https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&feed=atom&action=history
Security Tracking Bugs - Revision history
2024-03-28T19:11:03Z
Revision history for this page on the wiki
MediaWiki 1.39.4
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=630825&oldid=prev
Bytehackr at 16:58, 16 November 2021
2021-11-16T16:58:55Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:58, 16 November 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l34">Line 34:</td>
<td colspan="2" class="diff-lineno">Line 34:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* It is assigned to the owner of the component</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* It is assigned to the owner of the component</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Applicable CVEs are prefixed to the Summary description</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Applicable CVEs are prefixed to the Summary description</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Applicable affected versions are appended to the Summary description (such as "[fedora-all]" or "[epel-<del style="font-weight: bold; text-decoration: none;">6</del>]")</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Applicable affected versions are appended to the Summary description (such as "[fedora-all]" or "[epel-<ins style="font-weight: bold; text-decoration: none;">8</ins>]")</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The "Security" and "SecurityTracking" keywords are set</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The "Security" and "SecurityTracking" keywords are set</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The initial description and comment(s) of the bug don't describe the flaw(s) but refer the assignee to the parent bug for details/patches/etc, but do indicate how to correct the flaw via established process (either a filled-out template to use with "fedpkg update" or a link to use with Bodhi).</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The initial description and comment(s) of the bug don't describe the flaw(s) but refer the assignee to the parent bug for details/patches/etc, but do indicate how to correct the flaw via established process (either a filled-out template to use with "fedpkg update" or a link to use with Bodhi).</div></td></tr>
</table>
Bytehackr
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=627068&oldid=prev
Oturpe: Redirect Package Maintainer wiki links to docs.fp.o
2021-10-07T17:07:04Z
<p>Redirect Package Maintainer wiki links to docs.fp.o</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 17:07, 7 October 2021</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l46">Line 46:</td>
<td colspan="2" class="diff-lineno">Line 46:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs via fedpkg ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs via fedpkg ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The maintainer commits the fixes and builds packages and then submits the update to Bodhi according to [<del style="font-weight: bold; text-decoration: none;">[Package_update_HOWTO|</del>the update submission guide<del style="font-weight: bold; text-decoration: none;">]</del>].</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The maintainer commits the fixes and builds packages and then submits the update to Bodhi according to [<ins style="font-weight: bold; text-decoration: none;">https://docs.fedoraproject.org/en-US/package-maintainers/Package_Update_Guide/ </ins>the update submission guide].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Note: The comments in the tracking bug (only since July 2014) provide a template that can be used (cut-n-paste) for the "fedpkg update" process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Note: The comments in the tracking bug (only since July 2014) provide a template that can be used (cut-n-paste) for the "fedpkg update" process.</div></td></tr>
</table>
Oturpe
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=388805&oldid=prev
Adamwill: update update link
2014-09-25T13:36:23Z
<p>update update link</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:36, 25 September 2014</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l46">Line 46:</td>
