It is recommended to send the report to [email protected] (and obviously not to discuss the issue anywhere else).

Examples for details to include:

• Ideally a short description (or a script) to demonstrate an exploit.
• The affected platforms and scenarios (the vulnerability might only affect setups with case-sensitive file systems, for example).
• The name and affiliation of the security researchers who are involved in the discovery, if any.
• Whether the vulnerability has already been disclosed.
• How long an embargo would be required to be safe.