On October 19, 2005 a one-time change is being made to the Common Vulnerabilities and Exposures (CVE) list numbering scheme. Under the old system, security vulnerabilities would be assigned a name like "CAN-yyyy-nnnn" and after some period of voting would be updated to a CVE prefix. After October 19, 2005, all vulnerabilities will be assigned names like "CVE-yyyy-nnnn". All previously named vulnerabilities which still have "CAN" prefixed names will also be migrated to "CVE" prefixed names at the same time.
Users of Red Hat products will notice this change in all new security advisories and Red Hat Network (RHN) will list all relevant vulnerabilities with the CVE prefix. Security advisories that have already been published for all supported products will have their list of CVE names updated; however, we do not plan to update any names referred to in the text descriptions of advisories.
This one-time change is designed to improve the usability and understanding of CVE names. More details are available from Mitre at http://cve.mitre.org/cve/renumber.html .
Specific questions regarding this change can also be sent directly to the Red Hat Security Response Team at http://www.redhat.com/security/team/ .