It is recommended to send the report to security@gluwa.com (and obviously not to discuss the issue anywhere else).
Examples for details to include:
- Ideally a short description (or a script) to demonstrate an exploit.
- The affected platforms and scenarios (the vulnerability might only affect setups with case-sensitive file systems, for example).
- The name and affiliation of the security researchers who are involved in the discovery, if any.
- Whether the vulnerability has already been disclosed.
- How long an embargo would be required to be safe.