Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 4759da8819a6ce68d714f7db0eca1b4db5e4fd61^! / .
commit4759da8819a6ce68d714f7db0eca1b4db5e4fd61[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Wed Mar 04 17:02:56 2020 -0700
committerJohan Hedberg <johan.hedberg@gmail.com>Thu Mar 05 12:39:13 2020 +0200
tree6d077a4cb03bec851732ee062f51da67d4fcf4c0
parent8d5bb88aa737ec7812c2ad684fdbc3a76e99174e [diff]
doc: security: Create a vulnerabilities report

In addition to having security vulnerability fixes reported within each
release note page, consolidate all of them in a new vulnerabilities
document.

This gives us two advantages: 1. The vulnerabilities can easily be
referenced in a single place, which is useful for someone trying to
cross reference against CVE lists, and 2. It allows a release to be made
with just CVE numbers when issues are under embargo, and the details can
be added to this vulnerabilities page.  The release notes will be locked
to a tag, and updates will not be visible.

Signed-off-by: David Brown <david.brown@linaro.org>

diff --git a/doc/security/index.rst b/doc/security/index.rst
index c5e1d8d..328eb54 100644
--- a/doc/security/index.rst
+++ b/doc/security/index.rst

@@ -14,3 +14,4 @@
    secure-coding.rst
    sensor-threat.rst
    hardening-tool.rst
+   vulnerabilities.rst

diff --git a/doc/security/vulnerabilities.rst b/doc/security/vulnerabilities.rst
new file mode 100644
index 0000000..9986f2d
--- /dev/null
+++ b/doc/security/vulnerabilities.rst

@@ -0,0 +1,25 @@
+.. _vulnerabilities:
+
+Vulnerabilities
+###############
+
+This page collects all of the vulnerabilities that are discovered and
+fixed in each release.  It will also often have more details than is
+available in the releases.  Some vulnerabilities are deemed to be
+sensitive, and will not be publically discussed until there is
+sufficient time to fix them.  Because the release notes are locked to
+a version, the information here can be updated after the embargo is
+lifted.
+
+Release 1.14.0 and 2.0.0
+------------------------
+
+The following security vulnerability (CVE) was addressed in this
+release:
+
+* Fixes CVE-2019-9506: The Bluetooth BR/EDR specification up to and
+  including version 5.1 permits sufficiently low encryption key length
+  and does not prevent an attacker from influencing the key length
+  negotiation. This allows practical brute-force attacks (aka "KNOB")
+  that can decrypt traffic and inject arbitrary ciphertext without the
+  victim noticing.