From dc263e15e1ce797f14f11a0583372f7215b54fb6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 1 Jul 2025 22:45:03 +0200 Subject: [PATCH] VULN-DISCLOSURE-POLICY: minor language polish Closes #17799 --- docs/VULN-DISCLOSURE-POLICY.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md index 3acbf10aec..9ed196f67f 100644 --- a/docs/VULN-DISCLOSURE-POLICY.md +++ b/docs/VULN-DISCLOSURE-POLICY.md @@ -181,16 +181,16 @@ example](https://curl.se/docs/CVE-2022-43552.html) ## Medium This is a security problem that is less hard than **Low** to exploit or -trigger. Less strict timing, wider platforms availability or involving more +trigger. Less strict timing, wider platform availability or involving more widely used options or protocols. A problem that usually needs something else to also happen to become serious. [Past example](https://curl.se/docs/CVE-2022-32206.html) ## High -This issue in itself a serious problem with real world impact. Flaws that can -easily compromise the confidentiality, integrity or availability of resources. -Exploiting or triggering this problem is not hard. [Past +This issue is in itself a serious problem with real world impact. Flaws that +can easily compromise the confidentiality, integrity or availability of +resources. Exploiting or triggering this problem is not hard. [Past example](https://curl.se/docs/CVE-2019-3822.html) ## Critical @@ -209,7 +209,7 @@ This is an incomplete list of issues that are not considered vulnerabilities. We do not consider a small memory leak a security problem; even if the amount of allocated memory grows by a small amount every now and then. Long-living -applications and services already need to have counter-measures and deal with +applications and services already need to have countermeasures and deal with growing memory usage, be it leaks or just increased use. A small memory or resource leak is then expected to *not* cause a security problem. -- 2.39.5