Add files via upload

Confirmation email via VINCE reporting portal
This commit is contained in:
Joseph Goydish II
2025-10-02 17:54:40 -04:00
committed by GitHub
parent ab08c533ed
commit cff2fa7b67
@@ -0,0 +1,110 @@
Return-Path: <0100019493b8d641-39fe5e62-4d73-4e61-ba36-c8802bb7d7a7-000000@amazonses.com>
X-Original-To: josephgoyd@proton.me
Delivered-To: josephgoyd@proton.me
Authentication-Results: mail.protonmail.ch; dkim=pass (Good 1024 bit
rsa-sha256 signature) header.d=cert.org header.a=rsa-sha256; dkim=pass
(Good 1024 bit rsa-sha256 signature) header.d=amazonses.com
header.a=rsa-sha256
Authentication-Results: mail.protonmail.ch; dmarc=pass (p=none dis=none)
header.from=cert.org
Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=amazonses.com
Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=54.240.8.30
Authentication-Results: mail.protonmail.ch; dkim=pass (1024-bit key) header.d=cert.org
header.i=@cert.org header.b="TjRQouCJ"; dkim=pass (1024-bit key) header.d=amazonses.com
header.i=@amazonses.com header.b="IQ5Fj+x3"
Received: from a8-30.smtp-out.amazonses.com (a8-30.smtp-out.amazonses.com [54.240.8.30])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No
client certificate requested) by mailin053.protonmail.ch (Postfix) with ESMTPS id
4Yf4F046XNz3v for <josephgoyd@proton.me>; Thu, 23 Jan 2025 15:12:36 +0000 (UTC)
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=zr2q7qzk2bw3mfxafkttrbx3dstyubyk; d=cert.org; t=1737645151;
h=Content-Type:MIME-Version:Content-Transfer-Encoding:Subject:From:To:Reply-To:Date:Message-ID;
bh=dZXL2b7EVXIuWrmiCNi3s/lBERkb7h4WFWSAweq4IBU=;
b=TjRQouCJKevHpOnJhqdrHwt9TeuWeogPKNMMIGcGWo4/L3mOIFEacB7Gu2yiOlA1
g5CRDyTsqwOliqNUI9q8ddxRvdAvaApzDuJVkh/IFrgIBFjQs/zPfvK84R+19zqhSfW
38D/4Y2a0istnaN2MlfrGh4AXtHLy8Qp6lcyP7TA=
Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1737645151;
h=Content-Type:MIME-Version:Content-Transfer-Encoding:Subject:From:To:Reply-To:Date:Message-ID:Feedback-ID;
bh=dZXL2b7EVXIuWrmiCNi3s/lBERkb7h4WFWSAweq4IBU=;
b=IQ5Fj+x3Lj0jU9KMeVrro27AIEtn3iGMoM3/G1vvcjj/qzB4zSgjmFP3Sl+1alPn
zvsKTF8QZAVDnPU3EBYrp1rA3f0KcDvGWMxk1hL/67tNL9nTGT9Ny+BRdbnMGDoFb1g
kYRBypjpxoIs1XnIe2nYsAE3v9AnbKoyTE0WuY3Q=
Content-Type: multipart/mixed;boundary=---------------------e13bc5dfa0e7706a401ef48e6cec4c5c
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: 25-01-MPVDT (Updated) [gen-41698] [VRF#25-01-MPVDT] Apple iOS in
AudioConverterService
From: VINCE <cert+donotreply@cert.org>
To: josephgoyd@proton.me
Reply-To: cert+donotreply@cert.org
Date: Thu, 23 Jan 2025 15:12:31 +0000
Message-Id: <0100019493b8d641-39fe5e62-4d73-4e61-ba36-c8802bb7d7a7-000000@email.amazonses.com>
X-Vince: auto-notify
Status: 200
Message_id: 0100019493b539d5-2a0640b0-cca7-4db4-8c2e-3f4932f2844f-000000
