MozillaWiki

Security/Firefox/Security Bug Life Cycle/Security Advisories: Difference between revisions

Page Discussion

Security/Firefox/Security Bug Life Cycle/Security Advisories (view source)

Revision as of 15:27, 24 June 2022

67 bytes removed ,  24 June 2022
→‎Assign CVEs
(typo.)
Line 65: Line 65:
=== Assign CVEs ===
=== Assign CVEs ===


Typically done a day or two before the release, assign CVEs to the bugs in bugzilla, and in the yml file.  TODOXXX - this should be automated. (I'm thinking - assign them using a google apps script that interfaces with the spreadsheet, regenerate the yml and diff across any manual edits.)
Typically done a day or two before the release, assign CVEs to the bugs in bugzilla, and in the yml file.  This can be automated with this script: https://github.com/tomrittervg/secadv/blob/master/cve_assignment_script.txt


A noteworthy item is that issues that already have had a CVE assigned - for example because it's an upstream bug - should get a '''feed: false''' in the advisory, after reporter.
A noteworthy item is that issues that already have had a CVE assigned - for example because it's an upstream bug - should get a '''feed: false''' in the advisory, after reporter.
Tritter
124

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1243118"