1# OpenBMC Security Advisory Template 2 3This has guidelines for OpenBMC repository maintainers to follow when creating 4new draft GitHub security advisories as part of the [Security response team 5guidelines][]. 6 7Note that the sections under the "Description" section are intended for the 8security advisory "Description" field 9 10[security response team guidelines]: ./obmc-security-response-team-guidelines.md 11 12## Affected Product 13 14- Ecosystem: Other 15- OpenBMC Package name: `TBD` 16- Affected versions: 2.9 17- Patched versions: `TBD` 18 19## Severity 20 21Assess the severity using CVSS. 22 23## CWE 24 25`TBD` 26 27## CVE identifier 28 29Please coordinate with the security response team 30 31## Credits 32 33Attribution to those that discovered and mitigated the vulnerability. 34 35### Title 36 37Title goes here... 38 39### Description 40 41The description will be used by vulnerability analysts and should include the 42area or the function affected, and a description of the issue. There should be 43enough details to differentiate this from similar problems, but not enough 44detail to help an attacker exploit the problem. 45 46### Proof Of Concept 47 48If provided, insert proof of concept here. 49 50### Vulnerability Description 51 52...can cause denial of service. 53 54### Affected Release 55 56OpenBMC 2.9 57 58### Fixed in Release 59 60Please include the commit-id in the affected repo, the commit id for the 61metadata, or the version number. 62 63### Mitigation 64 65If available, describe or provide a link to the mitigation needed until the fix 66can be applied. 67 68### For more information 69 70If you have any questions or comments about this advisory: 71 72- Email openbmc-security at lists.ozlabs.org 73