Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Jul 2014 07:42:37 +0000
From: "Poul-Henning Kamp" <phk@....freebsd.dk>
To: Marek Kroemeke <kroemeke@...il.com>
cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com,
        varnish-misc@...nish-cache.org
Subject: Re: Varnish - no CVE == bug regression

In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg@...l.gmail.com>, Marek Kroemeke writes:

>I'm not entirely convinced that there is a trust relationship between the
>cache and the backend in every single use case. 

It may not be total trust, but trust there is:  On party delivers
the other partys web-property.

But as I said:  We will fix bugs, but we don't consider them DoS vulns.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@...eBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