[CKAN-Security] [VCR-701] Need for a security contact [VU#490108]

Ian Ward ian at excess.org
Tue Jun 30 12:27:31 UTC 2015


I've dusted off my old, and certainly weak by today's standards, but
it still seems to work.

Please send me the details.

$ gpg --fingerprint ian at excess.org
pub   1024D/FF9EF2B6 1999-11-15
Key fingerprint = 9067 0779 D7D9 77FD 72D6  315E 2032 044D FF9E F2B6

On Thu, Jun 25, 2015 at 3:55 PM, CERT(R) Coordination Center
<cert at cert.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Greetings,
>
> We have received a report of a vulnerability affecting CKAN API. We are tracking this report as VU#490108.
>
> Since detailed information is sensitive, we would like to establish a secure channel of communication with you. We prefer PGP, and more information can be found here:
>
> http://www.cert.org/contact/sensitive-information.cfm?
>
> Be aware that our policy is to publish a public disclosure document after 45 days. Examples of our vulnerability notes can be found here:
>
> http://www.kb.cert.org/vuls/
>
> Information about CERT Vulnerability Remediation can be found here:
>
> http://www.cert.org/vuls/remediation.html
>
> If you have any questions or concerns, please let us know. Be sure to include VU#490108 in the subject of any email you send to us about this report.
>
> Regards,
>
> Vulnerability Analysis Team
> ======================================================================
> CERT Coordination Center
> www.cert.org / cert at cert.org / Hotline: 1-412-268-7090
> ======================================================================
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iQEVAwUBVYxev7xLo78IyvB1AQIEUwf9Hr7omvqWNeg+tbGXrC43sQuyafBkmJR7
> cIJCzUdj3/yX2vLzvFoHDdRHCTSpAz0tcR+4wD6w3N54igohxC9hEtMf2ccwU7tx
> xwoCy3e0rG6UKFfl/JHwDKd0G5zUeU07rgWUj/VFwxyOASzc4PhDbGMHRsxhDTX1
> OQRRwvf8kTFXROGEdM61bPMCwZmWAtGHgYaFMa9koXDjUAUpI+JjwJUKyVp1Iu3T
> 9xRpBYoYjG3JqZ/zlW66p9JFNMK9nDizRR+07s0AOBu6MQ456RXVAXHCKp4JyqlG
> dabV6ZbWU6knHPmkj4/5tJFO9HHKsxrI9iITLFommzZapm8K/ynsxQ==
> =MssU
> -----END PGP SIGNATURE-----
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/ian%40excess.org
>
> Repo: https://github.com/ckan/ckan-security



More information about the Security mailing list