michaelh/zephyr
1
0
Fork 0
Code Releases Activity
96592 commits 135 branches 0 tags 678 MiB
Commit graph

176 commits

Author SHA1 Message Date
Flavio Ceolin
5e4789bceb doc: vulnerabilities: Add information about CVE-2023-1901 
Add information about CVE-2023-1901

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-08-04 22:53:21 +00:00
Flavio Ceolin
b7f35a8f29 doc: vulnerabilities: Add information about new vulnerabilities 
Add a placeholder for CVE-2023-1901 and CVE-2023-1902.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-15 13:55:07 -04:00
Flavio Ceolin
40312a8578 doc: vulnerabilities: Add information about CVE-2023-0779 
Add information about CVE-2023-0779

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-02 18:59:27 -04:00
Flavio Ceolin
d3193eae33 doc: vulnerabilities: Add information about CVE-2023-0397 
Add information about CVE-2023-0397

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-06-02 18:59:27 -04:00
Benjamin Cabé
5e36dc52ec doc: security: Refresh hardening tool doc page 
Improved the wording of the Hardening tool documentation to better
reflect that it does suggestions for both options that could be enabled
for improved security, as well as options that should be disabled for
they may expose to vulnerabilities. Also fixed the "Usage" section which
was stale.

Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
 2023-05-22 12:21:19 +02:00
Christian Schlotter
951a37d5a0 doc: security: Unify style 
Unify style in Zephyr Security Overview.

Signed-off-by: Christian Schlotter <christian.schlotter@zeiss.com>
 2023-04-21 16:33:16 +02:00
Flavio Ceolin
68d421e73c docs: security: Add published CVEs information 
Add information about 3 CVEs recently published.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-02-15 19:22:24 +09:00
Flavio Ceolin
05d3b57851 doc: security: Disclose CVE information 
Add information about CVE-2022-2993

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2023-01-07 21:34:33 +01:00
Flavio Ceolin
a61ca79041 doc: vulnerabilities: Add information about CVE-2022-2741 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin
ea8c6dbc03 doc: vulnerabilities: Add information about CVE-2022-1041 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin
d170982947 doc: vulnerabilities: Add information about CVE-2022-1042 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Flavio Ceolin
01a02e6a29 doc: vulnerabilities: Add information about CVE-2022-1841 
Add information for published CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-11-01 12:01:00 +01:00
Stephanos Ioannidis
8a7eb68c0f doc: security: Fix outdated link 
This commit updates the outdated link to "OWASP Top Ten Project".

Signed-off-by: Stephanos Ioannidis <stephanos.ioannidis@nordicsemi.no>
 2022-09-29 12:20:14 +02:00
Flavio Ceolin
b26ea8b428 vulnerabilities: Add CVE information 
Add information about CVE-2022-0553.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-06-06 17:59:28 +02:00
Flavio Ceolin
5b8cc4f6f3 vulnerabilities: Add vulnerabilities under embargo 
Add entries for vulnerabilities under embargo.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-05-25 13:34:52 -07:00
Anas Nashif
0e727cf5a9 doc: get rid of reference section 
Move last remaining items from reference section to the appropriate new
section in the new structure.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
 2022-04-07 16:35:19 +02:00
Nazar Kazakov
f483b1bc4c everywhere: fix typos 
Fix a lot of typos

Signed-off-by: Nazar Kazakov <nazar.kazakov.work@gmail.com>
 2022-03-18 13:24:08 -04:00
Flavio Ceolin
e14d07a869 security: docs: Add CVE-2021-3966 
Add information about CVE-2021-3966

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-17 19:05:08 -05:00
Flavio Ceolin
ead018cb12 security: docs: Add CVE-2021-3861 
Add information about CVE-2021-3861

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-08 07:02:36 -05:00
Flavio Ceolin
2a0ae5edac security: docs: Add CVE-2021-3835 
Add information about CVE 2021-3835

