From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 8 Mar 2024 10:09:48 +0000 (+0100)
Subject: VULN-DISCLOSURE-POLICY.md: update detail about CVE requests
X-Git-Tag: curl-8_7_0~46
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39173f66e541db909069a4ce30d7590b76041596;p=thirdparty%2Fcurl.git

VULN-DISCLOSURE-POLICY.md: update detail about CVE requests

curl is a CNA now

Closes #13088
---

diff --git a/.github/scripts/spellcheck.words b/.github/scripts/spellcheck.words
index ab7b18c1f5..050513c76f 100644
--- a/.github/scripts/spellcheck.words
+++ b/.github/scripts/spellcheck.words
@@ -117,6 +117,7 @@ cmake
 CMake's
 cmake's
 CMakeLists
+CNA
 CodeQL
 codeql
 CODESET
diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md
index 5f10bc8b6f..f18db6d52f 100644
--- a/docs/VULN-DISCLOSURE-POLICY.md
+++ b/docs/VULN-DISCLOSURE-POLICY.md
@@ -59,7 +59,8 @@ announcement.
   [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating
   the advisory.
 
-- Request a CVE number from HackerOne
+- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and
+  can request its own numbers.
 
 - Update the "security advisory" with the CVE number.