On Thu, Oct 02, 2025 at 03:11:17PM +0200, Attila Szasz wrote: > > For the sake of product security folks who rely on consistency: the Linux > CNA recently registered a batch of HFS/HFS+ CVEs that require manipulating > malformed filesystems as a first step. This seems inconsistent with how > similar cases were previously handled.
If you feel the Linux CNA has issued CVEs in an inconsistent way, please contact them and the people there will be glad to research the issue and get back to you. They are issuing, on average, 13 CVEs a day, and so stuff like this easily gets lost in the firehose. The Linux CNA is also currently "backfilling" many old CVE entries that previously came from the GSD database, and perhaps the issues you are referring to came from there. If so, again, please contact them and they will be glad to discuss it. thanks, greg k-h
