Hello maintainers! I've just been informed off-list that there's a Cygwin-specific security vulnerability in one of the packages I maintain. I'm reluctant to go into details on a public list, but I'd also appreciate some support in the best way to manage this to get patches out without exposing package users to unnecessary security risk.
I'm already working with the upstream to find an appropriate patch, and I think I have at least a reasonable handle on best practices for releasing this sort of patch, but I'd appreciate being able to talk over the specifics with someone (singular or plural) with more experience of handling this sort of situation. Is there any way I can get that sort of support from the maintainer community? Adam
