* ANNOUNCE: all old GSD entries are now processed
@ 2025-12-30 14:17 Greg KH
0 siblings, 0 replies; only message in thread
From: Greg KH @ 2025-12-30 14:17 UTC (permalink / raw)
To: linux-cve-announce
As part of the requirements for becoming a cve.org CNA, we were required
to process all of the previously-allocated GSD entries for Linux and
assign CVE ids where the issue met the rules of cve.org. That required
manual review of over 5900 different git commits (and cross referencing
them to verify they were not already assigned to an existing CVE id.)
That work is now complete, thankfully. So you shouldn't be seeing "huge
numbers" of old CVE ids being allocated by us anymore (i.e. that's where
the majority of the 2021-2023 CVE ids came from).
Odds are we missed a few along the way, so if anyone knows of any older
commits that should be assigned CVE ids, or if we accidentally created
duplicates (many non-kernel.org CNAs were horrible in actually
describing what git id resolved an issue), please let us know and we
will handle it.
thanks,
greg k-h
p.s. Here's the current stats of how the kernel.org CNA has been
processing ids for the first almost-two years of being in business:
Year Reserved Assigned Rejected A+R Returned Total
2019: 0 2 1 3 47 50
2020: 0 17 0 17 33 50
2021: 0 732 24 756 16 772
2022: 0 2123 49 2172 17 2189
2023: 0 1618 57 1675 0 1675
2024: 0 3068 97 3165 6 3171
2025: 73 2421 39 2460 0 2533
Total: 73 9981 267 10248 119 10440
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-12-30 14:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-30 14:17 ANNOUNCE: all old GSD entries are now processed Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.