oss-sec mailing list archives

SaltStack - how to report security flaw?

From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 03 Jul 2014 13:55:42 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I looked through the saltstack.org site and their github page
https://github.com/saltstack and checked OSVDB
(http://osvdb.com/vendor/271316-saltstack-inc/1) but I can't find any
security contact or way to privately submit a security issue. Does
anyone know if there is a way t privately report a security issue to
saltstack or should I just submit a public issue in github? This is
potentially remote code execution so I'd really prefer to submit it
privately.

- -- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtbU9AAoJEBYNRVNeJnmTSWMP/RtMK+TXbVP1PuwgtBJBAbQp
QSpVOtDF4Upqa/S4AC+BcCe3kWpT0MvBSgUIRATUoyhCfGKrXZGuTF/+doQgUbZo
JbsNVqjrh4rxr98A4muOvNLLM3KVLngV62ESbYCHZnYOVUsgEVgZRj3cQxT4QRZZ
A4DSjU5i4zUYpc97mOk3TFyliZBc0ktL5X6WAbZsaJDgjpv55EVieACAE/JSkUPK
/5hFg9mKrUr/QMUcSnjk2/00lE7vM7Tj0pd/2pP5QjWexYit7ZBBe5ADQK24ZvQL
nI3XdgbQJl22KS4SxlhpX1zT5w+S75KR9f4wILHapM8v12D+MyvtQXgZoHEbJe6J
OnRzpvo2Vje7MXCnXg1pYEx9UU4htgrv2CpEHt8oA0b4x13pY9m86kILhLxy0zt6
xgOIYAoF7VwWxGrd72pMgU7wC/0oTK/BDX3O3i5CPooS+zp87mABEuR8zHV8GCJ7
DUq9xSBfq0IhjQZKdLvWfHzC2rIWZQeCSd68phC5iDfO+GZlA4d7jy1CofYY5AHd
qUjDqNFZN7P9H2GjywsoPYLYcqV4b/xrJWX3BkaudsEG/0wZrVhIYnDBRUViiRyp
Elm/Uk9XVDNSEtUoVD4rzFqqUh2lgssxhgGiK7nr3dU1XnIanwXKl57sGCQxAZHP
4pHI1t9fixNGbI9nPl/0
=WOeS
-----END PGP SIGNATURE-----

Current thread:

SaltStack - how to report security flaw? Kurt Seifried (Jul 03)
- Re: SaltStack - how to report security flaw? Murray McAllister (Jul 03)