moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Code Issues Releases Wiki Activity

SECURITY: mention how to get windows-specific CVEs

Browse Source 
... and make the distros link a proper link
This commit is contained in:
Daniel Stenberg 2016-07-22 01:47:13 +02:00
parent 47fa8f0dae
commit c7468e8ea2
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/SECURITY
View File

@ -66,10 +66,13 @@ announcement.
workarounds, when the release is out and make sure to credit all workarounds, when the release is out and make sure to credit all
contributors properly. contributors properly.
- Request a CVE number from distros@openwall[1] when also informing and - Request a CVE number from
preparing them for the upcoming public security vulnerability announcement - [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
attach the advisory draft for information. Note that 'distros' won't accept when also informing and preparing them for the upcoming public security
an embargo longer than 19 days. vulnerability announcement - attach the advisory draft for information. Note
that 'distros' won't accept an embargo longer than 19 days and they do not
care for Windows-specific flaws. For windows-specific flaws, request CVE
directly from MITRE.
- Update the "security advisory" with the CVE number. - Update the "security advisory" with the CVE number.
@ -91,7 +94,7 @@ announcement.
- The security web page on the web site should get the new vulnerability - The security web page on the web site should get the new vulnerability
mentioned. mentioned.
[1] = http://oss-security.openwall.org/wiki/mailing-lists/distros
CURL-SECURITY (at haxx dot se) CURL-SECURITY (at haxx dot se)
------------------------------ ------------------------------