From 10432ffb6a9dbc07b688eeb3a0e09236685b6da8 Mon Sep 17 00:00:00 2001 From: Marcel Lang Date: Tue, 1 Jul 2025 15:06:24 +0200 Subject: [PATCH] VULN-DISCLOSURE-POLICY.md: fix typos Closes #17796 --- docs/VULN-DISCLOSURE-POLICY.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md index 8ec4d9b89f..3acbf10aec 100644 --- a/docs/VULN-DISCLOSURE-POLICY.md +++ b/docs/VULN-DISCLOSURE-POLICY.md @@ -168,7 +168,7 @@ severity levels is hard enough for us. When deciding severity level on a particular issue, we take all the factors into account: attack vector, attack complexity, required privileges, necessary build configuration, protocols involved, platform specifics and also what -effects a possible exploit or trigger of the issue can lead do, including +effects a possible exploit or trigger of the issue can lead to, including confidentiality, integrity or availability problems. ## Low @@ -256,8 +256,8 @@ Vulnerabilities in features which are off by default (in the build) and documented as experimental, or exist only in debug mode, are not eligible for a reward and we do not consider them security problems. -The same applies to scripts and software which are not installed by default by -the make install rule. +The same applies to scripts and software which are not installed by default +through the make install rule. ## URL inconsistencies @@ -272,7 +272,7 @@ Obvious parser bugs can still be vulnerabilities of course. The curl command blanks the contents of a number of command line arguments to prevent them from appearing in process listings. It does not blank all -arguments even if some of them that are not blanked might contain sensitive +arguments, even though some that are not blanked might contain sensitive data. We consider this functionality a best-effort and omissions are not security vulnerabilities. -- 2.47.2