patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 8 Packages Projects Releases Wiki Activity
83676 commits 1 branch 0 tags 641 MiB
Commit graph

78 commits

Author SHA1 Message Date
Flavio Ceolin 3c1394c17a doc: vulnerabilities: Add information about CVE-2023-4265 
Add information about CVE-2023-4265

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-08-16 15:05:35 +02:00
Flavio Ceolin 675726f7c0 doc: vulnerabilities: Add information about CVE-2023-1902 
Add information about CVE-2023-1902

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-08-04 22:53:21 +00:00
Flavio Ceolin 5e4789bceb doc: vulnerabilities: Add information about CVE-2023-1901 
Add information about CVE-2023-1901

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-08-04 22:53:21 +00:00
Flavio Ceolin b7f35a8f29 doc: vulnerabilities: Add information about new vulnerabilities 
Add a placeholder for CVE-2023-1901 and CVE-2023-1902.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-15 13:55:07 -04:00
Flavio Ceolin 40312a8578 doc: vulnerabilities: Add information about CVE-2023-0779 
Add information about CVE-2023-0779

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-02 18:59:27 -04:00
Flavio Ceolin d3193eae33 doc: vulnerabilities: Add information about CVE-2023-0397 
Add information about CVE-2023-0397

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-02 18:59:27 -04:00
Benjamin Cabé 5e36dc52ec doc: security: Refresh hardening tool doc page 
Improved the wording of the Hardening tool documentation to better
reflect that it does suggestions for both options that could be enabled
for improved security, as well as options that should be disabled for
they may expose to vulnerabilities. Also fixed the "Usage" section which
was stale.

Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
 2023-05-22 12:21:19 +02:00
Christian Schlotter 951a37d5a0 doc: security: Unify style 
Unify style in Zephyr Security Overview.

Signed-off-by: Christian Schlotter <christian.schlotter@zeiss.com>
 2023-04-21 16:33:16 +02:00
Flavio Ceolin 68d421e73c docs: security: Add published CVEs information 
Add information about 3 CVEs recently published.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-02-15 19:22:24 +09:00
Flavio Ceolin 05d3b57851 doc: security: Disclose CVE information 
Add information about CVE-2022-2993

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-01-07 21:34:33 +01:00
Flavio Ceolin a61ca79041 doc: vulnerabilities: Add information about CVE-2022-2741 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin ea8c6dbc03 doc: vulnerabilities: Add information about CVE-2022-1041 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin d170982947 doc: vulnerabilities: Add information about CVE-2022-1042 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin 01a02e6a29 doc: vulnerabilities: Add information about CVE-2022-1841 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Stephanos Ioannidis 8a7eb68c0f doc: security: Fix outdated link 
This commit updates the outdated link to "OWASP Top Ten Project".

Signed-off-by: Stephanos Ioannidis <stephanos.ioannidis@nordicsemi.no>
 2022-09-29 12:20:14 +02:00
Flavio Ceolin b26ea8b428 vulnerabilities: Add CVE information 
Add information about CVE-2022-0553.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-06-06 17:59:28 +02:00
Flavio Ceolin 5b8cc4f6f3 vulnerabilities: Add vulnerabilities under embargo 
Add entries for vulnerabilities under embargo.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-05-25 13:34:52 -07:00
Anas Nashif 0e727cf5a9 doc: get rid of reference section 
Move last remaining items from reference section to the appropriate new
section in the new structure.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
 2022-04-07 16:35:19 +02:00
Nazar Kazakov f483b1bc4c everywhere: fix typos 
Fix a lot of typos

Signed-off-by: Nazar Kazakov <nazar.kazakov.work@gmail.com>
 2022-03-18 13:24:08 -04:00
Flavio Ceolin e14d07a869 security: docs: Add CVE-2021-3966 
Add information about CVE-2021-3966

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-17 19:05:08 -05:00
Flavio Ceolin ead018cb12 security: docs: Add CVE-2021-3861 
Add information about CVE-2021-3861

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-08 07:02:36 -05:00
Flavio Ceolin 2a0ae5edac security: docs: Add CVE-2021-3835 
Add information about CVE 2021-3835

