Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 25 Apr 2015 19:49:54 +0100
From: Pádraic Brady <padraic.brady@...il.com>
To: oss-security@...ts.openwall.com
Subject: Insufficient TLS Protection in Composer (PHP)

My I request a CVE ID for the following, which is a publicly disclosed
unpatched vulnerability on Composer's issue tracker since 2012.
Composer is an open source package manager for PHP. The specific issue
pertaining to this request is a failure to perform TLS peer
verification on remote requests when making any API request or
retrieving any file, i.e. there is a singular client class.

Ref: https://github.com/composer/composer/issues/1074

Kind regards,
Paddy

--
Pádraic Brady

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