Several critical security vulnerabilities - looking for a contact

[rverton]

Hi,
who can I talk to about some critical vulnerabilities I found in Trovebox?

Greetings,
robin

[cedricbonhomme]

Hello,
I would be interested to get feedback from this.

thank you

[rverton]

Hi @cedricbonhomme,
I would prefer sending details of this to a core contributor. I also tried reaching @jmathai by mail but without success.
Best Regards,
robin

[jmathai]

Hi @rverton, can you send it to jaisen at githubusername dot com?

[rverton]

Hi @jmathai,
thanks for responding. I just sent another email to this address, maybe it was marked as spam the last time.

[cedricbonhomme]

Hi @rverton ,
it is possible to have some news? At least by email
Thanks a lot!

[rverton]

HI @cedricbonhomme,
I'm in contact with @jmathai and his plan is to add the vulnerabilities as issues here and/or directly fix them. Initially I planned to wait for releasing the advisory until a fix is released, but if the vulnerabilities are published as issues here I will post the advisory as soon as possible.

[cedricbonhomme]

OK, thank you for the feedback!

[jmathai]

@cedricbonhomme I forwarded you the report which @rverton shared with me.

[cedricbonhomme]

thank you! I'll have a look at the report.

[rverton]

Hi @cedricbonhomme,
looks like you are working on this now, so if you have any questions, feel free to contact me directly at hello at robinverton de.

[cedricbonhomme]

Hi @jmathai,
Do you will have some time soon to have a look at it (and also the PR)?
thanks,

[rverton]

Hi @jmathai, is there any update on this? The PR from cedric with the vulnerabilities is public, so it would be better to merge this sooner than later.
Thanks

[jmathai]

Sorry for the delay --- i reviewed the pr and added some comments.

[rverton]

Hi @jmathai, @cedricbonhomme ,
thanks to both of you for your time fixing this. I'll finish and publish the advisory soon.
Bests,
Robin