Lines Matching full:security

1 curl security process
4 This document describes how security vulnerabilities should be handled in the
11 [the curl website security page](https://curl.se/docs/security.html).
13 Security vulnerabilities **should not** be entered in the project's public bug
19 The typical process for handling a new security vulnerability is as follows.
26 reference to the security nature of the commit if done prior to the public
34   security vulnerability in curl or libcurl are ignored and no further action
37 - A person in the security team responds to the original report to acknowledge
40 - The security team investigates the report and either rejects it or accepts
48 - The security team discusses the problem, works out a fix, considers the
57 - Write a security advisory draft about the problem that explains what the
66   [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros)
67   to prepare them about the upcoming public security vulnerability
72 - Update the "security advisory" with the CVE number.
74 - The security team commits the fix in a private branch. The commit message
91 - The security web page on the website should get the new vulnerability
94 curl-security (at haxx dot se)
97 This is a private mailing list for discussions on and about curl security
110 Publishing Security Advisories
113 1. Write up the security advisory, using markdown syntax. Use the same
125 6. On security advisory release day, push the changes on the curl-www