This is an embargoed notification that a vulnerability has been discovered in Flux. This notice has been sent to subscribed distributors and service providers in order to allow for timely patching. You are receiving this notification as you have agreed to abide by the embargo policy on this project. Do not forward this information to other parties without complying with the instructions of the embargo policy.
2-3 sentences describing the vulnerability using technical details. This should only contain enough information to be able to make a quick determination of what the vulnerability is about.
Provide an attack scenario or other information to explain the risk associated. Use details gathered from the triage.
Further information about the scoring details can be found at cvss-calculator.
Provide exact code or command lines in order to offer usable, precise, and repeatable methods for a subscriber to reproduce the problem and test fixes and mitigations.
Provide information on the known remediation or planned patch. Be sure to list when it will be available or links to where the patch will be available.
If you have additional information to provide, be sure to include it here.
Date reported: DD MMM YYYY Date fixed: DD MMM YYYY Date to be disclosed: DD MMM YYYY
Do not:
- make this information public,
- issue communications hinting at or regarding this,
- share this with others,
- issue public patches before the disclosure date
This list will be notified immediately if the disclosure date is at risk or changes. Questions should be directed to the security contacts.