Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 7 Feb 2024 13:41:49 -0500
From: Carlos O'Donell <>
Subject: The GNU C Library has been authorized by the CVE Program as a CVE
 Numbering Authority (CNA)

The GNU C Library (glibc) is a key part of the trusted foundation
in a secure and high-quality software supply chain and is used
by the GNU Toolchain, the GNU system, and many of the GNU/Linux
systems today.

In an ongoing effort to improve security, the project has been
authorized by the CVE Program as a CVE Numbering Authority (CNA):

As a CNA the glibc security team will be working to improve the
quality and response time of security advisories and mitigations.

Over the coming months, the glibc security team will define the
process for the CNA and establish best practices that can also
be used by the rest of the GNU Toolchain.

To receive notifications of new advisories please subscribe to the
glibc announcement mailing list (libc-announce):

Advisories are published directly into the glibc git repository:;a=tree;f=advisories;hb=HEAD

For more information please see the project security documentation:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.