Reporting-vulnerabilities

From Driver Backports Wiki
Revision as of 21:40, 4 May 2016 by Mcgrof (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Reporting security vulnerabilities

If you have a security vulnerabilities issue to report and you know it is backports related you can report this directly to the maintainers: 

 * hauke@hauke-m.de, mcgrof@kernel.org, johannes@sipsolutions.net

The report will be handled in private, once the issue is fixed and propagated to users, the security fix will be disclosed and documented. As of date we have had no security vulnerabilities issues reported. Until then this page can be used to track updates on vulnerabilities related to Linux backports. The attack surface to Linux backports consists about 1-2% of code, this varies depending on what kernel you are on. The older kernel you are on the higher the security risk. Security issues on Linux should affect users of Linux backports if the code is carried over into backports, fixes for that are addressed through new release of backports with the corresponding upstream fixes. Security fixes for Linux belong upstream on Linux, not on Linux backports. To learn how to report Linux kernel security issues refer to SecurityBugs documentation.

Retrieved from "https://backports.wiki.kernel.org/index.php?title=Reporting-vulnerabilities&oldid=5083"
Personal tools