<td colspan="2" class="diff-lineno">Line 46:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs via fedpkg ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs via fedpkg ==</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The maintainer commits the fixes and builds packages and then submits the update to Bodhi <del style="font-weight: bold; text-decoration: none;">via </del>[[Package_update_HOWTO<del style="font-weight: bold; text-decoration: none;">#Submit_your_update_to_Bodhi</del>]].</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The maintainer commits the fixes and builds packages and then submits the update to Bodhi <ins style="font-weight: bold; text-decoration: none;">according to </ins>[[Package_update_HOWTO<ins style="font-weight: bold; text-decoration: none;">|the update submission guide</ins>]].</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Note: The comments in the tracking bug (only since July 2014) provide a template that can be used (cut-n-paste) for the "fedpkg update" process.</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>Note: The comments in the tracking bug (only since July 2014) provide a template that can be used (cut-n-paste) for the "fedpkg update" process.</div></td></tr>
</table>
Adamwill
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=382430&oldid=prev
Vdanen: make this reflect 2014 reality
2014-07-18T16:49:17Z
<p>make this reflect 2014 reality</p>
<a href="https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=382430&oldid=328012">Show changes</a>
Vdanen
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=328012&oldid=prev
Sparks: Sparks moved page Security/TrackingBugs to Security Tracking Bugs: Un-nestng
2013-03-26T15:06:41Z
<p>Sparks moved page <a href="/wiki/Security/TrackingBugs" class="mw-redirect" title="Security/TrackingBugs">Security/TrackingBugs</a> to <a href="/wiki/Security_Tracking_Bugs" title="Security Tracking Bugs">Security Tracking Bugs</a>: Un-nestng</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 15:06, 26 March 2013</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Sparks
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=85601&oldid=prev
Slankes: /* Tracking Bugs */
2009-03-03T22:05:57Z
<p><span dir="auto"><span class="autocomment">Tracking Bugs</span></span></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 22:05, 3 March 2009</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l16">Line 16:</td>
<td colspan="2" class="diff-lineno">Line 16:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Tracking Bugs ===</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>=== Tracking Bugs ===</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>As the bug obviously affects ''yoyodine'' package, he triages it and <del style="font-weight: bold; text-decoration: none;">founds </del>that it affects all supported Fedora releases, and also EPEL. He creates appropriate tracking bugs (with a script). Later it is found out that the vulnerable code is reused in ''foobar'' package that is present in EPEL5 (common situation with ''xpdf'' code). He adds appropriate tracking bug.</div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>As the bug obviously affects ''yoyodine'' package, he triages it and <ins style="font-weight: bold; text-decoration: none;">finds </ins>that it affects all supported Fedora releases, and also EPEL. He creates appropriate tracking bugs (with a script). Later it is found out that the vulnerable code is reused in ''foobar'' package that is present in EPEL5 (common situation with ''xpdf'' code). He adds appropriate tracking bug.</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Tracking bug belongs to ''Fedora Project Contributors'' group</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* Tracking bug belongs to ''Fedora Project Contributors'' group</div></td></tr>
</table>
Slankes
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=38932&oldid=prev
Fab at 08:10, 11 July 2008
2008-07-11T08:10:20Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 08:10, 11 July 2008</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Using Tracking Bugs =</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Using Tracking Bugs =</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2" class="diff-side-added"></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs in Bugzilla ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Handling tracking bugs in Bugzilla ==</div></td></tr>
<tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l70">Line 70:</td>
<td colspan="2" class="diff-lineno">Line 68:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=284511</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=284511</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div></pre></div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">----</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div> </div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Security]]</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>[[Category:Security]]</div></td></tr>
</table>
Fab
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=6511&oldid=prev
Ravidiip: 1 revision(s)
2008-05-24T16:28:46Z
<p>1 revision(s)</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<tr class="diff-title" lang="en">
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="1" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 16:28, 24 May 2008</td>
