[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Insufficient TLS Protection in Composer (PHP)
From:       Pádraic_Brady <padraic.brady () gmail ! com>
Date:       2015-04-25 18:49:54
Message-ID: CALwr1Gm-U0HojTKS3sZaZjjddCY7TT99QokJWpqcOBKEJsst=Q () mail ! gmail ! com
[Download RAW message or body]

My I request a CVE ID for the following, which is a publicly disclosed
unpatched vulnerability on Composer's issue tracker since 2012.
Composer is an open source package manager for PHP. The specific issue
pertaining to this request is a failure to perform TLS peer
verification on remote requests when making any API request or
retrieving any file, i.e. there is a singular client class.

Ref: https://github.com/composer/composer/issues/1074

Kind regards,
Paddy

--
P=C3=A1draic Brady
[prev in list] [next in list] [prev in thread] [next in thread]