On 26 Sep 2014, at 11:48, Andrea Faulds wrote:
> On 26 Sep 2014, at 11:46, marius adrian popa wrote:
>
>> Maybe we need an official stance about shellshock
>
> Do we? As I understand it, this isn’t a PHP-level vulnerability, and I’m not
> sure there’s much we can reasonably do about it. Simi
On 26 September 2014 13:37, Ferenc Kovacs wrote:
>
>
> On Fri, Sep 26, 2014 at 12:59 PM, Peter Lind
> wrote:
>
>> On 26 September 2014 12:48, Andrea Faulds wrote:
>>
>> >
>> > On 26 Sep 2014, at 11:46, marius adrian popa wrote:
>> >
>> > > Maybe we need an official stance about shellshock
>> >
On Fri, Sep 26, 2014 at 12:59 PM, Peter Lind wrote:
> On 26 September 2014 12:48, Andrea Faulds wrote:
>
> >
> > On 26 Sep 2014, at 11:46, marius adrian popa wrote:
> >
> > > Maybe we need an official stance about shellshock
> >
> > Do we? As I understand it, this isn’t a PHP-level vulnerabilit
On 26 September 2014 12:48, Andrea Faulds wrote:
>
> On 26 Sep 2014, at 11:46, marius adrian popa wrote:
>
> > Maybe we need an official stance about shellshock
>
> Do we? As I understand it, this isn’t a PHP-level vulnerability, and I’m
> not sure there’s much we can reasonably do about it. Sim
On 26 Sep 2014, at 11:46, marius adrian popa wrote:
> Maybe we need an official stance about shellshock
Do we? As I understand it, this isn’t a PHP-level vulnerability, and I’m not
sure there’s much we can reasonably do about it. Similarly to the Heartbleed
bug, control is not in our hands he
Maybe we need an official stance about shellshock
I mainly use php-fpm and mod_php (I didn't used php under cgi for years)
http://jaxbot.me/articles/cases-where-bash-shellshock-is-safe-09-25-2014
http://www.reddit.com/r/programming/comments/2hc1w3/cve20146271_remote_code_execution_through_bash/c
