On Sat, Nov 1, 2025 at 10:30 AM <[email protected]> wrote: > > I hope this email finds you well. My name is Mohamed Ibrahim, and I am a > security researcher/bug bounty hunter with experience in identifying and > responsibly disclosing security vulnerabilities. > While testing some technology, I have identified a security vulnerability > within your domain lists.debian.org . To ensure responsible disclosure, I > would like to report this vulnerability to your team. Could you please > provide guidance on your preferred process for submitting security reports? > For example, do you have a dedicated bug bounty program, a security contact > email, or a vulnerability disclosure policy?I am happy to provide further > details about the issue upon your confirmation of the appropriate reporting > channel. > My goal is to assist in securing your systems while adhering to best > practices for responsible disclosure.
<[email protected]>
