Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Upstream report #1

Closed
ajakk opened this issue Feb 26, 2023 · 4 comments
Closed

Upstream report #1

ajakk opened this issue Feb 26, 2023 · 4 comments

Comments

@ajakk
Copy link

ajakk commented Feb 26, 2023

In the readme, you note there was a report to the vendor. How did you report it? Is there an upstream report?
@ajakk ajakk mentioned this issue Feb 26, 2023
Open
@affix affix closed this as completed Mar 16, 2023
@affix
Copy link
Owner

affix commented Mar 16, 2023

Upstream report was via e-mail

@ajakk
Copy link
Author

ajakk commented Mar 26, 2023

That's not very trackable for anyone who sees the CVE. Can you report it publicly next time?

@affix
Copy link
Owner

affix commented Mar 27, 2023

No thats not how responsible disclosure works

@ajakk
Copy link
Author

ajakk commented Mar 29, 2023

I think I've miscommunicated what I'm asking for you to do in the future.

In the future, can you please report the issue publicly on a project's bug tracker (or mailing list, or whatever) whenever you make a public disclosure of a vulnerability?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@affix @ajakk