Thank you for helping keep YT6801 Auto Installer and its users safe.
This project tracks a single active line. Only the latest release on the
main branch receives fixes. If you are running an older version, please
upgrade before reporting an issue.
| Version | Supported |
|---|---|
Latest main |
Yes |
| Older tags | No |
Please do not open a public GitHub issue for security problems.
Instead, report the issue privately using GitHub's private vulnerability reporting feature on this repository:
- Go to the Security tab of this repository.
- Click Report a vulnerability.
- Fill out the form with a clear description, reproduction steps, and the impact you observed.
If you are unable to use private vulnerability reporting, you may contact the maintainer @finallyjay directly on GitHub and request a private channel.
A good report contains:
- The affected file, script, or systemd unit
- The distribution and kernel version you reproduced on
- Exact steps to reproduce
- The observed impact (e.g., privilege escalation, persistence, data exposure)
- Any logs from
/opt/yt6801-auto-installer/install_yt6801.logorjournalctl -u yt6801-reinstall.servicethat help confirm the issue
- Acknowledgement: within 7 days of receiving your report.
- Triage: the maintainer will investigate, confirm the impact, and agree on a fix timeline with you.
- Fix and disclosure: once a fix is available, a release will be published and the advisory will be made public, crediting the reporter unless they prefer to remain anonymous.
In scope:
- The shell scripts in this repository (
setup.sh,uninstall.sh,install_yt6801_if_needed.sh,check_yt6801_and_reboot.sh) - The systemd unit (
yt6801-reinstall.service) - The packaging of the
.debdriver file shipped underdeb/
Out of scope:
- Vulnerabilities in the upstream Motorcomm/Tuxedo YT6801 driver itself — please report those to the driver vendor.
- Issues that require an attacker to already have root on the target machine.
Thank you for practicing responsible disclosure.