|
|
This page documents security issues reported to the GNOME security team since we began tracking such issues in November 2020. **This page is public, so it should not contain details of unfixed vulnerabilities beyond the issue URL and date reported.**
|
|
|
This page documents security issues reported to the GNOME security team since we began tracking such issues in November 2020. Issues that are not reported to the security team are not documented here. Most GNOME security issues are initially reported directly to project maintainers, not to the GNOME security team, so it's not possible to be confident that this list of security issues is comprehensive. Beginning with February 2024, we now request that GNOME maintainers report security issues so they can be comprehensively tracked here.
|
|
|
|
|
|
Issues not visible to the public should be assumed to be unresolved. GNOME security issues should be made public after (a) a fix is committed to git, or (b) 90 days after the date reported, whichever comes first.
|
|
|
**This page is public, so it should not contain details of unfixed vulnerabilities beyond the issue URL and date reported.** Issues not visible to the public should be assumed to be unresolved. GNOME security issues should be made public after (a) a fix is committed to git, or (b) 90 days after the date reported, whichever comes first.
|
|
|
|
|
|
This page does not document security issues reported directly to project maintainers. It only documents issues reported to GNOME security. Most GNOME security issues are reported directly to project maintainers, not to the GNOME security team, so we actually do not have any great way to track these. Accordingly, you should assume that most GNOME security issues are not reflected below.
|
|
|
We track vulnerabilities for all software hosted under https://gitlab.gnome.org/GNOME/. Vulnerabilities for software hosted in other namespaces are out of scope.
|
|
|
|
|
|
We track vulnerabilities for software hosted under https://gitlab.gnome.org/GNOME/. Vulnerabilities for software hosted in other namespaces are out of scope.
|
|
|
Generally, the security team will only request CVEs for particularly noteworthy vulnerabilities. Anybody reporting a valid security issue is nevertheless welcome to request a CVE if desired via an appropriate CNA.
|
|
|
|
|
|
We almost never use embargoes. Issues will generally be made public as soon as a fix is committed to the project's git repository.
|
|
|
|
|
|
# 2023
|
|
|
|
... | ... | |