Debian GNU/Linux (Linux issues only)
Red Hat, Inc. (Linux issues only)
Ubuntu Linux (Linux issues only)
Those should probably be updated to Debian/Ubuntu only (I know when I last spoke to Florian he said the Debian CNA only did CVE's for Debian stuff, not general Open Source). I don't think Ubuntu has ever issued a general CVE? Ditto for Red Hat (although Red Hat is still handling Open Source, we are planning to shift that over to the DWF officially at some point, and thus Red Hat CNA would just handle Red Hat stuff).
--Kurt Seifried -- Red Hat -- Product Security -- CloudPGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993Red Hat Product Security contact: secalert@redhat.com