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-08 07:02:36 -05:00
Flavio Ceolin 449c37808a doc: security: Fix one vulnerability report 
The issue was properly fixed but this document was not updated.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-01-13 18:34:15 -05:00
Flavio Ceolin 31a911ecc2 doc: security: Remove unused image 
zephyr-workflow is no longer used.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-12-01 05:03:59 -05:00
Flavio Ceolin d21bfcae2e docs: security: s/JIRA/GitHub 
Update vulnerability report / tracking information. Zephyr is no
longer using JIRA.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-12-01 05:03:59 -05:00
Flavio Ceolin f7b320a7c3 doc: security: Update information about CVE-2021-3436 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin 6c488c8556 doc: security: Update information about CVE-2021-3510 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin 613b38c24b doc: security: Update information about CVE-2021-3625 
Update CVE that left embargo with the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin 879438a424 doc: security: Update information about CVE-2021-3319 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin bb5b5fe544 doc: security: Update information about CVE-2021-3581 
Update CVE that left embargo with the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin 6cc84412df security: Update vulnerabilities document 
Add information about recent published vulnerabilities.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-06-23 06:18:59 -04:00
David Brown f6b22ecc74 doc: security: Add CVE-2021-3581 to docs 
Update release notes for 2.6, and the vulnerabilities page to mention
CVE-2021-3581.  This CVE is under embargo until Sept 4, 2021.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-06-04 13:57:40 -05:00
David Brown 0b2798fdfe doc: security: Change 'master' to 'main' 
Fix up a handful of references to 'master' in the security documentation
to refer to the new 'main' branch.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-05-28 10:13:39 -05:00
Flavio Ceolin 2b3e6166d9 doc: security: Publish CVE-2020-3323 info 
CVE was previously under embargo.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin a4b04996aa doc: security: Publish CVE 2021-3321 
Publish CVE that left embargo period.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin 66029cf211 doc: security: Publish CVE under embargo 
Publish CVE-2021-3320.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin 4ea9ddb627 doc: security: Add CVE-2020-10065 info 
Add information about 2020-10065 CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin fa84e13993 doc: security: Add backport info for old issues 
Several issues were missing information about backports.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin 13f11b422d doc: security: Add CVE-2020-13603 info 
This CVE is already published on github.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Anas Nashif 6df4405cca doc: fix typos 
Fix various typos in the docs.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
 2021-04-30 16:03:08 -04:00
David Brown a1533cacdf doc: security: Fix broken link to moved doc 
Now that the security process has been moved to its own page, fix a
broken link that was to the current page.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-17 17:47:26 -04:00
David Brown 9cf59acf73 doc: security: Move vulnerability reporting to new page 
Create a new page containing just the information on reporting security
vulnerabilities, leaving a link behind in the old section.  This will
make it easier to reference this document, rather than it being in the
midst of a larger document.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-17 17:47:26 -04:00
Flavio Ceolin f270e17b32 doc: security: Update vulnerabilities information 
Update CVEs information

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-02-10 07:14:53 -05:00
Gerson Fernando Budke 57c099a612 doc: release: 2.4: Add notes and security info about UpdateHub 
Add release and security notes related to UpdateHub.

Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
 2020-09-25 14:27:57 -05:00
Flavio Ceolin 7c86add30f doc: release notes: Update security notes for 2.4 
Add information about security issues addressed in the v2.4.0
release.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2020-09-22 13:39:46 -05:00
Flavio Ceolin b7d27b94df doc: security: Avoid confusion with code guideline 
Security documentation contains a code guideline section that is more
about security principles than code guidelines itself. Just removing
the mention do code guideline to avoid possible confusions with
upcoming project code guideline based on MISRA-C.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2020-07-07 19:29:21 -04:00
David Brown b32b5e151a doc: security: Release CVEs from embargo 
These CVEs have been released from embargo.  Include details in the v2.3
release notes, and in the vulnerabilities document.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-06-04 22:11:31 +02:00
David Brown ed2d263e0c doc: release notes: Update security notes for 2.3 
Add information about security issues addressed in the v2.3.0 release.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-11 23:13:32 +02:00
David Brown 6fa228efac doc: vulnerabilities: Document public CVEs 
Include documentation for CVE issues that are now out of embargo.  This
includes links to the CVE database, as well as referencing the PRs
within Zephyr that fix these issues.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-11 22:50:02 +02:00
David Brown 99374d7808 doc: security: Update vulnerability disclosure 
Changes to the security vulnerability reflecting policy changes approved
by the board.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-02 11:37:43 -04:00