Do we have a resolution on this? Even if a patch has already been replied, tying off this thread would be great. Chris
On Thu, Apr 30, 2009 at 8:31 AM, Eran Hammer-Lahav <[email protected]>wrote: > > Not sure this is the best way to report an exploit. > > First, the library owner should be contacted directly and privately. Then > potential users of the library (it is ok to ask on the list who is using a > library). Then after giving people enough time to address it, go public. > > EHL > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf > > Of Solberg Andreas Åkre > > Sent: Thursday, April 30, 2009 12:51 AM > > To: [email protected] > > Subject: [oauth] Vulnerable token creation in PHP OAuth library > > > > > > FYI > > > > https://rnd.feide.no/content/vulnerable-token-creation-php-oauth- > > library > > > > > > > > > > -- Chris Messina Open Web Advocate factoryjoe.com // diso-project.org // openid.net // vidoop.com This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
