From patchwork Wed Feb  7 12:43:38 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Siddhesh Poyarekar <siddhesh@gotplt.org>
X-Patchwork-Id: 85402
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 18DC63858024
	for <patchwork@sourceware.org>; Wed,  7 Feb 2024 12:46:04 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from snail.cherry.relay.mailchannels.net
 (snail.cherry.relay.mailchannels.net [23.83.223.170])
 by sourceware.org (Postfix) with ESMTPS id BE066385800C
 for <libc-alpha@sourceware.org>; Wed,  7 Feb 2024 12:43:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BE066385800C
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BE066385800C
Authentication-Results: server2.sourceware.org;
 arc=pass smtp.remote-ip=23.83.223.170
ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1707309839; cv=pass;
 b=n4LYRuB/5+e75qIHwP3sT98ZoNVuW5tfs06FVzQl5lrroZTlp8Q1s58PrJKaP5hfUsb1sqzG6T6WBKXo3zEfC/PUyejwkNFvdNlzE9gIyBw21Y+UpoXlGHhCzlOsQ9ZEAp6dDbQ9ElJ/C0906KfyOA5+4LH5d3UWN8bcJEjNaS0=
ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key;
 t=1707309839; c=relaxed/simple;
 bh=MMdzrPZDTAXGWM/p6kX8bMT0XBO7/0bPlkGfw9fkyIM=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=NfjOgNPMoudxrzlmOzM2vYzJs2D099F5xJ2sxXR9Zse3/CzHwzkIwfdpDBC8vyK8e25UkTd8Bk/f3L8lz5JFzCcwmATJiIZ4BBPsifFIM/7XGQUe5DZuLJ4qZuVrD/LUliZwWlmvoMGKHOlu5ni5yvddpAs/HWNOuBVFUIay9L8=
ARC-Authentication-Results: i=2; server2.sourceware.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id B8B9A502A75;
 Wed,  7 Feb 2024 12:43:55 +0000 (UTC)
Received: from pdx1-sub0-mail-a253.dreamhost.com (unknown [127.0.0.6])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 65B74501E75;
 Wed,  7 Feb 2024 12:43:55 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1707309835; a=rsa-sha256;
 cv=none;
 b=6xP0cbWgl6LIb31a0waGmnjbLVu1YtXjziZK48O2hMfBy05CEn/LWGXgqADQV5GPa957hd
 rPR4G2qO94oH2r4TxdWfkHKoRLkq1M+ZB6L2exeqdpWjeSh4jJxa0doryaOl0xMkmBvPWu
 a5nmI5wkPvmWW0HLQdcHF4bFNtbfo3qOsSzlmF1TIRbDYTE1NwLmKW3e/c5zBDUNpK2aLe
 74QdyegTR4kIxMRQ8KRdjUyWQ2yVi2PtGvTkcFiOxhgL2BBtrWdPxYP7W2Prh7fFg/POir
 ju3+STncIC1aOUcTDuXzqzUtvAFDlkXp6+2HDfjY+15qL/rpPOzcfXwWkGWOCQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net; s=arc-2022; t=1707309835;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:dkim-signature;
 bh=tomnbA/iXyfB9TrmIWGGZWC5oS9J9WsrpMiQZbxne3o=;
 b=aB/oizBbU6Om4TbtiK33BbtfNwEyLVwiK2eS03FOw4ZC7gKbBv4PyNVAjVcYCA13S/zRw2
 CkCBIcKhQ8mQEMdkpXu1xBSVesIE2bsmDsNmuEQFlIcT18ItrkW3PFhaIfwf46gc+i/OTo
 vpTxxEVigHsiiZjayGapuwJ2McnZsadHUSG9oreLmu0+XdWwXr7HskMLoq4Ts5xJoAZri2
 bTuJ0hQ4WoKHeXUHARi8n6ox8PUPczNLc2X9w6Ze6lJ8zcueWRYV7TX+ANOX7HPy51oPvx
 QgEwb5TM/eDcq7ZHFtTiryfQBsP8EGLpwviiZDfSL1t6suT6Nk+BTdDMd432cQ==
ARC-Authentication-Results: i=1; rspamd-6bdc45795d-24n7r;
 auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Blushing-Abortive: 22ac53de0bf9faec_1707309835652_2480179880
X-MC-Loop-Signature: 1707309835652:425084411
X-MC-Ingress-Time: 1707309835652
Received: from pdx1-sub0-mail-a253.dreamhost.com (pop.dreamhost.com
 [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
 by 100.97.70.239 (trex/6.9.2); Wed, 07 Feb 2024 12:43:55 +0000
Received: from fedora.redhat.com (unknown [76.68.24.30])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 (Authenticated sender: siddhesh@gotplt.org)
 by pdx1-sub0-mail-a253.dreamhost.com (Postfix) with ESMTPSA id 4TVKYQ6nq1z2v;
 Wed,  7 Feb 2024 04:43:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
 s=dreamhost; t=1707309835;
 bh=tomnbA/iXyfB9TrmIWGGZWC5oS9J9WsrpMiQZbxne3o=;
 h=From:To:Cc:Subject:Date:Content-Transfer-Encoding;
 b=a4fbe0ARjDUFJ/leilRWb1GpmStI6BsTvZ4PCOBb2xBB1b+6NOA60iRIF3qaSCEdK
 1RmUkSfUOutjjLdhpqo+RmfzdvSHSI/NM6DZtbjxxJv0FBf+63d1B2l5ctDArPEe8f
 3j/OxhnF5g7cZNHEp5bJxGXMqUBSMlSuUcFLZLtNBd5rH5RjwqS9R25Y5iN//IO55+
 rw85wYXp2bFNjxJP8ro/3TrRDGo3cbjYNlvmxwpYEpiTQkSZXW6f35r/WmZ7gtbNmY
 BLA1zNiJhsp/oWjpoPB4IMKpnnGEeqwuaNtr1EUpX++NPlBxfmpambJ24DHc2m+gY5
 2jBUwVKmj1q1g==
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: libc-alpha@sourceware.org
Cc: carlos@redhat.com,
	adhemerval.zanella@linaro.org
Subject: [PATCH htdocs] glibc is now a CNA
Date: Wed,  7 Feb 2024 07:43:38 -0500
Message-ID: <20240207124338.1400513-1-siddhesh@gotplt.org>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Spam-Status: No, score=-3036.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_PASS, TXREP, T_FILL_THIS_FORM_SHORT,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org

