This has guidelines for OpenBMC repository maintainers to follow when creating new draft GitHub security advisories as part of the Security response team guidelines.
Note that the sections under the "Description" section are intended for the security advisory "Description" field
Ecosystem: Other OpenBMC Package name: Affected versions: 2.9 Patched versions:
Assess the severity using CVSS.
Please coordinate with the security response team
Attribution to those that discovered and mitigated the vulnerability.
Title goes here...
The description will be used by vulnerability analysts and should include the area or the function affected, and a description of the issue. There should be enough details to differentiate this from similar problems, but not enough detail to help an attacker exploit the problem.
If provided, insert proof of concept here.
...can cause denial of service.
OpenBMC 2.9
Please include the commit-id in the affected repo, the commit id for the metadata, or the version number.
If available, describe or provide a link to the mitigation needed until the fix can be applied.
If you have any questions or comments about this advisory: