Dear GNU diffutils Team, as CERT.PL CNA (CVE Numbering Authority) we have been requested to assign a CVE for a vulnerability found in xxx software.
To which email address should we send the details of the reported vulnerability? Should we encrypt the message using your public key, or is encryption not necessary? In case of no answer from your side we will publish CVE entries according to information provided by the finder. Best regards CERT.PL/en https://cert.pl/en/cvd/
