[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Insufficient TLS Protection in Composer (PHP)
From: Pádraic_Brady <padraic.brady () gmail ! com>
Date: 2015-04-25 18:49:54
Message-ID: CALwr1Gm-U0HojTKS3sZaZjjddCY7TT99QokJWpqcOBKEJsst=Q () mail ! gmail ! com
[Download RAW message or body]
My I request a CVE ID for the following, which is a publicly disclosed
unpatched vulnerability on Composer's issue tracker since 2012.
Composer is an open source package manager for PHP. The specific issue
pertaining to this request is a failure to perform TLS peer
verification on remote requests when making any API request or
retrieving any file, i.e. there is a singular client class.
Ref: https://github.com/composer/composer/issues/1074
Kind regards,
Paddy
--
P=C3=A1draic Brady
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic