From Fedora Project Wiki

(Added additional IRC channel)
(Redirect to new Security SIG; remove obsoleted information about old Security Team)
Tag: Redirect target changed
 
(60 intermediate revisions by 10 users not shown)
Line 1: Line 1:
The Fedora Security Team's mission is to help get security fixes into Fedora's repositories as soon as possible to help protect the end users.
#REDIRECT [[SIGs/Security]]
 
{|width=100%
! width=20% | IRC Channel
| {{fpchat|#fedora-security-team}} <BR>
| {{fpchat|#fedora-security}}
|-
! Mailing List
| {{fplist|security-team}} - Security Team mailing list <BR> {{fplist|security}} - General security mailing list (good for questions)
|-
! Meetings
| TBD
<!--| Weekly at {{fpchat|#fedora-meeting}}<BR>[[Security_Team_meetings|Meeting Time]]<BR>[[Security_Team_meetings#Agenda_for_Next_Meeting|Next Meeting Agenda]] -->
|-
! Current issues
| [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=2661454&priority=urgent&query_format=advanced Critical Vulnerabilities] <BR> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=2661457&priority=high&query_format=advanced Important Vulnerabilities] <BR> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=2661461&priority=medium&query_format=advanced Moderate Vulnerabilities] <BR> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=2661462&priority=low&query_format=advanced Low Vulnerabilities] <BR> [https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&keywords=SecurityTracking%2C%20&keywords_type=allwords&list_id=2661465&priority=unspecified&query_format=advanced Unknown Vulnerabilities]
|}
 
== How ==
Red Hat Product Security opens bugs in response to [https://cve.mitre.org/ CVEs] that get reported by MITRE.  A CVE bug is opened along with any tracker bugs that are opened against the individual packages.  The tracking bug notifies the package owner of the vulnerability.  Generally speaking, the package owner should follow up with upstream to obtain a patch or the fixed source to push out to the repositories.
 
The problem is that many package owners either don't have time or they don't understand the need of the tracking bug.  That's where the Security Team comes in to help.  We work with upstream to obtain the fixes and then provide them to the packagers via the tracking bug.  We also work with packagers to help them get these fixes into the repositories.
 
[[Category:Security]]

Latest revision as of 12:16, 4 September 2024

Redirect to: