aboutsummaryrefslogtreecommitdiff
path: root/docs/SECURITY
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-07-22 01:47:13 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-07-22 01:47:13 +0200
commitc7468e8ea2eeac748bb1f3d1410d2de55e9b5802 (patch)
treea40db345acd2655ec2ea680aabce2c22e48aab3c /docs/SECURITY
parent47fa8f0dae69ffe1e7a6ad1e7a6075d8cbe804a4 (diff)
SECURITY: mention how to get windows-specific CVEs
... and make the distros link a proper link
Diffstat (limited to 'docs/SECURITY')
-rw-r--r--docs/SECURITY13
1 files changed, 8 insertions, 5 deletions
diff --git a/docs/SECURITY b/docs/SECURITY
index 7b245d7ba..3c07e0bbe 100644
--- a/docs/SECURITY
+++ b/docs/SECURITY
@@ -66,10 +66,13 @@ announcement.
workarounds, when the release is out and make sure to credit all
contributors properly.
-- Request a CVE number from distros@openwall[1] when also informing and
- preparing them for the upcoming public security vulnerability announcement -
- attach the advisory draft for information. Note that 'distros' won't accept
- an embargo longer than 19 days.
+- Request a CVE number from
+ [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
+ when also informing and preparing them for the upcoming public security
+ vulnerability announcement - attach the advisory draft for information. Note
+ that 'distros' won't accept an embargo longer than 19 days and they do not
+ care for Windows-specific flaws. For windows-specific flaws, request CVE
+ directly from MITRE.
- Update the "security advisory" with the CVE number.
@@ -91,7 +94,7 @@ announcement.
- The security web page on the web site should get the new vulnerability
mentioned.
-[1] = http://oss-security.openwall.org/wiki/mailing-lists/distros
+
CURL-SECURITY (at haxx dot se)
------------------------------