From e2dcbf1c3231513c38151d729f180a54ea902da9 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Fri, 13 Sep 2019 00:22:29 -0400 Subject: doc: use consistent unordered list style Convert to asterisks when there are mixed styles in document. Addresses Markdownlint MD004 rule PR-URL: https://github.com/nodejs/node/pull/29516 Reviewed-By: David Carlier Reviewed-By: James M Snell Reviewed-By: Trivikram Kamat --- SECURITY.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'SECURITY.md') diff --git a/SECURITY.md b/SECURITY.md index 5f1e3e2cc7..a82c5f48ce 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,22 +14,22 @@ nonetheless. ## Public disclosure preferred -- [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain +* [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain function can be used to cause segfaults_. Requires the ability to execute arbitrary JavaScript code. That is already the highest level of privilege possible. ## Private disclosure preferred -- [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): +* [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): _Fix invalid wildcard certificate validation check_. This was a high-severity defect. It caused Node.js TLS clients to accept invalid wildcard certificates. -- [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes +* [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities in the TLS/SSL protocols also affect Node.js. -- [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): +* [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): _Fix defects in HTTP header parsing for requests and responses that can allow response splitting_. This was a remotely-exploitable defect in the Node.js HTTP implementation. -- cgit v1.2.1