+Bugs

+====

+

+Report **any bugs** you **think** you **may** have found because you are

+working with the **latest and greatest drivers**! If your bug is

+backport compatibility-related then we should still try to fix it within

+the compatibility layer. If you are not sure you can let us help you.

+**To date we have only have identified 2 backport related bugs**, all

+other reported bugs were **real bugs** in **actual upstream** code!

+

+We are working on a bugzilla entry for compat / compat-drivers, until

+then please report all bugs you think you my have found to the

+:doc:`backports mailing list <mailing_list>` and if you know what subsystem

+you think the bug belongs to Cc: the respective mailing list. Remember

+that chances are **high** that the bug is not a backport bug but instead

+a real upstream bug that **must** be fixed.

+

+What mailing lists to report bugs to

+------------------------------------

+

+Always use: **backports@vger.kernel.org** and then use one of the

+following mailing lists depending on the subsystem from where your

+driver belongs:

+

+- bluetooth: linux-bluetooth@vger.kernel.org

+- wireless: linux-wireless@vger.kernel.org

+- ethernet: netdev@vger.kernel.org

+

+Reporting security vulnerabilities

+----------------------------------

+

+If you have a security vulnerabilities issue to report and you know it

+is backports related you can report this directly to the maintainers:

+

+- hauke@hauke-m.de

+- mcgrof@kernel.org

+- johannes@sipsolutions.net

+

+The report will be handled in private, once the issue is fixed and

+propagated to users, the security fix will be disclosed and documented.

+As of date we have had no security vulnerabilities issues reported.

+Until then this page can be used to track updates on vulnerabilities

+related to Linux backports. The attack surface to Linux backports

+consists about 1-2% of code, this varies depending on what kernel you

+are on. The older kernel you are on the higher the security risk.

+Security issues on Linux should affect users of Linux backports if the

+code is carried over into backports, fixes for that are addressed

+through new release of backports with the corresponding upstream fixes.

+Security fixes for Linux belong upstream on Linux, not on Linux

+backports. To learn how to report Linux kernel security issues refer to

+`SecurityBugs documentation

+<https://www.kernel.org/doc/Documentation/SecurityBugs>`__.

+

+Bugzilla

+--------

+

+The Linux kernel bugzilla has an entry for backport bugs.

+

+Reporting new backport bugs

+~~~~~~~~~~~~~~~~~~~~~~~~~~~

+

+To record a new bug:

+

+#. access the `Backports project <https://bugzilla.kernel.org/enter_bug.cgi?product=Backports%20project>`__ section of Bugzilla

+#. select the *backports* component (it is the only component available)

+

+Viewing bugs by status

+----------------------

+

+- [https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=Backports+project&content=. View open bugs]

+- [https://bugzilla.kernel.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__closed__&product=Backports+project&content=. View closed bugs]