| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025123055-directory-hemlock-a282@gregkh> Date: Tue, 30 Dec 2025 15:17:55 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Subject: ANNOUNCE: all old GSD entries are now processed As part of the requirements for becoming a cve.org CNA, we were required to process all of the previously-allocated GSD entries for Linux and assign CVE ids where the issue met the rules of cve.org. That required manual review of over 5900 different git commits (and cross referencing them to verify they were not already assigned to an existing CVE id.) That work is now complete, thankfully. So you shouldn't be seeing "huge numbers" of old CVE ids being allocated by us anymore (i.e. that's where the majority of the 2021-2023 CVE ids came from). Odds are we missed a few along the way, so if anyone knows of any older commits that should be assigned CVE ids, or if we accidentally created duplicates (many non-kernel.org CNAs were horrible in actually describing what git id resolved an issue), please let us know and we will handle it. thanks, greg k-h p.s. Here's the current stats of how the kernel.org CNA has been processing ids for the first almost-two years of being in business: Year Reserved Assigned Rejected A+R Returned Total 2019: 0 2 1 3 47 50 2020: 0 17 0 17 33 50 2021: 0 732 24 756 16 772 2022: 0 2123 49 2172 17 2189 2023: 0 1618 57 1675 0 1675 2024: 0 3068 97 3165 6 3171 2025: 73 2421 39 2460 0 2533 Total: 73 9981 267 10248 119 10440
Powered by blists - more mailing lists