Skip to content

Security: yast/yast-alternatives

Security

SECURITY.md

Security Bugs

Security related bugs need a special handling because we need to synchronize releasing the security fix for all supported products (openSUSE Leap, openSUSE Tumbleweed, SUSE Linux Enterprise) and make sure that the fix is available for all affected users at the time of publishing the security vulnerability.

Thank you for your cooperation! 👍

Reporting Security Bugs

For reporting security related issues use the Security component in the SUSE Bugzilla, just follow this link.

⚠️ Please DO NOT use any publicly visible places like mailing lists or GitHub issues for reporting or discussing any security related issues!

The security bugs in Bugzilla are only visible for the reporter and the security team. When the security team confirms the issue they will make it visible for the YaST developers.

Sending or Proposing Security Fixes

A similar rule applies to sending or proposing security related fixes: report a security bug in Bugzilla and attach the proposed patch there.

⚠️ Please DO NOT open pull requests with security fixes at GitHub! You should also avoid committing the fix to your fork or anywhere where it can be seen by public.

There aren’t any published security advisories