Hi Arpad,
On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray <[email protected]> wrote:
> I think there really should be a vote.
This means you don't really understand the true risk of this vulnerability.
It allows permanent session ID fixation. This is CVE assigned vulnerability.
Details are explained in the RFC and I don't want to explain fully in ML
again.
(We might discussed the details in [email protected], but I think I wrote
enough info)
Please refer to the RFC.
Regards,
--
Yasuo Ohgaki
[email protected]