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-02-08 07:02:36 -05:00
Flavio Ceolin
449c37808a doc: security: Fix one vulnerability report 
The issue was properly fixed but this document was not updated.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2022-01-13 18:34:15 -05:00
Flavio Ceolin
31a911ecc2 doc: security: Remove unused image 
zephyr-workflow is no longer used.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-12-01 05:03:59 -05:00
Flavio Ceolin
d21bfcae2e docs: security: s/JIRA/GitHub 
Update vulnerability report / tracking information. Zephyr is no
longer using JIRA.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-12-01 05:03:59 -05:00
Flavio Ceolin
f7b320a7c3 doc: security: Update information about CVE-2021-3436 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin
6c488c8556 doc: security: Update information about CVE-2021-3510 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin
613b38c24b doc: security: Update information about CVE-2021-3625 
Update CVE that left embargo with the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin
879438a424 doc: security: Update information about CVE-2021-3319 
Update old CVE the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin
bb5b5fe544 doc: security: Update information about CVE-2021-3581 
Update CVE that left embargo with the proper information.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-10-06 18:18:06 -04:00
Flavio Ceolin
6cc84412df security: Update vulnerabilities document 
Add information about recent published vulnerabilities.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-06-23 06:18:59 -04:00
David Brown
f6b22ecc74 doc: security: Add CVE-2021-3581 to docs 
Update release notes for 2.6, and the vulnerabilities page to mention
CVE-2021-3581.  This CVE is under embargo until Sept 4, 2021.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-06-04 13:57:40 -05:00
David Brown
0b2798fdfe doc: security: Change 'master' to 'main' 
Fix up a handful of references to 'master' in the security documentation
to refer to the new 'main' branch.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-05-28 10:13:39 -05:00
Flavio Ceolin
2b3e6166d9 doc: security: Publish CVE-2020-3323 info 
CVE was previously under embargo.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin
a4b04996aa doc: security: Publish CVE 2021-3321 
Publish CVE that left embargo period.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin
66029cf211 doc: security: Publish CVE under embargo 
Publish CVE-2021-3320.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin
4ea9ddb627 doc: security: Add CVE-2020-10065 info 
Add information about 2020-10065 CVE.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin
fa84e13993 doc: security: Add backport info for old issues 
Several issues were missing information about backports.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Flavio Ceolin
13f11b422d doc: security: Add CVE-2020-13603 info 
This CVE is already published on github.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-05-18 14:55:38 -04:00
Anas Nashif
6df4405cca doc: fix typos 
Fix various typos in the docs.

Signed-off-by: Anas Nashif <anas.nashif@intel.com>
 2021-04-30 16:03:08 -04:00
David Brown
a1533cacdf doc: security: Fix broken link to moved doc 
Now that the security process has been moved to its own page, fix a
broken link that was to the current page.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-17 17:47:26 -04:00
David Brown
9cf59acf73 doc: security: Move vulnerability reporting to new page 
Create a new page containing just the information on reporting security
vulnerabilities, leaving a link behind in the old section.  This will
make it easier to reference this document, rather than it being in the
midst of a larger document.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-17 17:47:26 -04:00
Flavio Ceolin
f270e17b32 doc: security: Update vulnerabilities information 
Update CVEs information

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2021-02-10 07:14:53 -05:00
Gerson Fernando Budke
57c099a612 doc: release: 2.4: Add notes and security info about UpdateHub 
Add release and security notes related to UpdateHub.

Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
 2020-09-25 14:27:57 -05:00
Flavio Ceolin
7c86add30f doc: release notes: Update security notes for 2.4 
Add information about security issues addressed in the v2.4.0
release.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2020-09-22 13:39:46 -05:00
Flavio Ceolin
b7d27b94df doc: security: Avoid confusion with code guideline 
Security documentation contains a code guideline section that is more
about security principles than code guidelines itself. Just removing
the mention do code guideline to avoid possible confusions with
upcoming project code guideline based on MISRA-C.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2020-07-07 19:29:21 -04:00
David Brown
b32b5e151a doc: security: Release CVEs from embargo 
These CVEs have been released from embargo.  Include details in the v2.3
release notes, and in the vulnerabilities document.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-06-04 22:11:31 +02:00
David Brown
ed2d263e0c doc: release notes: Update security notes for 2.3 
Add information about security issues addressed in the v2.3.0 release.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-11 23:13:32 +02:00
David Brown
6fa228efac doc: vulnerabilities: Document public CVEs 
Include documentation for CVE issues that are now out of embargo.  This
includes links to the CVE database, as well as referencing the PRs
within Zephyr that fix these issues.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-11 22:50:02 +02:00
David Brown
99374d7808 doc: security: Update vulnerability disclosure 
Changes to the security vulnerability reflecting policy changes approved
by the board.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-05-02 11:37:43 -04:00
David Brown
4759da8819 doc: security: Create a vulnerabilities report 
In addition to having security vulnerability fixes reported within each
release note page, consolidate all of them in a new vulnerabilities
document.

This gives us two advantages: 1. The vulnerabilities can easily be
referenced in a single place, which is useful for someone trying to
cross reference against CVE lists, and 2. It allows a release to be made
with just CVE numbers when issues are under embargo, and the details can
be added to this vulnerabilities page.  The release notes will be locked
to a tag, and updates will not be visible.

Signed-off-by: David Brown <david.brown@linaro.org>
 2020-03-05 12:39:13 +02:00
Flavio Ceolin
b5bb4cd085 doc: security: Add hardening tool information 
Add basic reference to hardening tool.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
 2020-02-06 23:05:38 -05:00