From c7468e8ea2eeac748bb1f3d1410d2de55e9b5802 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 22 Jul 2016 01:47:13 +0200 Subject: SECURITY: mention how to get windows-specific CVEs ... and make the distros link a proper link --- docs/SECURITY | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/SECURITY b/docs/SECURITY index 7b245d7ba..3c07e0bbe 100644 --- a/docs/SECURITY +++ b/docs/SECURITY @@ -66,10 +66,13 @@ announcement. workarounds, when the release is out and make sure to credit all contributors properly. -- Request a CVE number from distros@openwall[1] when also informing and - preparing them for the upcoming public security vulnerability announcement - - attach the advisory draft for information. Note that 'distros' won't accept - an embargo longer than 19 days. +- Request a CVE number from + [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros) + when also informing and preparing them for the upcoming public security + vulnerability announcement - attach the advisory draft for information. Note + that 'distros' won't accept an embargo longer than 19 days and they do not + care for Windows-specific flaws. For windows-specific flaws, request CVE + directly from MITRE. - Update the "security advisory" with the CVE number. @@ -91,7 +94,7 @@ announcement. - The security web page on the web site should get the new vulnerability mentioned. -[1] = http://oss-security.openwall.org/wiki/mailing-lists/distros + CURL-SECURITY (at haxx dot se) ------------------------------ -- cgit v1.2.3