VULN-DISCLOSURE-POLICY.md: update detail about CVE requests

author Daniel Stenberg <daniel@haxx.se>

Fri, 8 Mar 2024 10:09:48 +0000 (11:09 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Fri, 8 Mar 2024 12:16:27 +0000 (13:16 +0100)
author Daniel Stenberg <daniel@haxx.se>
Fri, 8 Mar 2024 10:09:48 +0000 (11:09 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Fri, 8 Mar 2024 12:16:27 +0000 (13:16 +0100)
diff --git a/.github/scripts/spellcheck.words b/.github/scripts/spellcheck.words

index ab7b18c1f5a082eea8e413f1eb72f3c97ccb51f1..050513c76f2769547f80ddf858b04ccf84421174 100644 (file)
--- a/.github/scripts/spellcheck.words
+++ b/.github/scripts/spellcheck.words
@@ -117,6 +117,7 @@ cmake
  CMake's
  cmake's
  CMakeLists
+CNA
  CodeQL
  codeql
  CODESET
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md

index 5f10bc8b6fd2ff5b1c8b6374f61f12ac274bc2ae..f18db6d52fa0a7b311b91c51815b81bfdca8c80e 100644 (file)
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -59,7 +59,8 @@ announcement.
    [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating
    the advisory.
  
-- Request a CVE number from HackerOne
+- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and
+  can request its own numbers.
  
  - Update the "security advisory" with the CVE number.
author	Daniel Stenberg <daniel@haxx.se>
	Fri, 8 Mar 2024 10:09:48 +0000 (11:09 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 8 Mar 2024 12:16:27 +0000 (13:16 +0100)
.github/scripts/spellcheck.words		patch \| blob \| blame \| history
docs/VULN-DISCLOSURE-POLICY.md		patch \| blob \| blame \| history