1# OpenBMC Security Advisory Template 2 3This has guidelines for OpenBMC repository maintainers to follow when creating 4new draft GitHub security advisories as part of the [Security response team 5guidelines][]. 6 7Note that the sections under the "Description" section are intended for the 8security advisory "Description" field 9 10[security response team guidelines]: ./obmc-security-response-team-guidelines.md 11 12### Affected Product 13 14Ecosystem: Other OpenBMC Package name: <TBD> Affected versions: 2.9 Patched 15versions: <TBD> 16 17## Severity 18 19Assess the severity using CVSS. 20 21## CWE 22 23<TBD> 24 25## CVE identifier 26 27Please coordinate with the security response team 28 29## Credits 30 31Attribution to those that discovered and mitigated the vulnerability. 32 33### Title 34 35Title goes here... 36 37### Description 38 39The description will be used by vulnerability analysts and should include the 40area or the function affected, and a description of the issue. There should be 41enough details to differentiate this from similar problems, but not enough 42detail to help an attacker exploit the problem. 43 44### Proof Of Concept 45 46If provided, insert proof of concept here. 47 48### Vulnerability Description 49 50...can cause denial of service. 51 52### Affected Release 53 54OpenBMC 2.9 55 56### Fixed in Release 57 58Please include the commit-id in the affected repo, the commit id for the 59metadata, or the version number. 60 61### Mitigation 62 63If available, describe or provide a link to the mitigation needed until the fix 64can be applied. 65 66### For more information 67 68If you have any questions or comments about this advisory: 69 70- Email openbmc-security at lists.ozlabs.org 71