Picketlink 2.8.0
by Arthur Gregório
Picketlink is dead?
The last commit in the project repo was in 9 july..
Is there a schedule for the new version or something like that?
at.,
*Arthur P. Gregório*
*+55 45 9958-0302 <%2B55%2045%209958-0302>*
@gregorioarthur
www.arthurgregorio.eti.br
8 years, 11 months
Re: [security-dev] Inquiry on vulnerability found in PicketLink VN: JVN#33791982 / TN: JPCERT# 90204487
by Peter Skopek
Dear Mr. Tomotaka Ito,
check this [1] page, please. You can find all necessary information
including GPG key.
I believe inquiry should be sent to: secalert(a)redhat.com
In case of any other problem contact me and I will try to help.
Yours sincerely,
Peter Skopek
MW Security Engineer
[1] https://access.redhat.com/security/team/contact/
On Wed, Nov 11, 2015 at 7:49 AM, JPCERT/CC <vuls(a)jpcert.or.jp> wrote:
> To whom it may concern,
>
> Hello. This is Tomotaka Ito from JPCERT/CC Vulnerability
> Handling Team. Please excuse the sudden contact.
>
> If you're not familiar with us or our activities, please
> check the following websites for more information.
>
> https://www.jpcert.or.jp/english/
> https://www.jpcert.or.jp/english/vh/project.html
> https://www.ipa.go.jp/files/000044732.pdf
> https://jvn.jp/en/
>
> We have received a report of a vulnerability found in the
> product "PicketLink" from a researcher/user here in Japan
> under the vulnerability handling framework called "Information
> Security Early Warning Partnership" and the official announcements
> #235 and #110 "Software Vulnerability Related Information Handling
> Measures" which were designed by Ministry of Economy, Trade and
> Industry (METI), a Japanese cabinet.
>
> From the websites
> https://github.com/picketlink
> https://github.com/orgs/picketlink/people
> http://www.slideshare.net/JBUG_London/london-jbug-april-2014
> http://lists.jboss.org/pipermail/security-dev/2012-October/000176.html
>
> we found these email addresses. We would like to coordinate with you
> to solve the reported vulnerability, and your cooperation would be
> greatly appreciated.
>
> Before we provide you the details of the reported vulnerability,
> we would like to know the appropriate point-of-contact person,
> or department/group/team to communicate in regards to this issue.
> It would be greatly appreciated if you could provide us the below
> information at your earliest convenience.
>
> -Name of the persons/team who is in charge of such issues
> *Please assign at least 2 persons (primary and backup).
> If you have a division/team to handle such issue,
> please provide us a name of division/team.
>
> -Email address
> *Please provide us email addresses of the primary person
> and backup person.
> If you have a division/team, please provide us a group-mail
> address.
>
> -PGP key if available
>
> Once we receive your reply and point-of-contact information,
> we will then send you the original vulnerability report and the
> details either in a PGP encrypted message or in a password protected
> zip file.
>
> If you have any questions or concerns, please do not hesitate
> to contact us any time.
>
> Thank you in advance for your attention on this email.
> We would very much appreciate your prompt reply.
>
> Sincerely yours,
>
> Tomotaka Ito
> Vulnerability Handling Team
> Information Coordination Group
> ======================================================================
> JPCERT Coordination Center (JPCERT/CC)
> TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 EMAIL: vuls(a)jpcert.or.jp
> PGP key: 0x33E6021D: B9 E8 68 35 2D 39 19 29 63 89 52 D4 F8 8D 50 FC
> https://www.jpcert.or.jp/english/
9 years