The GNU C Library has been authorized by the CVE Program as a CVE Numbering Authority (CNA)
Carlos O'Donell
carlos@redhat.com
Wed Feb 7 18:41:45 GMT 2024
The GNU C Library (glibc) is a key part of the trusted foundation
in a secure and high-quality software supply chain and is used
by the GNU Toolchain, the GNU system, and many of the GNU/Linux
systems today.
In an ongoing effort to improve security, the project has been
authorized by the CVE Program as a CVE Numbering Authority (CNA):
https://www.cve.org/Media/News/item/news/2024/02/06/GNU-C-Library-Added-as-CNA
As a CNA the glibc security team will be working to improve the
quality and response time of security advisories and mitigations.
Over the coming months, the glibc security team will define the
process for the CNA and establish best practices that can also
be used by the rest of the GNU Toolchain.
To receive notifications of new advisories please subscribe to the
glibc announcement mailing list (libc-announce):
https://sourceware.org/mailman/listinfo/libc-announce
Advisories are published directly into the glibc git repository:
https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD
For more information please see the project security documentation:
https://sourceware.org/glibc/security.html
More information about the Libc-announce
mailing list