Drop the line about glibc not being a CNA and link to the CVE page about
us.

https://www.cve.org/Media/News/item/news/2024/02/06/GNU-C-Library-Added-as-CNA

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
---
 security.html | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/security.html b/security.html
index 2b73211..7b044c2 100644
--- a/security.html
+++ b/security.html
@@ -126,13 +126,13 @@ directory on the master branch of the glibc git repository.
 <h2>CVE management</h2>
 
 <p>
-glibc does not yet have a CVE Numbering Authority (CNA), but this may
-change in the future.  For glibc CVEs you may contact the security team
-for help with any updates you'd like to make. This would
-include updates to the contents of a CVE advisory or requests to update,
-dispute or reject a CVE.  For CNA related requests please use the mailing
-list to contact the security team members, and not their private email
-addresses.
+For CVEs assigned by the
+<a href="https://www.cve.org/PartnerInformation/ListofPartners/partner/glibc">glibc CVE Numbering Authority (CNA)</a>,
+you may contact the security team for help with any updates you'd like
+to make. This would include updates to the contents of a CVE advisory or
+requests to update, dispute or reject a CVE.  For CNA related requests
+please use the mailing list to contact the security team members, and
+not their private email addresses.
 </p>
 
 <a id="keys"><h2>GPG Keys</h2></a>