ZeddYu Lu writes:
> Last year, curl had a security update for CVE-2020-8284. more info, see
> https://hackerone.com/reports/1040166
>
> The problem is ftp client trust the host from PASV response by default, A
> malicious server can trick ftp client into connecting back to a given IP
> address
Onur Şahin writes:
> Hello,
>
> I was wondering if there is a process in place for reporting security
> vulnerabilities for inetutils? If so, what might that process be?
Hi! Right now there isn't much of a formal process -- please post your
findings to this mailing list, and we can all try to