1# OpenBMC Security Advisory Template 2 3This has guidelines for OpenBMC repository maintainers to follow when creating 4new draft GitHub security advisories as part of the [Security response team 5guidelines][]. 6 7Note that the sections under the "Description" section are intended for the 8security advisory "Description" field 9 10[Security response team guidelines]: ./obmc-security-response-team-guidelines.md 11 12### Affected Product 13Ecosystem: Other OpenBMC 14Package name: <TBD> 15Affected versions: 2.9 16Patched versions: <TBD> 17 18## Severity 19Assess the severity using CVSS. 20 21## CWE 22<TBD> 23 24## CVE identifier 25Please coordinate with the security response team 26 27## Credits 28Attribution to those that discovered and mitigated the vulnerability. 29 30### Title 31Title goes here... 32 33### Description 34The description will be used by vulnerability analysts and should include the 35area or the function affected, and a description of the issue. There should 36be enough details to differentiate this from similar problems, but not enough 37detail to help an attacker exploit the problem. 38 39### Proof Of Concept 40If provided, insert proof of concept here. 41 42### Vulnerability Description 43...can cause denial of service. 44 45### Affected Release 46OpenBMC 2.9 47 48### Fixed in Release 49Please include the commit-id in the affected repo, the commit id for the 50metadata, or the version number. 51 52### Mitigation 53If available, describe or provide a link to the mitigation needed until the 54fix can be applied. 55 56### For more information 57If you have any questions or comments about this advisory: 58* Email openbmc-security at lists.ozlabs.org 59