ask
nasrul abrori
nasrulsevenfoldism at gmail.com
Wed Nov 13 13:29:35 EST 2013
i found vulnerable at http://developer.pidgin.im , Where should I report
this problem ???
On Thu, Nov 14, 2013 at 1:26 AM, Ethan Blanton <elb at pidgin.im> wrote:
> nasrul abrori spake unto us the following wisdom:
> > because i find vulnerabilities on your site, or just bug bounty in the
> > software category,,,
>
> Are you saying that you have found vulnerabilities on
> http://pidgin.im/ or http://developer.pidgin.im/ that you would like
> to have disclosed after correction? We have not previously done that,
> but I see no reason why we couldn't; it should probably be in a
> different place from the Pidgin vulnerabilities. Note that most of
> our web site software is packages from upstream providers (such as
> trac), and vulnerabilities should probably be disclosed to the
> upstream authors unless they are in our own setup/extensions.
>
> I'm still not sure I understand.
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20131114/326ce5fa/attachment.html>
More information about the security
mailing list