Hello,
I have identified a reproducible memory-safety issue in zpl.
The project SECURITY.md asks reporters to use the advisory page, but I do not see a visible option to submit a private vulnerability report from my side.
I have prepared a small private report package containing:
affected commit information
standalone reproducer
minimized malformed input
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the malformed input, reproducer details, source locations, or sanitizer output publicly before the maintainers have had a chance to review them.
Could you please enable GitHub Private Vulnerability Reporting for this repository, create a draft advisory and invite me, or let me know the preferred private security contact?
Best regards,
Yukimura
Hello,
I have identified a reproducible memory-safety issue in zpl.
The project SECURITY.md asks reporters to use the advisory page, but I do not see a visible option to submit a private vulnerability report from my side.
I have prepared a small private report package containing:
affected commit information
standalone reproducer
minimized malformed input
ASan/UBSan run logs
source-level root cause notes
clean-checkout reproduction steps
suggested fix direction
I would prefer not to disclose the malformed input, reproducer details, source locations, or sanitizer output publicly before the maintainers have had a chance to review them.
Could you please enable GitHub Private Vulnerability Reporting for this repository, create a draft advisory and invite me, or let me know the preferred private security contact?
Best regards,
Yukimura