Re: Vulnerability in your website

To: Usman Javed <mh.sec277@gmail.com>, debian-www@lists.debian.org
Subject: Re: Vulnerability in your website
From: Paul Wise <pabs@debian.org>
Date: Sun, 10 Apr 2022 08:55:34 +0800
Message-id: <[🔎] 09abb61c9ec5aba32a0746b0ee3e98f781318f25.camel@debian.org>
Reply-to: Usman Javed <mh.sec277@gmail.com>, debian-www@lists.debian.org
In-reply-to: <[🔎] CA+vc4FHjAWAVYpE_Fbb40_PdFkD0+shZ68HcGrJg-v44JDRYyw@mail.gmail.com>
References: <[🔎] CA+vc4FHjAWAVYpE_Fbb40_PdFkD0+shZ68HcGrJg-v44JDRYyw@mail.gmail.com>

On Sat, 2022-04-09 at 22:23 +0500, Usman Javed wrote:

> I found a vulnerability in your website

Which website are you referring to? Debian has many different websites
written by different groups of people using different software.

> want to disclose it to you.

If you don't want to disclose it publicly on this mailing list,
our security team are the best folks to handle fixing the issue.

https://www.debian.org/security/faq#discover
https://www.debian.org/security/faq#contact

> Let me know if you have any active bug bounty program or is there any
> compensation for reporting vulnerabilities?

As a volunteer non-profit based organisation, we don't have any bug
bounties and are not able to provide compensation.

https://www.debian.org/intro/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Vulnerability in your website
  - From: Usman Javed <mh.sec277@gmail.com>

Prev by Date: Vulnerability in your website
Next by Date: Bug#1009253: www.debian.org: remove debian-www list from the footer; direct people to the contact page instead
Previous by thread: Vulnerability in your website
Next by thread: Bug#1009253: www.debian.org: remove debian-www list from the footer; direct people to the contact page instead
Index(es):
- Date
- Thread