Re: Session: deprecating create_sid() method and add createSid()?

From:	Andrey Andreev	Date:	Mon, 17 Mar 2014 22:20:48 +0000
Subject:	Re: Session: deprecating create_sid() method and add createSid()?
References:	1 2 3 4 5 6 7	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi,

On Tue, Mar 18, 2014 at 12:07 AM, Yasuo Ohgaki <[email protected]> wrote:
> Getting CVE is easy. One just have to describe what the vulnerability is and
> send request mail to MITRE. If personnel in MITRE agrees it as new
> vulnerability,
> then they give us new CVE, if not, they give us existing CVE.
>
> I don't think this (session_regenerate_id() issue) is PHP's CVE issue as it
> may
> be avoided by user land like timing attack issue.

No, I'm not talking about session_regenerate_id() ... sorry that I
mentioned it in this thread. I'd rather not share that publicly until
it's resolved, and hence why my question was - can CVEs be hidden
until that happens?

Cheers,
Andrey.


   

Thread (39 messages)

• Yasuo OhgakiMon, 17 Mar 2014 09:00:01 +0000
  • Yasuo OhgakiMon, 17 Mar 2014 21:35:22 +0000Re: Session: deprecating create_sid() method and add createSid()?
    • Andrey AndreevMon, 17 Mar 2014 21:44:58 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
      • Yasuo OhgakiMon, 17 Mar 2014 21:55:31 +0000
    • Stas MalyshevMon, 17 Mar 2014 22:49:06 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
      • Yasuo OhgakiTue, 18 Mar 2014 00:24:09 +0000
        • Stas MalyshevTue, 18 Mar 2014 07:44:07 +0000
          • Andrey AndreevTue, 18 Mar 2014 10:41:43 +0000
          • LeighTue, 18 Mar 2014 11:17:14 +0000
            • Rouven WeßlingTue, 18 Mar 2014 11:28:24 +0000
              • Andrey AndreevTue, 18 Mar 2014 15:55:27 +0000
          • Yasuo OhgakiWed, 19 Mar 2014 00:08:58 +0000
            • Andrey AndreevWed, 19 Mar 2014 00:20:32 +0000
              • Yasuo OhgakiWed, 19 Mar 2014 01:22:57 +0000
                • Andrey AndreevWed, 19 Mar 2014 01:26:47 +0000
                  • Yasuo OhgakiWed, 19 Mar 2014 01:49:35 +0000
                    • Andrey AndreevWed, 19 Mar 2014 01:55:12 +0000
                      • Yasuo OhgakiWed, 19 Mar 2014 02:15:50 +0000
            • Rajneesh ShettyMon, 24 Mar 2014 15:07:29 +0000RE: [PHP-DEV] Re: Session: deprecating create_sid() method and add createSid()?
              • Yasuo OhgakiTue, 01 Apr 2014 01:28:59 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
• Andrey AndreevMon, 17 Mar 2014 10:23:58 +0000Re: Session: deprecating create_sid() method and add createSid()?
  • Yasuo OhgakiMon, 17 Mar 2014 10:51:07 +0000
    • Yasuo OhgakiMon, 17 Mar 2014 11:01:28 +0000
    • Andrey AndreevMon, 17 Mar 2014 11:10:05 +0000
      • Yasuo OhgakiMon, 17 Mar 2014 21:09:10 +0000
        • Pierre JoyeMon, 17 Mar 2014 21:15:01 +0000
          • Yasuo OhgakiMon, 17 Mar 2014 21:24:12 +0000
            • Pierre JoyeMon, 17 Mar 2014 21:26:34 +0000
              • Yasuo OhgakiMon, 17 Mar 2014 21:30:42 +0000
          • Andrey AndreevMon, 17 Mar 2014 21:59:51 +0000
            • Yasuo OhgakiMon, 17 Mar 2014 22:07:08 +0000
              • Andrey AndreevMon, 17 Mar 2014 22:20:48 +0000
                • Yasuo OhgakiMon, 17 Mar 2014 22:40:00 +0000
        • Andrey AndreevMon, 17 Mar 2014 21:56:13 +0000
  • LeighMon, 17 Mar 2014 13:22:42 +0000
    • Andrey AndreevMon, 17 Mar 2014 13:57:17 +0000
      • Chris WrightMon, 17 Mar 2014 14:11:45 +0000
        • Andrey AndreevMon, 17 Mar 2014 15:07:49 +0000
    • Yasuo OhgakiMon, 17 Mar 2014 21:16:29 +0000