Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <53B5B53E.9070500@redhat.com>
Date: Thu, 03 Jul 2014 13:55:42 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: SaltStack - how to report security flaw?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I looked through the saltstack.org site and their github page
https://github.com/saltstack and checked OSVDB
(http://osvdb.com/vendor/271316-saltstack-inc/1) but I can't find any
security contact or way to privately submit a security issue. Does
anyone know if there is a way t privately report a security issue to
saltstack or should I just submit a public issue in github? This is
potentially remote code execution so I'd really prefer to submit it
privately.

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtbU9AAoJEBYNRVNeJnmTSWMP/RtMK+TXbVP1PuwgtBJBAbQp
QSpVOtDF4Upqa/S4AC+BcCe3kWpT0MvBSgUIRATUoyhCfGKrXZGuTF/+doQgUbZo
JbsNVqjrh4rxr98A4muOvNLLM3KVLngV62ESbYCHZnYOVUsgEVgZRj3cQxT4QRZZ
A4DSjU5i4zUYpc97mOk3TFyliZBc0ktL5X6WAbZsaJDgjpv55EVieACAE/JSkUPK
/5hFg9mKrUr/QMUcSnjk2/00lE7vM7Tj0pd/2pP5QjWexYit7ZBBe5ADQK24ZvQL
nI3XdgbQJl22KS4SxlhpX1zT5w+S75KR9f4wILHapM8v12D+MyvtQXgZoHEbJe6J
OnRzpvo2Vje7MXCnXg1pYEx9UU4htgrv2CpEHt8oA0b4x13pY9m86kILhLxy0zt6
xgOIYAoF7VwWxGrd72pMgU7wC/0oTK/BDX3O3i5CPooS+zp87mABEuR8zHV8GCJ7
DUq9xSBfq0IhjQZKdLvWfHzC2rIWZQeCSd68phC5iDfO+GZlA4d7jy1CofYY5AHd
qUjDqNFZN7P9H2GjywsoPYLYcqV4b/xrJWX3BkaudsEG/0wZrVhIYnDBRUViiRyp
Elm/Uk9XVDNSEtUoVD4rzFqqUh2lgssxhgGiK7nr3dU1XnIanwXKl57sGCQxAZHP
4pHI1t9fixNGbI9nPl/0
=WOeS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.