Date: Sat, 25 Apr 2015 19:49:54 +0100 From: Pádraic Brady <padraic.brady@...il.com> To: oss-security@...ts.openwall.com Subject: Insufficient TLS Protection in Composer (PHP) My I request a CVE ID for the following, which is a publicly disclosed unpatched vulnerability on Composer's issue tracker since 2012. Composer is an open source package manager for PHP. The specific issue pertaining to this request is a failure to perform TLS peer verification on remote requests when making any API request or retrieving any file, i.e. there is a singular client class. Ref: https://github.com/composer/composer/issues/1074 Kind regards, Paddy -- Pádraic Brady
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.