From 2e2af50a4df0bd424c3a06eabf42fa0ea0aad1bc Mon Sep 17 00:00:00 2001
From: Andrew Gallant <jamslam@gmail.com>
Date: Sat, 29 May 2021 09:53:18 -0400
Subject: [PATCH] doc: add vulnerability report docs

Fixes #1773
---
 CHANGELOG.md | 3 +++
 README.md    | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8aa0d3d2..baaafa75 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,9 @@ Security fixes:
   Fixes a security hole on Windows where running ripgrep with either the
   `-z/--search-zip` or `--pre` flags can result in running arbitrary
   executables from the current directory.
+* [VULN #1773](https://github.com/BurntSushi/ripgrep/issues/1773):
+  This is the public facing issue tracking CVE-2021-3013. ripgrep's README
+  now contains a section describing how to report a vulnerability.
 
 Feature enhancements:
 
diff --git a/README.md b/README.md
index bc3e0975..3ea9b636 100644
--- a/README.md
+++ b/README.md
@@ -425,6 +425,14 @@ $ cargo test --all
 from the repository root.
 
 
+### Vulnerability reporting
+
+For reporting a security vulnerability, please
+[contact Andrew Gallant](https://blog.burntsushi.net/about/),
+which has my email address and PGP public key if you wish to send an encrypted
+message.
+
+
 ### Translations
 
 The following is a list of known translations of ripgrep's documentation. These