Hi Andrey,
On Tue, Mar 18, 2014 at 7:20 AM, Andrey Andreev <[email protected]> wrote:
> No, I'm not talking about session_regenerate_id() ... sorry that I
> mentioned it in this thread. I'd rather not share that publicly until
> it's resolved, and hence why my question was - can CVEs be hidden
> until that happens?
>
Details of vulnerability is hidden until reporter or vendor tells MITRE the
vulnerability is fixed.
(or they find out it was fixed. MITRE isn't the only organization that is
providing CVE)
Regards,
--
Yasuo Ohgaki
[email protected]