alt Hacker Newsit's trivial to find out how to report a security issue like this to Linux distros.
Google search: https://share.google/aimode/eihDKXZJy94Z5lC1p
and it's beyond me to not think about doing this and instead exposing everyone and their neighbor to this exploit up front.
I'm certain this is even a felony in some legislations, rightfully so.
Agree it's not a good look for these folks, notwithstanding that disclosure is mostly theater.