[arch-security] How to properly report vulnerabilities

Karol Blazewicz karol.blazewicz at gmail.com
Sat Jun 28 12:23:20 EDT 2014


Should I open a bug report saying that e.g. some Arch package has
certain vulnerability, mark the report as critical and wait for
someone to set it as private? How do we deal with such sensitive
information?

I've looked in the wiki, but neither
https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor
https://wiki.archlinux.org/index.php/CVE-2014 has any info on this.


More information about the arch-security mailing list