Lines Matching refs:security

1 c-ares security
4 This document is intended to provide guidance on how security vulnerabilities
15 issue to only the reporter and the project's security team.
20 The typical process for handling a new security vulnerability is as follows.
27 reference to the security nature of the commit if done prior to the public
31   privately to `c-ares-security@haxx.se`. That's an email alias that reaches a
35   security vulnerability in c-ares are ignored and no further action is
38 - A person in the security team sends an e-mail to the original reporter to
41 - The security team investigates the report and either rejects it or accepts
49 - The security team discusses the problem, works out a fix, considers the
56   then a separate earlier release for security reasons should be considered.
58 - Write a security advisory draft about the problem that explains what the
64   [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
65   when also informing and preparing them for the upcoming public security
69 - Update the "security advisory" with the CVE number.
71 - The security team commits the fix in a private branch. The commit message
84   mailing list and the oss-security mailing list.
86 - The security web page on the web site should get the new vulnerability