Reporting security bugs

[Shnatsel .]

Hello everyone!

I have discovered a bug in GStreamer 1.2.x that may present a
denial-of-service vulnerability. I'd like to report it to GStreamer
developers, but bugzilla does not seem to have a "private bug" option,
and I don't think it's wise to disclose it publicly at this time.

What is the preferred way to report security bugs in GStreamer?

Thanks in advance,
--
Sergey "Shnatsel" Davidoff