mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-19 15:40:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

VULN-DISCLOSURE-POLICY.md: update detail about CVE requests

Browse Source 
curl is a CNA now

Closes
This commit is contained in:
Daniel Stenberg 2024-03-08 11:09:48 +01:00
parent a586b8ca40
commit 39173f66e5
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 3 additions and 1 deletions

1
.github/scripts/spellcheck.words vendored

@ -117,6 +117,7 @@ cmake
CMake's
cmake's
CMakeLists
CNA
CodeQL
codeql
CODESET

3
docs/VULN-DISCLOSURE-POLICY.md

@ -59,7 +59,8 @@ announcement.
[SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating
the advisory.
- Request a CVE number from HackerOne
- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and
can request its own numbers.
- Update the "security advisory" with the CVE number.