It's that time of year when a bunch of CVE BZ tickets get put on the chopping
block due to EOL of a Fedora version. I've started reviewing the CVEs[0] that
fall into this category and have found 119.
We need to evaluate each of these to see if the version in F21+ is still
affected. If they can go EOL then please leave a message that says as much and
a whiteboard entry 'FST_evaluated=EOL_Okay' along with going ahead and owning
the bug 'FST_Owner=<FAS Name>'. If the CVE isn't fixed in F21+ then go
ahead
and bump it up to the highest F version that is affected (probably rawhide).
This is probably a good time to also look at upstream to see in what version
they addressed the vulnerability and noting that information in the ticket.
[0]
https://tinyurl.com/oagoex6
Thanks!
--Eric