70 lines
1.6 KiB
Markdown
70 lines
1.6 KiB
Markdown
# OpenBMC Security Advisory Template
|
|
|
|
This has guidelines for OpenBMC repository maintainers to follow when creating
|
|
new draft GitHub security advisories as part of the [Security response team guidelines][].
|
|
|
|
Note that the sections under the "Description" section are intended for the
|
|
security advisory "Description" field
|
|
|
|
[security response team guidelines]: ./obmc-security-response-team-guidelines.md
|
|
|
|
### Affected Product
|
|
|
|
Ecosystem: Other OpenBMC Package name: <TBD> Affected versions: 2.9 Patched
|
|
versions: <TBD>
|
|
|
|
## Severity
|
|
|
|
Assess the severity using CVSS.
|
|
|
|
## CWE
|
|
|
|
<TBD>
|
|
|
|
## CVE identifier
|
|
|
|
Please coordinate with the security response team
|
|
|
|
## Credits
|
|
|
|
Attribution to those that discovered and mitigated the vulnerability.
|
|
|
|
### Title
|
|
|
|
Title goes here...
|
|
|
|
### Description
|
|
|
|
The description will be used by vulnerability analysts and should include the
|
|
area or the function affected, and a description of the issue. There should be
|
|
enough details to differentiate this from similar problems, but not enough
|
|
detail to help an attacker exploit the problem.
|
|
|
|
### Proof Of Concept
|
|
|
|
If provided, insert proof of concept here.
|
|
|
|
### Vulnerability Description
|
|
|
|
...can cause denial of service.
|
|
|
|
### Affected Release
|
|
|
|
OpenBMC 2.9
|
|
|
|
### Fixed in Release
|
|
|
|
Please include the commit-id in the affected repo, the commit id for the
|
|
metadata, or the version number.
|
|
|
|
### Mitigation
|
|
|
|
If available, describe or provide a link to the mitigation needed until the fix
|
|
can be applied.
|
|
|
|
### For more information
|
|
|
|
If you have any questions or comments about this advisory:
|
|
|
|
- Email openbmc-security at lists.ozlabs.org
|