From 8b4c8166f4a848dec1572ca9422a641b9c8cea94 Mon Sep 17 00:00:00 2001
From: Dave Page Security Information
vulnerabilities, and how fixes for security vulnerabilities are released.
+ Please note that the PostgreSQL Project does not offer bug bounties. +
+ ++ The PostgreSQL Project is a CVE Numbering Authority (CNA), working with Red Hat + as our CNA Root. This allows us to assign our own CVE numbers and publish CVE + records for PostgreSQL and closely related projects. +
+ ++ We will currently assign CVE numbers for the following projects upon request to + cna@postgresql.org: +
+ ++ Additional projects may request inclusion on the list above by emailing + cna@postgresql.org. +
+ ++ NOTE: The security team will only assign CVEs to projects + when requested by members of the project. If you think you've found a security + issue in a project other than PostgreSQL or it's packages and installers, + please contact the security team for that project. See below for more details. +
+@@ -87,7 +126,11 @@
- The PostgreSQL Security Team does not file a CVE for vulnerabilities in - PostgreSQL-related projects nor does it list those vulnerabilities in the - section below. It is up to external project maintainers to register a CVE for - a security vulnerability. -
-