diff --git a/.github/scripts/spellcheck.words b/.github/scripts/spellcheck.words index ab7b18c1f5..050513c76f 100644 --- a/.github/scripts/spellcheck.words +++ b/.github/scripts/spellcheck.words @@ -117,6 +117,7 @@ cmake CMake's cmake's CMakeLists +CNA CodeQL codeql CODESET diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md index 5f10bc8b6f..f18db6d52f 100644 --- a/docs/VULN-DISCLOSURE-POLICY.md +++ b/docs/VULN-DISCLOSURE-POLICY.md @@ -59,7 +59,8 @@ announcement. [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating the advisory. -- Request a CVE number from HackerOne +- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and + can request its own numbers. - Update the "security advisory" with the CVE number.