Trying to get in touch regarding a security issue

[zidingz]

Hey there!

I belong to an open source security research community, and a member (@yifengchen-cc) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[barak]

I'm just the Debian packager. The upstream developer is Leon Bottou leon@bottou.org, who keeps the sources on http://djvu.sourceforge.net/ and that's probably the right place to go for reporting security issues. In the past, he's been extremely responsive to this sort of thing. But if you have trouble getting in touch with him or some other issue, please do feel free to revert to me and I'll do what I can to help.