[security-dev] Inquiry on vulnerability found in PicketLink VN: JVN#33791982 / TN: JPCERT# 90204487

Peter Skopek pskopek at redhat.com
Wed Nov 11 03:39:53 EST 2015

Dear Mr. Tomotaka Ito,

check this [1] page, please. You can find all necessary information
including GPG key.
I believe inquiry should be sent to: secalert at redhat.com

In  case of any other problem contact me and I will try to help.

Yours sincerely,
Peter Skopek
MW Security Engineer

[1] https://access.redhat.com/security/team/contact/

On Wed, Nov 11, 2015 at 7:49 AM, JPCERT/CC <vuls at jpcert.or.jp> wrote:
> To whom it may concern,
> Hello.  This is Tomotaka Ito from JPCERT/CC Vulnerability
> Handling Team.  Please excuse the sudden contact.
> If you're not familiar with us or our activities, please
> check the following websites for more information.
>   https://www.jpcert.or.jp/english/
>   https://www.jpcert.or.jp/english/vh/project.html
>   https://www.ipa.go.jp/files/000044732.pdf
>   https://jvn.jp/en/
> We have received a report of a vulnerability found in the
> product "PicketLink" from a researcher/user here in Japan
> under the vulnerability handling framework called "Information
> Security Early Warning Partnership" and the official announcements
> #235 and #110 "Software Vulnerability Related Information Handling
> Measures" which were designed by Ministry of Economy, Trade and
> Industry (METI), a Japanese cabinet.
> From the websites
>   https://github.com/picketlink
>   https://github.com/orgs/picketlink/people
>   http://www.slideshare.net/JBUG_London/london-jbug-april-2014
>   http://lists.jboss.org/pipermail/security-dev/2012-October/000176.html
> we found these email addresses. We would like to coordinate with you
> to solve the reported vulnerability, and your cooperation would be
> greatly appreciated.
> Before we provide you the details of the reported vulnerability,
> we would like to know the appropriate point-of-contact person,
> or department/group/team to communicate in regards to this issue.
> It would be greatly appreciated if you could provide us the below
> information at your earliest convenience.
>  -Name of the persons/team who is in charge of such issues
>  *Please assign at least 2 persons (primary and backup).
>    If you have a division/team to handle such issue,
>    please provide us a name of division/team.
>  -Email address
>   *Please provide us email addresses of the primary person
>    and backup person.
>    If you have a division/team, please provide us a group-mail
>    address.
>  -PGP key if available
> Once we receive your reply and point-of-contact information,
> we will then send you the original vulnerability report and the
> details either in a PGP encrypted message or in a password protected
> zip file.
> If you have any questions or concerns, please do not hesitate
> to contact us any time.
> Thank you in advance for your attention on this email.
> We would very much appreciate your prompt reply.
> Sincerely yours,
> Tomotaka Ito
> Vulnerability Handling Team
> Information Coordination Group
> ======================================================================
> JPCERT Coordination Center (JPCERT/CC)
> TEL: +81-3-3518-4600  FAX: +81-3-3518-4602  EMAIL: vuls at jpcert.or.jp
> PGP key: 0x33E6021D: B9 E8 68 35 2D 39 19 29  63 89 52 D4 F8 8D 50 FC
> https://www.jpcert.or.jp/english/

More information about the security-dev mailing list