Developers of Sympa

[IKEDA Soji <address@concealed>]

Hi Etienne,

Would you please forward the message below to me?
I want to know email of the sender which was hidden due to DMARC protection.

Thank you!

-- Soji

2017/05/18 7:15、Martin (via sympa-developpers Mailing List) 
<address@concealed> のメッセージ:

> Hello Sympa devs,
> 
> I'm currently searching for someone of trust to fix an XSS vulnerability
> that I have discovered in the web interface of Sympa (latest version).
> To who can I send the vulnerability report? I can send it to a public
> mailing list if you want, but it isn't recommended to make it public
> before releasing a fix.
> 
> It's really complicated to enter in contact with someone in private to
> report a Sympa vulnerability. I'm suggesting to create a page at [1]
> with a point of contact to send future security reports.
> 
> Timeline:
> - beginning of March 2017: discovery of a XSS vulnerability in Sympa
> - 04/03/2017: report sent to address@concealed (the only
> list that I found that doesn't have public archives)
> - 13/03/2017: reminder sent to address@concealed with
> direct copies to address@concealed and address@concealed
> - 13/03/2017: auto-response of address@concealed saying that he
> doesn't work here anymore
> - 13/03/2017: auto-response of address@concealed saying that he
> will be back to work the 10/04/2017
> - 26/04/2017: reminder sent to address@concealed
> - no reply received
> 
> Best,
> Martin Gubri
> 
> [1] https://www.sympa.org/security
>