Request_id: 68d6c989-d81c-4c57-8f53-6901e27d7af6
Feedback-Id: ::1.us-east-1.It3vpLGD8OCn/d2rkkLjTPfaHJfBFSfb3QH4vYKCzbo=:AmazonSES
X-Ses-Outgoing: 2025.01.23-54.240.8.30
X-Pm-Spam: 0yezJI6cihyJeYR3pi42biOpJJvbmsCIeINmhnVGd3b5JoiIjEVBVQRVFsIyUmIs1NjX
3l3JbIpj7SBlI0TiQ0yOiiSwNUJFPz8FRFUiIAuOj5TkMOUT1xADMDNzcI2NDsDIOIBlSfR0TFUFJl
DREPElVTIi6iwCMlUiM0xOifCJLZVGifdWdWam5I6byQyJeU9kE7pjImItldlYWh25XbUWioJiO3ch
RtfY2umlZZ9V0l5WdFZw98ydV0DIMMUDxsIyMmIzlltX2yG9cdFGu6ICdCMiwFpbWzF8bcJHfk9WbW
ZiwJtOisWlYdFGnvNmLWbpJVkbmp2ZXbVm0l5WdCZy4I0MDyDIMM5Sj0B3aiIiwFpbWzF8bcJHfvJH
ciY6I4xMC5TkONUTw0EDMzN0MY4MjiiwMbFWpj9FbXYlR9yZ2tV9ebR2l6ICbmIh1xjaWuXQYY92tu
lmYWZfRluZm1XRZbVmkwIjLjMwQIxMjrmNLcQHitJCLWYslNhX2nGVdbJ35h52XWbiUJVOiBERUVVE
TiwiIWbpF9jbFlXRYZ92yw9Vemci9owIj5jkLOYT34kTNTO1EAwMTiSwMc9FztFGcjIwoAwLj2jcMN
cT2zgTOzNyQE1NDiSwOc9FztFGc2XhJUic2ujAOMADy1YzNzN5YM3OD0DINMUT5wJCL3X3NRjaX0F9
ab91pvJmbCe6I4yMC5jENNYD51YTMDOyAAyMDwCJLXN33jRXaFa099wb1zGlaalGu6IyZCM04A4NDz
jQMOkD03cTNDM2IwiNCzF9cdl20fh2YGdf9Bhc36SIbM4C3zgTMzN0QExMzyzMMNAzzyJCLWdf5Ftb
m6SIZIFmsm1CbWZ0FJldXwy1cd9Vz0l2d2Yig19fXzCJLclmkiojIjN5cVjMjxjYNMZ2lyQDNGZ4Il
jNjiGNMI1n9
X-Pm-Origin: external
X-Pm-Transfer-Encryption: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
X-Pm-Content-Encryption: on-delivery
X-Pm-Spamscore: 0
X-Pm-Spam-Action: inbox
-----------------------e13bc5dfa0e7706a401ef48e6cec4c5c
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;charset=utf-8
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
THIS IS AN AUTOMATED EMAIL.
THIS EMAIL IS SENT FROM AN ACCOUNT THAT IS NOT MONITORED.
DO NOT REPLY TO THIS EMAIL, OR WE WILL BE UNABLE TO RESPOND.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Greetings Joseph,
Please work with Apple on this vulnerability as well. Ensure to tell them =
when you plan to go public with your findings (we recommend giving vendors=
at least 45 days). In addition to a blog, you could also request a CVE fr=
om MITRE using the following process.
From this page, https://cve.mitre.org/cve/request_id.html:
1. Locate the correct CVE Numbering Authority (CNA) whose scope includes t=
he product affected by the vulnerability in the Participating CNAs table b=
elow.
2. Contact the CNA specified using the contact method provided. If the pro=
duct affected by the vulnerability is not covered by a CNA listed, please =
contact the appropriate CNA of Last Resort. Their scopes are listed on tha=
t page as well.
Sincerely,
The CERT/CC Vulnerability Team
This e-mail was sent to you as a user of our VINCE service, in accordance =
with our privacy policy. Please advise us if you believe you have received=
this e-mail in error.
-----------------------e13bc5dfa0e7706a401ef48e6cec4c5c--