Fixing CVEs on Debian: Everything you probably know already

Speaker: Samuel Henrique

Track: Security

Type: Long talk (45 minutes)

Room: Bada

Time: Jul 29 (Mon): 15:30

Duration: 0:45

This talk is aimed at people new to fixing CVEs, but I’m also showing a few examples which could be interesting for experienced developers.

I’ll present an introduction to CVEs, how Debian deals with CVEs, how to avoid mistakes and my recommendations for a better patch backporting process (which allows for better reviews).

A CVE is an identifier for security vulnerabilities, so in other words this is about fixing security issues for Debian.