oss-sec mailing list archives

Re: Varnish - no CVE == bug regression

From: "Poul-Henning Kamp" <phk () phk freebsd dk>
Date: Thu, 03 Jul 2014 07:42:37 +0000

In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg () mail gmail com>, Marek Kroemeke writes:

I'm not entirely convinced that there is a trust relationship between the
cache and the backend in every single use case.


It may not be total trust, but trust there is:  On party delivers
the other partys web-property.

But as I said:  We will fix bugs, but we don't consider them DoS vulns.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk () FreeBSD ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Current thread:

Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
- Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)
  - Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
    - Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
    - Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 03)
    - Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
    - Re: Varnish - no CVE == bug regression Sven Kieske (Jul 03)
    - Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
    - Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
    - Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 03)
    - Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
    - Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
    - Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
    - Re: Varnish - no CVE == bug regression Seth Arnold (Jul 03)
    - Re: Varnish - no CVE == bug regression Sven Kieske (Jul 04)

(Thread continues...)