Lines Matching full:security

1 c-ares security
4 This document is intended to provide guidance on how security vulnerabilities
13 Security vulnerabilities should not be entered in the project's public bug
15 issue to only the reporter and the project's security team.
20 The typical process for handling a new security vulnerability is as follows.
27 reference to the security nature of the commit if done prior to the public
31   privately to `c-ares-security@haxx.se`. That's an email alias that reaches a
35   security vulnerability in c-ares are ignored and no further action is
38 - A person in the security team sends an e-mail to the original reporter to
41 - The security team investigates the report and either rejects it or accepts
49 - The security team discusses the problem, works out a fix, considers the
56   then a separate earlier release for security reasons should be considered.
58 - Write a security advisory draft about the problem that explains what the
64   [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
65   when also informing and preparing them for the upcoming public security
69 - Update the "security advisory" with the CVE number.
71 - The security team commits the fix in a private branch. The commit message
84   mailing list and the oss-security mailing list.
86 - The security web page on the web site should get the new vulnerability
89 C-ARES-SECURITY (at haxx dot se)