report bug

Ethan Blanton elb at pidgin.im
Tue Mar 25 12:04:29 EDT 2014


ayoub nait lamine spake unto us the following wisdom:
> Hello, I am a researcher of security, wanted to reveal a security
> vulnerability responsibility, which is found in the website of your. Below
> is a snapshot.

We are going to have trouble fixing, or even identifying, this problem
from just a screen shot.  Can you tell us how you achieved it?  I
assume the problem is that you were able to enter a snippet of
Javascript as an email address, and it was executed in your browser?

> I want to be rewarded or put my name on the list of special ethical hacker
> your website

You probably want to report this vulnerability to the Trac project
(trac.edgewall.org) for this.  We did not write and do not maintain
trac, we simply use it on developer.pidgin.im.  While there is no such
list per se, there are public vulnerability disclosures, and they
normally include the discoverer of a vulnerability.  However, it is
not our place to disclose vulnerabilities in trac, as trac will want
to coordinate the disclosure with many users and packagers of their
system, not just Pidgin.

Ethan


More information about the security mailing list