X-Original-To: alpine-devel@lists.alpinelinux.org Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) by lists.alpinelinux.org (Postfix) with ESMTP id 481965C49F9 for ; Fri, 5 May 2017 15:53:36 +0000 (GMT) Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id v45FrZeJ004025 for ; Fri, 5 May 2017 11:53:35 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu v45FrZeJ004025 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1493999615; bh=nmVGTcIatGUs3DJj4ST6ZSsKMuxDmO35ICtPdCk0Rio=; h=From:Reply-To:Date:To:CC:Subject:From; b=N8AodUM9YH0u/VH5RaFXs2L6Ibwhs0fSUAonMivoT5hgBSU5nWS4mYpWheYmqZsLp m5es2qtvERD41XBiBXQozjFW83Ll9sKRvwkKydW+WBSkAP8patc27IOvU2P76/F/bT 10gk6d5SbmukxBOG9iq+Pyqt6nhQBLg76n2OuOS8= Received: from timberline.sei.cmu.edu (timberline.sei.cmu.edu [10.64.64.17]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id v45FrYNZ004071; Fri, 5 May 2017 11:53:34 -0400 Received: from timberline.sei.cmu.edu (localhost [127.0.0.1]) by timberline.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id v45FrYFk041065; Fri, 5 May 2017 11:53:34 -0400 Received: (from gwassermann@localhost) by timberline.sei.cmu.edu (8.14.7/8.14.7) id v45FrYPK041062; Fri, 5 May 2017 11:53:34 -0400 Message-Id: <201705051553.v45FrYPK041062@timberline.sei.cmu.edu> X-Authentication-Warning: timberline.sei.cmu.edu: gwassermann set sender to nobody@cert.org using -f From: "CERT(R) Coordination Center" Reply-To: "CERT(R) Coordination Center" Date: Fri, 05 May 2017 11:43:56 -0400 To: alpine-devel@lists.alpinelinux.org CC: "CERT(R) Coordination Center" Subject: [alpine-devel] How to Report Software Vulnerabilities [VCALL-866] X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, The CERT Coordination Center periodically reports known software vulnerabilities to linux distribution vendors such as yourself to coordinate widespread disclosure of vulnerabilities and uptake of patches. We're updating our records and noticed we do not have a good way to contact Alpine Linux. We want to ensure we can reach you with timely information in case of a widespread vulnerability affecting linux. What is the preferred email address for reporting software vulnerabilities to the Alpine team? We sometimes wish to report these issues privately (not on a public tracker) before they are disclosed, so ideally this would not be a bugtracker or email list. In either case, is there a PGP key we could use to encrypt these reports to you? We rely on PGP to safeguard vulnerability information prior to disclosure. For more information about our process of coordinating vulnerability disclosures, please see . Please let me know if you have any questions. When replying, please ensure VCALL-866 is in the subject line of your email. Thank you! Best Regards, Garret Wassermann Vulnerability Analysis Team CERT Coordination Center (CERT/CC) A division of: Software Engineering Institute Carnegie Mellon University -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJZDJ/zAAoJEOaVDwyMMQJnjosP/jHIwSIEJTTV0e7y9GO4yxoi 1/O/2MbBDL8jV4Tgxio83uQIKw3AklRbn9OhwF/YXfo16WSFM2VokH6MIVkRO8PV GRWNkAwcgxItzQbE+BwzfYrpHdU7tpU9gm+xoVvz9qvFV5k8NXVsKA9MNMki+QjV +lYPl0WogHenAmM+AxY3+btie4JtHt58uEvaiQLUSR7JLDkNROu9T1DPPAgeDB5s DP6FN9q4KYTLFObICendq1W2qqvLqH4hz7QAX5VzKheehpB8COc8AO0lW4/kk+jm GuukPg6vX4Fk2aEnV7hV/9ZExsf+6AEYDloBlC9M5x/ZaShORbJaKDa4Oo90QHoF u8McbPFsDZU1ORdG6/F1DGeK65yMpDSUjRhy0UcC1Nu7n5YEzyKg/OyaoMYF3H6g UxIuDgaAINLZnx55xJ6xU7Zl9aIl0n8F3FoUcEfEK+8XQtKM/YwjLZzXm9RSwFV9 EzxjMZhx2Q1Lp4L/54XF4um8qO4OCnIyeTprjj0FSQHTLJ4YX6GbpmnO8wdDn6JD dnMINmHgURup/fjNiRShvhZN3A3JdfSmAa2i0T8Fu+EwSvWBEl7kwmI6bTP9SpW2 JF26BnzFRGB49eUuM4Cuz/b795OKRdYTqjpHdihK2nS2SorZuIJSkEZObOPIOnXN wjypqlz9Uzsz5S26TIb3 =/cex -----END PGP SIGNATURE----- --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---