Please put detailed report to https://github.com/iputils/iputils/security/advisories or send a detailed mail to pvorel at suse.cz and david at ixit.cz report vulnerabilities in iputils.

Even when unsure whether the bug in question is an exploitable vulnerability, it is recommended to send the report to https://github.com/iputils/iputils/security/advisories or/and pvorel at suse.cz and david at ixit.cz (and obviously not to discuss the issue anywhere else).

Vulnerabilities are expected to be discussed only there, and not in public, until the official announcement.

Examples for details to include:

• Ideally a short description (or a script) to demonstrate an exploit.
• The affected platforms and scenarios (the vulnerability might only affect setups with case-sensitive file systems, for example).
• The name and affiliation of the security researchers who are involved in the discovery, if any.
• Whether the vulnerability has already been disclosed.
• How long an embargo would be required to be safe.

There are no official "Long Term Support" versions in iputils.

Fixes to vulnerabilities are made for the latest iputils version and usually can be backported to the older releases.