Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Jul 2014 07:42:37 +0000
From: "Poul-Henning Kamp" <phk@....freebsd.dk>
To: Marek Kroemeke <kroemeke@...il.com>
cc: Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com,
        varnish-misc@...nish-cache.org
Subject: Re: Varnish - no CVE == bug regression

In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg@...l.gmail.com>, Marek Kroemeke writes:

>I'm not entirely convinced that there is a trust relationship between the
>cache and the backend in every single use case. 

It may not be total trust, but trust there is:  On party delivers
the other partys web-property.

But as I said:  We will fix bugs, but we don't consider them DoS vulns.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@...eBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.