</tr><tr><td colspan="2" class="diff-notice" lang="en"><div class="mw-diff-empty">(No difference)</div>
</td></tr></table>
Ravidiip
https://fedoraproject.org/w/index.php?title=Security_Tracking_Bugs&diff=6510&oldid=prev
fp-wiki>ImportUser: Imported from MoinMoin
2008-05-24T14:13:02Z
<p>Imported from MoinMoin</p>
<p><b>New page</b></p><div>= Using Tracking Bugs =<br />
<br />
<br />
<br />
== Handling tracking bugs in Bugzilla ==<br />
<br />
=== Parent Bug ===<br />
<br />
Let's imagine a situation where a security flaw was found in ''yoyodine'' package. A member of Fedora Security Response team enters it in bugzilla under Security Response Team. Then he requests a [http://cve.mitre.org/ CVE] identifier for the issue. As he found the mention of the bug while reading a public mailing list, he creates a public bug. When he gets the CVE for the bug, he adds it to the begining of the Summary line and sets an appropriate alias=CVE number.<br />
<br />
* Parent bug is entered in the ''Security Response'' product<br />
* Parent bug's subject begins with the ''CVE''<br />
* Parent bug is ''publicly viewable''<br />
* Parent bug has an alias=''CVE''<br />
* Parent bug is assigned to the ''Fedora Security Response'' team<br />
* Parent bug has a Security keyword set<br />
<br />
=== Tracking Bugs ===<br />
<br />
As the bug obviously affects ''yoyodine'' package, he triages it and founds that it affects all supported Fedora releases, and also EPEL. He creates appropriate tracking bugs (with a script). Later it is found out that the vulnerable code is reused in ''foobar'' package that is present in EPEL5 (common situation with ''xpdf'' code). He adds appropriate tracking bug.<br />
<br />
* Tracking bug belongs to ''Fedora Project Contributors'' group<br />
* Tracking bug is depended on by the ''Parent bug''<br />
* Tracking bug is entered into respective Product/Component/Version where the flaw needs to be addresed<br />
* Tracking bug is assigned to the developer<br />
* The description of the tracking bug doesn't contain information about the flaw, but rather refers to the Parent bug and describes how to handle the flaw<br />
* Tracking bug has a Security keyword set<br />
<br />
The situation then looks like this:<br />
<pre><br />
(public, alias=CVE-2007-9999)<br />
|- #222222: CVE-2007-4631 Yoyodine stack overflow via a long do_nothing() argument [FC7] <br />
| (group Fedora Project Contributors, component=yoyodine)<br />
|- #333333: CVE-2007-4631 Yoyodine stack overflow via a long do_nothing() argument [F8] <br />
| (group Fedora Project Contributors, component=yoyodine)<br />
|- #444444: CVE-2007-4631 Yoyodine stack overflow via a long do_nothing() argument [EPEL5] <br />
| (group Fedora Project Contributors, component=foobar)<br />
</pre><br />
<br />
== Handling tracking bugs in Bodhi ==<br />
<br />
=== The procedure ===<br />
<br />
The maintainer commits the fixes, builds packages and creates an update request. He refers to both parent bug and tracking bug. Bodhi is able to identify that the bug is a tracking bug and doesn't include it in the new package announce mail. Bodhi closes the tracking bug, and in case all other bugs that Parent depends on it also closes the Parent. To keep track, Bodhi adds comments to both Parent and Tracking bug.<br />
<br />
=== Proposed changes to Bodhi ===<br />
'''These proposed changes have been implemented. -lmacken'''<br />
<br />
This might include things that are already implemented in Bodhi that I am not aware of.<br />
* Bodhi shouldn't include the bug belonging to ''Fedora Project Contributors'' in the mail (Note: Wouldn't it be better to identify a tracking bug with a dedicated keyword rather than group membership?)<br />
* Bodhi should close the bug only in case all bugs it depends on are closed and it is not in NEW state<br />
* There is no need to refer to CVE from Bodhi, security bugzillas allways refer to CVE themselves<br />
* Bodhi should include the Summary of the bugzillas rather than just the number, so that reference to CVE is visible in the mail<br />
* Bodhi should add comments to the bugs when the update is created, and pushed to testing, not just when it gets live. (This would save the SRT from unnecessary pings to developers and keep users updated)<br />
<br />
This would change the ''References'' section in update announce mails from:<br />
<pre><br />
References:<br />
<br />
[ 1 ] Bug #284511<br />
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=284511<br />
[ 2 ] CVE-2007-4727<br />
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4727<br />
</pre><br />
to:<br />
<pre><br />
References:<br />
<br />
[ 1 ] CVE-2007-4727 FastCGI header overrun in lighttpd's mod_fastcgi<br />
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=284511<br />
</pre><br />
----<br />
[[Category:Security]]</div>
fp-wiki>ImportUser