Post Syndicated from corbet original https://lwn.net/Articles/961355/

The GNU C Library project has
been accepted as a CVE Numbering Authority (CNA), meaning that the
project is now in control of the CVE numbers assigned to its code.

As a CNA the glibc security team will be working to improve the
quality and response time of security advisories and mitigations.

Over the coming months, the glibc security team will define the
process for the CNA and establish best practices that can also be
used by the rest of the GNU Toolchain.

See this article for some background on
this change.