* Vulnerability in your website
@ 2022-02-07 18:09 Muhammad javad
2022-02-07 20:07 ` Jeffrey Walton
0 siblings, 1 reply; 3+ messages in thread
From: Muhammad javad @ 2022-02-07 18:09 UTC (permalink / raw)
To: bzip2-devel
Hi team
I found a vulnerability in your website and want to disclose it to you.
Let me know if you have any active bug bounty program or is there any
compensation for reporting vulnerabilities?
Looking forward to hearing from you
Best regards
Usman
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Vulnerability in your website
2022-02-07 18:09 Vulnerability in your website Muhammad javad
@ 2022-02-07 20:07 ` Jeffrey Walton
0 siblings, 0 replies; 3+ messages in thread
From: Jeffrey Walton @ 2022-02-07 20:07 UTC (permalink / raw)
To: Muhammad javad; +Cc: bzip2-devel
On Mon, Feb 7, 2022 at 1:10 PM Muhammad javad via Bzip2-devel
<bzip2-devel@sourceware.org> wrote:
>
> I found a vulnerability in your website and want to disclose it to you.
>
> Let me know if you have any active bug bounty program or is there any
> compensation for reporting vulnerabilities?
>
> Looking forward to hearing from you
Sourceware hosts the Bzip2 site. You should be able to reach the
Adminstrative and Technical contacts via a WHOIS lookup. But it looks
like they fail to publish the required information (this is an ICANN
contractual requirement):
$ whois sourceware.org | grep '@'
Registrar Abuse Contact Email: registrar-abuse@google.com
And I don't think registrar-abuse@google.com is who you want to contact.
I also can't find a security contact while searching the sourceware
site. Confer, https://www.sourceware.org/ and
https://www.google.com/search?q=security+contact+site:sourceware.org.
The page https://www.sourceware.org/suggestions.html offers
sourcemaster@sourceware.org. Maybe it will work (?).
Maybe try webmaster@sourceware.org, secure@sourceware.org or
security@sourceware.org? They may be conforming to RFC2142.
That's no way to run a railroad, as they say.
Jeff
^ permalink raw reply [flat|nested] 3+ messages in thread
* Vulnerability in your website
@ 2022-02-07 18:05 Muhammad javad
0 siblings, 0 replies; 3+ messages in thread
From: Muhammad javad @ 2022-02-07 18:05 UTC (permalink / raw)
To: bzip2-devel
Hi team
I found a vulnerability in your website and want to disclose it to you.
Let me know if you have any active bug bounty program or is there any
compensation for reporting vulnerabilities?
Looking forward to hearing from you
Best regards
Usman
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-02-07 20:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-07 18:09 Vulnerability in your website Muhammad javad
2022-02-07 20:07 ` Jeffrey Walton
-- strict thread matches above, loose matches on Subject: below --
2022-02-07 18:05 Muhammad javad
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).