oss-security - Re: CVEs issued by the Linux kernel CNA

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 21 Feb 2024 11:49:31 +0100
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVEs issued by the Linux kernel CNA

Hi,

On Tue, Feb 20, 2024 at 03:30:28PM -0800, Alan Coopersmith wrote:
> As recently announced [1], kernel.org is now a CNA for the Linux kernel, and
> today issued its first 8 CVEs, as seen in the archives of their mailing list
> at https://lore.kernel.org/linux-cve-announce/ .
> 
> Their documentation [2] warns that we should expect a "seemingly large number
> of CVEs that are issued by the Linux kernel team".
> 
> Since there's already an archived mailing list covering the CVE assignments,
> I don't think it makes sense to mirror that large amount of traffic here, but
> to only bring to oss-security those that are especially interesting or useful
> to discuss further.  What do others think?
> 
> [1] http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
> [2] https://docs.kernel.org/process/cve.html

I would not mirror it here as they have their list already.

Ciao, Marcus

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.