Hi, > On 04/01/2019 01:02, Florian Zumbiehl via Exim-dev wrote: > > may I suggest you put that on the > > website somewhere? > > It was already there, at https://bugs.exim.org/enter_bug.cgi
That page only tells me that "Bugzilla needs a legitimate login and password to continue.". Clicking around on that page, I now found that the security report address is mentioned on https://bugs.exim.org/describecomponents.cgi, which is linked as "Browse" in the header and footer of the bug tracker page. Which is pretty counterintuitive: When looking for a way to report a vulnerability that maybe shouldn't be published for the time being, I probably won't be browsing the public bugs. And in any case, what I can say is that as a matter of fact I didn't find it when I needed it, even if you think that I should have. Regards, Florian -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
