[arch-security] How to properly report vulnerabilities

Allan McRae allan at archlinux.org
Sat Jun 28 17:35:40 EDT 2014

On 29/06/14 02:23, Karol Blazewicz wrote:
> Should I open a bug report saying that e.g. some Arch package has
> certain vulnerability, mark the report as critical and wait for
> someone to set it as private? How do we deal with such sensitive
> information?
> I've looked in the wiki, but neither
> https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor
> https://wiki.archlinux.org/index.php/CVE-2014 has any info on this.

If you have a private bug to report, then use security at archlinux.org.
If the bug is public, just file a bug report.


More information about the arch-security mailing list