nasrul abrori nasrulsevenfoldism at
Wed Nov 13 13:29:35 EST 2013

i found vulnerable at , Where should I report
this problem ???

On Thu, Nov 14, 2013 at 1:26 AM, Ethan Blanton <elb at> wrote:

> nasrul abrori spake unto us the following wisdom:
> > because i find vulnerabilities on your site, or just bug bounty in the
> > software category,,,
> Are you saying that you have found vulnerabilities on
> or that you would like
> to have disclosed after correction?  We have not previously done that,
> but I see no reason why we couldn't; it should probably be in a
> different place from the Pidgin vulnerabilities.  Note that most of
> our web site software is packages from upstream providers (such as
> trac), and vulnerabilities should probably be disclosed to the
> upstream authors unless they are in our own setup/extensions.
> I'm still not sure I understand.
> Ethan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list