Re: [libreoffice-users] Vulnerability report

2022-04-21 Thread Dave Howorth 
On Thu, 21 Apr 2022 20:46:12 +0200
Robert Großkopf  wrote:

> Hi Min Di,
> 
> > I found a vulnerability and I want to know if I should send you the
> > vulnerability report through the website or through a special bug
> > bounty platform?  
> 
> I would prefer to write a bug description at
> https://bugs.documentfoundation.org/

Obviously it wouldn't be a good idea to expose an unpatched
vulnerability on a public bug reporting site. If that is what is being
reported? Details of vulnerabilities need to be reported through some
private channel.

> Regards
> 
> Robert


-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

Re: [libreoffice-users] Vulnerability report

2022-04-21 Thread Stephan Bergmann 

On 4/21/22 20:46, Robert Großkopf wrote:

I found a vulnerability and I want to know if I should send you the
vulnerability report through the website or through a special bug bounty
platform?


I would prefer to write a bug description at
https://bugs.documentfoundation.org/


In case of a security vulnerability, it is better to follow the advice 
at :  "To 
reach our security team, please drop an e-mail to 
secur...@documentfoundation.org".



--
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

Re: [libreoffice-users] Vulnerability report

2022-04-21 Thread Robert Großkopf 

Hi Min Di,


I found a vulnerability and I want to know if I should send you the
vulnerability report through the website or through a special bug bounty
platform?


I would prefer to write a bug description at
https://bugs.documentfoundation.org/

Regards

Robert
--
Homepage: https://www.familiegrosskopf.de/robert

--
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

[libreoffice-users] Vulnerability report

2022-04-21 Thread Min Di 
Hi Security team,
I found a vulnerability and I want to know if I should send you the
vulnerability report through the website or through a special bug bounty
platform?
Personally, I prefer to submit reports within a platform to gain reporting
points.
Thank you.

-- 
To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy