lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Mar 2007 18:23:42 +0100 From: Stefan Esser <sesser@...dened-php.net> To: Stefano Di Paola <stefano.dipaola@...ec.it> Cc: FD <full-disclosure@...ts.grok.org.uk>, phpsec <security@....net>, bugtraq@...urityfocus.com Subject: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite Hello Stefano, first of all. I am not angry at you, although my mail might have sounded so, but at the people that deserve it. The fault of the PHP Security Response Team is not yours. They are the ones that give credit to the wrong persons. Luckily after 2.5 years they fixed that issue (or atleast tried so). > Anyway it seems that your month of php bugs is getting php developers > more sensitive to all issues... > Maybe there was some misunderstanding between you and dev team and the > core team was less interested in this kind of flaws at that time. > This is the goal of the MOPB. And right now it might look like the MOPB was already successfull. Unfortunately I have worked together with the PHP Security Response Team for several years and I know how they react. They might be active for a little while (especially when the media looks at them) but when that period of time is over they will continue with their old habits. Stefan Esser
Powered by blists - more mailing lists