T2P Struct Pointer TIFF Image Handling Overflow
2012-07-10 83741 2012-3358 Red Hat Security Response Team
 OpenJPEG libopenjpeg/j2k.c j2k_read_sot() Function JPEG 2000 Image File Tile Number / Length Handling Overflow
2012-05-23 82161 2012-2098 David Jorm
 Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
2012-05-15 84337 2012-2738 Kevin Fenzi
 gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS
2012-04-20 81617 2012-1616 Marc Schoenefeld
 Argyll Color Management System Use-after-free ICC Profile Image File Handling Remote Code Execution
2012-04-18 85235 2012-2146 Red Hat Security Response Team
 Elixir CFB Mode Blowfish Unique IV Implementation Weakness
2012-03-29 81024 2012-1610 Red Hat Security Response
 ImageMagick Multiple Function JPEG EXIF Tag Handling Overflow DoS
2012-02-02 78810 2011-3457 Chris Evans
Marc Schoenefeld
 Apple Mac OS X OpenGL Component GLSL Compilation Multiple Unspecified Memory Corruption
2012-01-08 82261 2012-0058 Eugene Teo
 Linux Kernel fs/aio.c kiocb_batch_free Function Local DoS
2011-09-21 75628 2011-2428 Huzaifa Sidhpurwala
 Adobe Flash Player Logic Error Unspecified Memory Corruption
2011-08-09 74443 2011-2417 Marc Schoenefeld
 Adobe Flash Player Unspecified Memory Corruption (2011-2417)
2011-05-12 72333 2011-0619 Marc Schoenefeld
 Adobe Flash Player Unspecified Memory Corruption (2011-0619)
2011-02-09 70920 2011-0577 Marc Schoenefeld
 Adobe Flash Player Unspecified Font Parsing Code Execution (2011-0577)
2011-02-08 71378 2011-0605 Marc Schoenefeld
 Adobe Reader / Acrobat on Mac Unspecified Code Execution (2011-0605)
2011-02-07 71555 2011-1139 Huzaifa Sidhpurwala
 Wireshark pcap-ng Large packet-length Field DoS
2011-02-03 71556 2011-0538 Huzaifa Sidhpurwala
 Wireshark pcap-ng File Handling Memory Corruption
2011-01-26 70711 2010-3450 Marc Schoenefeld
 OpenOffice.org (OOo) Multiple File Type Traversal Arbitrary File Overwrite
2011-01-26 70717 2010-4253 Marc Schoenefeld
 OpenOffice.org (OOo) Impress Crafted PNG File Handling Overflow
2010-12-14 69820 2010-3956 Marc Schoenefeld
 Microsoft Windows OpenType Font Driver Index Array Unspecified Code Execution
2010-12-14 69821 2010-3957 Marc Schoenefeld
 Microsoft Windows OpenType Font Driver Pointer Handling Double-free Arbitrary Code Execution
2010-12-06 69770 2010-3768 Marc Schoenefeld
Christoph Diehl
 Mozilla Multiple Products Downloadable Font @font-face CSS Rule Arbitrary Code Execution
2010-11-12 69290 2010-1833 Marc Schoenefeld,
Christoph Diehl
 Apple Mac OS X Apple Type Services Crafted Embedded Font Memory Corruption
2010-11-12 69296 2010-1841 Marc Schoenefeld
 Apple Mac OS X Disk Images Crafted UDIF Image Handling Memory Corruption
2010-11-05 69578 2010-4248 Eugene Teo
 Linux Kernel kernel/exit.c the __exit_signal Function Thread Group Leader Race Condition Local DoS
2010-11-04 69015 2010-3852 Jan Pokorny
 Red Hat Conga luci Default Secret Key repoze.who Authentication Bypass
2010-10-13 69059 2010-3541 Marc Schoenefeld
 Oracle Java SE / Java for Business Networking Component HttpURLConnection Applets Access Restriction Bypass
2010-10-13 69058 2010-3548 Marc Schoenefeld
 Oracle Java SE / Java for Business JNDI Internal Network Names Information Disclosure
2010-09-14 67984 2010-2738 Carsten Book
Marc Schoenefeld,
 Microsoft Multiple Products Unicode Scripts Processor (Usp10.dll) OpenType Font Processing Memory Corruption
2010-04-05 63530 2010-1148 Eugene Teo
 Linux Kernel fs/cifs/dir.c cifs_create() Function NULL Dereference Local DoS
2010-01-24 62054 2009-2902 Marc Schoenefeld,
 Apache Tomcat WAR Filename Traversal Work-directory File Deletion

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use