[CERT.PL #5689510] Vulnerabilities found in bzip2 software
Mark Wielaard
mark@klomp.org
Wed Apr 22 17:42:41 GMT 2026
Hi,
On Wed, 2026-04-22 at 19:14 +0200, Mark Wielaard wrote:
> On Wed, 2026-04-22 at 14:22 +0200, CERT Polska via RT via Bzip2-devel
> wrote:
> > as CERT.PL CNA (CVE Numbering Authority) we have been requested to assign a
> > CVE for a vulnerability found in bzip2 software.
> >
> > To which email address should we send the details of the reported
> > vulnerability? Should we encrypt the message using your public key, or is
> > encryption not necessary?
>
> It is probably fine to sent details to this public mailinglist
> bzip2-devel@sourceware.org unless you believe it is a real
> vulnerability that should be reported confidentially first.
>
> If so, feel free to sent it encrypted (against the key that signed this
> message) or unencrypted to me personally at mark@klomp.org.
>
> Or see https://www.klomp.org/mark/gnupg-pub.txt use
> 28FF 4B30 A88D 5523 A7E2 CBA2 0376 A15C 6FFC 11CD
OK, that message wasn't signed. Apologies.
Hopefully this reply is, to show it is really my key.
Cheers,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <https://sourceware.org/pipermail/bzip2-devel/attachments/20260422/2821594b/attachment.sig>
More information about the Bzip2-devel
mailing list