Date: Sat, 25 Apr 2015 19:49:54 +0100 From: Pádraic Brady <padraic.brady@...il.com> To: oss-security@...ts.openwall.com Subject: Insufficient TLS Protection in Composer (PHP) My I request a CVE ID for the following, which is a publicly disclosed unpatched vulnerability on Composer's issue tracker since 2012. Composer is an open source package manager for PHP. The specific issue pertaining to this request is a failure to perform TLS peer verification on remote requests when making any API request or retrieving any file, i.e. there is a singular client class. Ref: https://github.com/composer/composer/issues/1074 Kind regards, Paddy -- Pádraic Brady
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