Vulnerability in your website
Jeffrey Walton
noloader@gmail.com
Mon Feb 7 20:07:33 GMT 2022
On Mon, Feb 7, 2022 at 1:10 PM Muhammad javad via Bzip2-devel
<bzip2-devel@sourceware.org> wrote:
>
> I found a vulnerability in your website and want to disclose it to you.
>
> Let me know if you have any active bug bounty program or is there any
> compensation for reporting vulnerabilities?
>
> Looking forward to hearing from you
Sourceware hosts the Bzip2 site. You should be able to reach the
Adminstrative and Technical contacts via a WHOIS lookup. But it looks
like they fail to publish the required information (this is an ICANN
contractual requirement):
$ whois sourceware.org | grep '@'
Registrar Abuse Contact Email: registrar-abuse@google.com
And I don't think registrar-abuse@google.com is who you want to contact.
I also can't find a security contact while searching the sourceware
site. Confer, https://www.sourceware.org/ and
https://www.google.com/search?q=security+contact+site:sourceware.org.
The page https://www.sourceware.org/suggestions.html offers
sourcemaster@sourceware.org. Maybe it will work (?).
Maybe try webmaster@sourceware.org, secure@sourceware.org or
security@sourceware.org? They may be conforming to RFC2142.
That's no way to run a railroad, as they say.
Jeff
More information about the Bzip2-devel
mailing list