Greetings,
We have received a report that indicates that one of your products contains a vulnerability. In the interest of coordinated disclosure (which aims to address vulnerabilities before they can be exploited by attackers), we would like to communicate this information to you.
To view the details associated with this case, please visit https://kb.cert.org/vince/ and create an account on VINCE, which is our coordination platform. Within VINCE, it is possible to view the original vulnerability report. VINCE also facilitates direct communication with the reporter, pending the reporter's willingness to communicate about the case.
If you need to reply to this email, please do not alter the VU# in the subject line to ensure that your message is routed properly on our end.
Regards,
Vulnerability Analysis Team ====================================================================== CERT Coordination Center kb.cert.org / cert@cert.org ======================================================================
-----Original Message----- From: Waldemar Brodkorb wbx@uclibc-ng.org Sent: Tuesday, February 1, 2022 1:21 PM To: Timur David Snoke tdsnoke@cert.org Cc: 'devel@uclibc-ng.org' devel@uclibc-ng.org Subject: Re: [uclibc-ng-devel] Vulnerability in uClibc-ng and also uClibc
Hi Timur, Timur David Snoke wrote,
Greetings,
We have a reported vulnerability in both this library and the unmaintained one, how can we communicate this to the developers?
Regards,
sent an email to the list.
best regards Waldemar
-
Timur David Snoke