Security vulnerabilities in Vino

As vendor-sec is down:

I am posting here. I am not subscribed to this list, so please CC me in replies.

A package that I maintain has a number of security vulnerabilities, most of which (the more serious problems, in this case) I have fixes ready for. There is a possibility that the same code is also used in other projects, which could be affected in the same way. CVEs have been reserved for the security vulnerabilities in question.

What is the preferred way to discuss these problems and notify the affected maintainers, distributions or other interested parties, without vendor-sec? oss-security?

Comments welcome.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]