On Fri, May 14, 2021 at 4:30 PM Samuel Thibault <samuel.thiba...@gnu.org> wrote: > We don't have anything set up for disclosures, you can drop me an e-mail > (ciphered if you can).
OK, I'll prepare a write-up and send it to you. And I will attempt to use GPG for it. I asked about this on the Fediverse; and got (among other replies) this small guide [0] which sounds like a good plan of action. What do you think? Oh, and you would not believe this, but in the past couple of hours I have discovered *another* vulnerability, unrelated to the first one; it's even easier to exploit and also gives you root: sergey@sergey-hurd-box:~/hax2$ ./hax2 Got root auth port :) root@sergey-hurd-box:~/hax2# id uid=0(root) gid=0(root) groups=0(root) root@sergey-hurd-box:~/hax2# Sergey [0]: https://functional.cafe/@minoru/106234136976353911
