Security related bugs need a special handling because we need to make sure that the fix is available for all affected users at the time of publishing the security vulnerability.
Thank you for your cooperation! 👍
For reporting security related issues use the Security component in the SUSE Bugzilla, just follow this link.
The security bugs in Bugzilla are only visible for the reporter and the security team. When the security team confirms the issue they will make it visible for the Agama developers.
A similar rule applies to sending or proposing security related fixes: report a security bug in Bugzilla and attach the proposed patch there.