From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B5FFF15E97 for ; Tue, 30 Dec 2025 14:17:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767104279; cv=none; b=BHj+zYMnnCqNIYneIF+mkrcVE32VuwAWOfwPs4ig2CRuZ/deUA8xIhSdxJKO9wdreF39+vO78UY1NcyxWP/ZdSvVFzUqBtwc+nko6e5E/tO1PqVNxgXVwYyb7uYi0vpO2219UlebU9N83c4aYU15RuXW+uJA7OCeCZn3Pdsncv0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767104279; c=relaxed/simple; bh=vkrlYexZIYqgIMBPtwoKrbdz46NBNWiosLHdzYYfNtU=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=P+WitBQqtG2BgMlDKMwHOteBB+R4SoRa5s7dWaER5jURAgesFivEJn4rGFXQFuCC3Jn9BofHlIvRFlfYB8m+x2NNhuErS1EoOP9geU7wUF8VFUY+gNqppbpPhvDFjYZ+nvpVSgfgZ47FageuIhJnz8bBa9pSvEbH2srwPjxI9H8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=SdeabufO; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="SdeabufO" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D6FD1C116C6; Tue, 30 Dec 2025 14:17:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1767104278; bh=vkrlYexZIYqgIMBPtwoKrbdz46NBNWiosLHdzYYfNtU=; h=Date:From:To:Subject:From; b=SdeabufOUexAo8RaQgLDPUz4aFvEsVx7gPG9dnYeUkL6iW1k17bEMe0qQvr0WfTRV stcxX2BiEz2NJKmkrjj6cGyeGSzOdZv5c3kiNyU7B2LoWD+CUJhGyJ5Ze+ubWhlgSu myQX8oqglaxzqkKHT2LIjITYKXwl26LXXDt8FfLQ= Date: Tue, 30 Dec 2025 15:17:55 +0100 From: Greg KH To: linux-cve-announce@vger.kernel.org Subject: ANNOUNCE: all old GSD entries are now processed Message-ID: <2025123055-directory-hemlock-a282@gregkh> Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline As part of the requirements for becoming a cve.org CNA, we were required to process all of the previously-allocated GSD entries for Linux and assign CVE ids where the issue met the rules of cve.org. That required manual review of over 5900 different git commits (and cross referencing them to verify they were not already assigned to an existing CVE id.) That work is now complete, thankfully. So you shouldn't be seeing "huge numbers" of old CVE ids being allocated by us anymore (i.e. that's where the majority of the 2021-2023 CVE ids came from). Odds are we missed a few along the way, so if anyone knows of any older commits that should be assigned CVE ids, or if we accidentally created duplicates (many non-kernel.org CNAs were horrible in actually describing what git id resolved an issue), please let us know and we will handle it. thanks, greg k-h p.s. Here's the current stats of how the kernel.org CNA has been processing ids for the first almost-two years of being in business: Year Reserved Assigned Rejected A+R Returned Total 2019: 0 2 1 3 47 50 2020: 0 17 0 17 33 50 2021: 0 732 24 756 16 772 2022: 0 2123 49 2172 17 2189 2023: 0 1618 57 1675 0 1675 2024: 0 3068 97 3165 6 3171 2025: 73 2421 39 2460 0 2533 Total: 73 9981 267 10248 119 10440