Addressing Security flaws in packages is important to any distribution and Fedora is no exception. Large number of packages and multiple packages per maintainer adds to the overall problem. This document describes steps which Fedora Package Maintainers can take to resolve security bugs open against their packages.
Fedora Security flaws
Fedora Security bugs are filed by the Red Hat Product Security Team. They are often referred to as fedora trackers, since they do not contain any actual flaw information, rather they product bugs, which allow maintainers to link to their commits and bodhi updates. For example consider bug 1455050, this is a fedora tracker which links to the actual security bug.
All information including description of the flaw, possible patches, upstream bug links and public reproducers if any, are available in the security bug.