Inquiry about potential security issues in tar

[Zeev Ben Porat]

Hello bug-tar,

 

My name is Ze'ev Ben Porath and I am a security researcher at Cyberark Labs.

Together with my colleague Emmanuel Ouanounou, we have been testing ("fuzzing") the GNU Tar program.
We discovered a number of bugs  with potential security implications.

According to the GNU Tar documentation (https://www.gnu.org/software/tar/) :

Security reports that should not be made immediately public can be sent directly to the maintainer.

The Maintainer section lists three maintainers and states: Please use the mailing lists for contact.

However, In the links specified in the Mailing lists section I could not find the emails of the maintainers.
I am pretty sure this is due to my incompetence, but could you please help me and give me the relevant email address[es]?

Thank you very much,

address@hidden
Work: +972-3-9180000
Private: +972-522-574483

---

_______________________________________________
Unless advised otherwise, the information included in this email, including any attachments, is confidential and may be privileged or otherwise protected from disclosure.
If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error.