- Only security bugs with CVE's are tracked? What if we spot
something
that has no CVE?
If it's something that is already public (for example some description of
the flaw exists outside of bugzilla and it's obvious it's a security
issue) then we can alert Mitre and they'll assign a name within a day or
two.
If it's something that's not particularly public (for example someone
reports an issue but not obvious it has security consequences) then I am a
Candidate Naming Authority for CVE and can allocate a name to Fedora.
Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team