oleibman
commented
1 month ago I'm not sure. Please email your reports to yahoo userid ****. I don't use that mailbox much, so please post a note here when you've done that.
Closed emilvirkki closed 1 week ago
oleibman
commented
1 month ago I'm not sure. Please email your reports to yahoo userid ****. I don't use that mailbox much, so please post a note here when you've done that.
oleibman
commented
1 week ago We recently installed a security-related fix which I'm guessing was related to this. So I'm closing this. Feel free to re-open if my guess was incorrect.
emilvirkki
commented
1 week ago No, these are different from #4119. I now sent you the reports to the specified address as 4 separate emails, one for each vuln. Sorry about the delay - I was on vacation in July and it took a while to get back up to speed.
emilvirkki
commented
1 week ago Fyi @oleibman I can't reopen this issue, but see the above.
oleibman
commented
1 week ago @PowerKiKi @MarkBaker I have been communicating with the originator of this issue via email. He says he has reported vulnerabilities using "Private Vulnerability Reporting" on https://github.com/PHPOffice/PhpSpreadsheet/security. But I can't see how to access his reports. If I could, that would probably be a better venue for our discussions than email. Is there something that needs to be done to enable my access to these reports?
PowerKiKi
commented
1 week ago @oleibman, you are now admin, like me, and have access to https://github.com/PHPOffice/PhpSpreadsheet/security/advisories?state=Triage, which should allow you to follow-up to to the reports.
@emilvirkki, somehow I didn't get any notifications for your reports. Thank you for your work and patience, we'll have a look at your reports.
I reported multiple security vulnerabilities in PHPSpreadsheet through the private vulnerability reporting feature on this repository. It's been over a month, and I haven't heard back.
What is the correct channel for reporting vulnerabilities, if that one isn't it?