sthagen

I attempted to get MaherAzzouzi to report their apparent information
disclosure vulnerability to Amanda upstream via an issue in their
CVE-2022-37703 repository. They apparently seemed to think that MITRE
automatically reports issues to upstreams, which is not the
case. Eventually, they deleted the issue after threatening to
irresponsibly disclose two local privilege escalations in Amanda, all
without any apparent attempt to notify upstream. As far as I can tell,
that hasn't happened yet.

I've asked Github to make the content of the issue public for