Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:73250 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 85355 invoked from network); 17 Mar 2014 22:40:44 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Mar 2014 22:40:44 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.182 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.217.182 mail-lb0-f182.google.com Received: from [209.85.217.182] ([209.85.217.182:34765] helo=mail-lb0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7C/C4-17561-AE977235 for ; Mon, 17 Mar 2014 17:40:43 -0500 Received: by mail-lb0-f182.google.com with SMTP id n15so4188855lbi.13 for ; Mon, 17 Mar 2014 15:40:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=LyiS+Zuyk9MMM4U6WoW5D4fuvBdxs72NTxJRNHrrSu0=; b=pa+hxyPw+f9p6uFCHcEhPsIwGyCyqFSHxxvMYCuDX/4Rqu4Ou+76Z/Y2N2TJpHG6a3 iQOKYTl3lRsC1U5BBYImiNZtt77g/Pt2Dj7irpyhAoZPO6CYLXoweFhAapT26LyeKJJp VH2T9MJOKw8/CdxBXoNQvMiNLjtAAYsXZkafewlEfkX6IYq9B6SI8kj7HEaZ0fjKdtoY uehWo29YLVAhuynZUXHkwHjJkJriPaeWz+iutnfNytmJGMJCJxYpxOxhdfSNnLQPyETc XZSttOS1B8CqXN8ZEDneKc/slVhm9jrAtVdZIIp6ovrSxtkEaLnon7viqGRBu6zaCC3a 9/zQ== X-Received: by 10.152.235.3 with SMTP id ui3mr18694908lac.2.1395096040242; Mon, 17 Mar 2014 15:40:40 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.205.73 with HTTP; Mon, 17 Mar 2014 15:40:00 -0700 (PDT) In-Reply-To: References: Date: Tue, 18 Mar 2014 07:40:00 +0900 X-Google-Sender-Auth: ZdmGw7TU-fdR4d5zN6i4ogq7JLU Message-ID: To: Andrey Andreev Cc: Pierre Joye , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a1134630ae8035f04f4d51b95 Subject: Re: [PHP-DEV] Session: deprecating create_sid() method and add createSid()? From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a1134630ae8035f04f4d51b95 Content-Type: text/plain; charset=UTF-8 Hi Andrey, On Tue, Mar 18, 2014 at 7:20 AM, Andrey Andreev wrote: > No, I'm not talking about session_regenerate_id() ... sorry that I > mentioned it in this thread. I'd rather not share that publicly until > it's resolved, and hence why my question was - can CVEs be hidden > until that happens? > Details of vulnerability is hidden until reporter or vendor tells MITRE the vulnerability is fixed. (or they find out it was fixed. MITRE isn't the only organization that is providing CVE) Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a1134630ae8035f04f4d51b95--