Hi Alan,
The CPU vendors have their own methods for alerting OS & Hypervisor makers of CPU-level security issues in advance of publication, that don't flow through the distros lists or this list, so fixes for those often happen without any notice here. For other CVEs, it really depends on whether the project includes this list in their notification process, or some volunteer notices them and forwards the information to the list. Many still slip through the cracks.
Thanks for your explanation! Regards Bjoern
