- Only security bugs with CVE's are tracked? What if we spot something that has no CVE?
If it's something that is already public (for example some description of the flaw exists outside of bugzilla and it's obvious it's a security issue) then we can alert Mitre and they'll assign a name within a day or two.
If it's something that's not particularly public (for example someone reports an issue but not obvious it has security consequences) then I am a Candidate Naming Authority for CVE and can allocate a name to Fedora.
Thanks, Mark -- Mark J Cox / Red Hat Security Response Team -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
