On Wed, Feb 14, 2024 at 02:10:07PM +0100, Krzysztof Kozlowski wrote: > On 14/02/2024 09:00, Greg Kroah-Hartman wrote: > > The Linux kernel project now has the ability to assign CVEs to fixed > > issues, so document the process and how individual developers can get a > > CVE if one is not automatically assigned for their fixes. > > > > Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> > > Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > > Signed-off-by: Lee Jones <lee@xxxxxxxxxx> > > --- > > v3: fix up wording in security-bugs.rst based on the changes to the cve > > assignment process from v1, thanks to a private reviewer for > > pointing that out. > > v2: Grammer fixes based on review from Randy > > Updated paragraph about how CVE identifiers will be assigned > > (automatically when added to stable trees, or ask us for one > > directly before that happens if so desired) > > > > Documentation/process/cve.rst | 120 ++++++++++++++++++++++++ > > Documentation/process/index.rst | 1 + > > Documentation/process/security-bugs.rst | 5 +- > > Great direction! Finally all these bugs we are fixing every release > (thus in stable trees) will get proper attention via assigned CVEs. > > Reviewed-by: Krzysztof Kozlowski <krzk@xxxxxxxxxx> Thanks for the review! greg k-h
