The easiest way to report a security issue is through a Github Private Security Report with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

Alternatively, to report a security issue via email, please email [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

The Ubuntu Security disclosure and embargo policy contains more information about what you can expect when you contact us and what we expect from you.