Differences

This shows you the differences between two versions of the page.

--- software [2008/04/05 14:47]
solar added cross-links to the vendors and infrastructure wiki pages; added a link to the OSVDB vendor database
+++ software [2025/04/01 19:40] (current)
nataliabidart-gmail.com Added Django security contact.
@@ Line 10: / Line 10: @@
   * Apache HTTP Server security pages: http://httpd.apache.org/security_report.html
   * Apache Tomcat security pages: http://tomcat.apache.org/security.html
+===== Asterisk =====
+  * Security contact: <security@asterisk.org>
+  * Issues may also be tracked at http://bugs.digium.com (but please set the bug to "private" until a fix is committed)
+  * Security announcements will be posted at http://www.asterisk.org/security/
+===== ClamAV ====
+  * [[http://bugs.clamav.net/|ClamAV bug tracker]]
+  * RSS-feed for advisories [[http://www.clamav.net/lang/en/feed]]
+  * Contact information [[http://www.clamav.net/lang/en/contacts/]]
 ===== CUPS =====
-  * Security contact: <product-security@apple.com>
+  * Security contact: <security@cups.org>
+===== Django =====
+  * Security contact: <security@djangoproject.com>
+  * [[https://docs.djangoproject.com/en/dev/internals/security/|Django's security policies]]
+===== Drupal ====
+  * [[http://drupal.org/security-team|Contact procedures]]
+  * RSS-feed for advisories split into three feeds [[http://drupal.org/security|Core]], [[http://drupal.org/security/contrib|Contributed projects]], [[http://drupal.org/security/psa|Public Service Announcements]]
+  * Security team information [[http://drupal.org/security-team]]
+===== GNOME =====
+  * Security contact: <security@gnome.org>
 ===== KDE =====
@@ Line 19: / Line 47: @@
   * Security contact: <security@kde.org>
   * Advisories and contact information: http://www.kde.org/info/security/
+===== LibreSSL ====
+  * Security contact: <libressl-security@openbsd.org>
 ===== Linux kernel =====
@@ Line 24: / Line 56: @@
   * Security contact: <security@kernel.org>
 Please refer to Documentation/SecurityBugs in a recent Linux kernel source tree for up-to-date information on how to best report security bugs in the Linux kernel, as well as on the public disclosure policy.
+===== Mantis Bug Tracker =====
+  * Web site: http://mantisbt.org/
+  * Development team contact:   [[mantisbt-dev@lists.sourceforge.net]] (warning: this is a public list, //do not report sensitive security issues here//)
+  * Refer to the [[http://www.mantisbt.org/wiki/doku.php/mantisbt:handling_security_problems|Security issues handling process]] page on the MantisBT wiki for detailed instructions on how to report security issues.
 ===== MIT krb5 =====
@@ Line 29: / Line 68: @@
   * Contact information: http://web.mit.edu/kerberos/contact.html (Security Contact section)
   * Advisories: http://web.mit.edu/kerberos/www/advisories/
+===== MongoDB =====
+  * How to report a vulnerability: http://docs.mongodb.org/manual/tutorial/create-a-vulnerability-report/
+  * Known vulnerabilities: http://www.mongodb.org/about/alerts/#security-related
+===== Moodle =====
+  * Report security issues to http://tracker.moodle.org/ with the security level appropriately (bugs classified as a "Serious  security issue" will only be visible to the security team).
+  * Advisories: http://moodle.org/mod/forum/view.php?id=7128
 ===== Mozilla Foundation =====
@@ Line 34: / Line 82: @@
   * Reports of non-public security issues in Mozilla products may be mailed to <security@mozilla.org>
   * Known vulnerabilities: http://www.mozilla.org/projects/security/known-vulnerabilities.html
+===== OpenLDAP =====
+  * Security bugs should be filed in OpenLDAP Issue Tracking System, which allows ticking "Major Security Issue?" making bug only visible to core team: http://www.openldap.org/its/
+  * Additional contact information: http://www.openldap.org/project/
 ===== OpenSSH =====
@@ Line 52: / Line 105: @@
     * Subscribe: email to <announce-join@openvz.org>
   * Security contact: <security@openvz.org>
+===== Piwik =====
+  * Security contact: <security@piwik.org>
+  * Advisories: http://piwik.org/blog/category/security/
 ===== Samba =====
@@ Line 64: / Line 122: @@
   * Advisories: http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlerts
+===== TYPO3 =====
+  * Security contact: <security@typo3.org>
+  * Advisories: http://typo3.org/teams/security/security-bulletins/
 ===== unzip =====
@@ Line 72: / Line 135: @@
   * Advisories and contact information: http://www.wireshark.org/security/
+===== Xen.org =====
+  * Private security notification list: security (at) xen (dot) org
+  * [[http://wiki.xen.org/wiki/Security_Announcements|Previous security announcements]]
+  * [[http://www.xen.org/projects/security_vulnerability_process.html|Security Problem Response Process]]
 ===== Xine =====
@@ Line 79: / Line 148: @@
 ===== X.Org =====
-  * Security contact: <xorg_security@x.org>
+  * Security contact: <xorg-security@lists.x.org>
   * Updates information: http://wiki.x.org/wiki/Development/Security