We have received a report that indicates that one of your products contains a
vulnerability. In the interest of coordinated disclosure (which aims to address
vulnerabilities before they can be exploited by attackers), we would like to communicate
this information to you.
To view the details associated with this case, please visit https://kb.cert.org/vince/
create an account on VINCE, which is our coordination platform. Within VINCE, it is
possible to view the original vulnerability report. VINCE also facilitates direct
communication with the reporter, pending the reporter's willingness to communicate
about the case.
If you need to reply to this email, please do not alter the VU# in the subject line to
ensure that your message is routed properly on our end.
Vulnerability Analysis Team
CERT Coordination Center
From: Waldemar Brodkorb <wbx(a)uclibc-ng.org>
Sent: Tuesday, February 1, 2022 1:21 PM
To: Timur David Snoke <tdsnoke(a)cert.org>
Cc: 'devel(a)uclibc-ng.org' <devel(a)uclibc-ng.org>
Subject: Re: [uclibc-ng-devel] Vulnerability in uClibc-ng and also uClibc
Timur David Snoke wrote,
We have a reported vulnerability in both this library and the
unmaintained one, how can we communicate this to the developers?
sent an email to the list.