Synchronization CVEs

From Yocto Project
Revision as of 17:44, 25 September 2023 by Marta Rybczynska (talk | contribs) (Initial version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

(WIP) Synchronization on the CVE work

The Yocto project is actively fixing public CVEs. This page describes the process to follow to allow synchronization between developers. The goal is to avoid duplicate work, and also limit the number of high severity CVEs that remain without a backport of the fix.

Regular cve-check runs

The project runs cve-check regularly on the Poky repository with a world build. This allows the generation of an up-to-date state of the known CVEs.

Synchronization page

A synchronization wiki page is available for everyone working on CVE fixes.

WIP

To cover:

  • Who updates the page?
  • What happens when a fix is posted on the ML?
  • How do we handle different LTS versions
Retrieved from "https://wiki.yoctoproject.org/wiki/index.php?title=Synchronization_CVEs&oldid=85936"