oss-sec mailing list archives
Re: Varnish - no CVE == bug regression
From: "Poul-Henning Kamp" <phk () phk freebsd dk>
Date: Thu, 03 Jul 2014 07:42:37 +0000
In message <CAOurorZCjmrrw0MPhca=8+qjLKofrhdHsJuee5_=rCBv87SPbg () mail gmail com>, Marek Kroemeke writes:
I'm not entirely convinced that there is a trust relationship between the cache and the backend in every single use case.
It may not be total trust, but trust there is: On party delivers the other partys web-property. But as I said: We will fix bugs, but we don't consider them DoS vulns. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk () FreeBSD ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Current thread:
- Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
- Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
- Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 02)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Sven Kieske (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Marek Kroemeke (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Stefan Bühler (Jul 03)
- Re: Varnish - no CVE == bug regression Kurt Seifried (Jul 03)
- Re: Varnish - no CVE == bug regression Seth Arnold (Jul 03)
- Re: Varnish - no CVE == bug regression Poul-Henning Kamp (Jul 02)
- Re: Varnish - no CVE == bug regression Sven Kieske (Jul 04)
- Re: Varnish - no CVE == bug regression Solar Designer (Jul 02)