Fedora Security Team 90-Day Challenge to clean up vulnerabilities… an update
At the beginning of April, the Fedora Security Team (FST) started on a journey to close all critical and important CVEs in Fedora and EPEL that had originated in 2014 and before. Now that we’re two-thirds the way through I figured it would be a good time to see what we’ve accomplished so far.
Of the 38 CVEs (37 important and 1 critical) we originally identified: 14 have been closed, 1 is currently on QA, and 23 remain open. The 14 closed CVEs represent around a third of all the identified CVEs. So, not bad but also not great; there is still work to be done.
If you want to help get some of these CVEs cleaned up here’s a list of the target packages. We need to make sure that upstream has fixed the problem and that the packagers are pushing these fixes into the repos.
I hope to come back to you at the end of the month with a report on how all of the CVEs were fixed and who helped fix them!