[security-dev] Inquiry on vulnerability found in PicketLink VN: JVN#33791982 / TN: JPCERT# 90204487
pskopek at redhat.com
Wed Nov 11 03:39:53 EST 2015
Dear Mr. Tomotaka Ito,
check this  page, please. You can find all necessary information
including GPG key.
I believe inquiry should be sent to: secalert at redhat.com
In case of any other problem contact me and I will try to help.
MW Security Engineer
On Wed, Nov 11, 2015 at 7:49 AM, JPCERT/CC <vuls at jpcert.or.jp> wrote:
> To whom it may concern,
> Hello. This is Tomotaka Ito from JPCERT/CC Vulnerability
> Handling Team. Please excuse the sudden contact.
> If you're not familiar with us or our activities, please
> check the following websites for more information.
> We have received a report of a vulnerability found in the
> product "PicketLink" from a researcher/user here in Japan
> under the vulnerability handling framework called "Information
> Security Early Warning Partnership" and the official announcements
> #235 and #110 "Software Vulnerability Related Information Handling
> Measures" which were designed by Ministry of Economy, Trade and
> Industry (METI), a Japanese cabinet.
> From the websites
> we found these email addresses. We would like to coordinate with you
> to solve the reported vulnerability, and your cooperation would be
> greatly appreciated.
> Before we provide you the details of the reported vulnerability,
> we would like to know the appropriate point-of-contact person,
> or department/group/team to communicate in regards to this issue.
> It would be greatly appreciated if you could provide us the below
> information at your earliest convenience.
> -Name of the persons/team who is in charge of such issues
> *Please assign at least 2 persons (primary and backup).
> If you have a division/team to handle such issue,
> please provide us a name of division/team.
> -Email address
> *Please provide us email addresses of the primary person
> and backup person.
> If you have a division/team, please provide us a group-mail
> -PGP key if available
> Once we receive your reply and point-of-contact information,
> we will then send you the original vulnerability report and the
> details either in a PGP encrypted message or in a password protected
> zip file.
> If you have any questions or concerns, please do not hesitate
> to contact us any time.
> Thank you in advance for your attention on this email.
> We would very much appreciate your prompt reply.
> Sincerely yours,
> Tomotaka Ito
> Vulnerability Handling Team
> Information Coordination Group
> JPCERT Coordination Center (JPCERT/CC)
> TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 EMAIL: vuls at jpcert.or.jp
> PGP key: 0x33E6021D: B9 E8 68 35 2D 39 19 29 63 89 52 D4 F8 8D 50 FC
More information about the security-dev