Security announcement subscriptions (was: [Security Advisory] CVE-2020-14156 ...)

Joseph Reynolds jrey at
Wed Jun 17 05:17:51 AEST 2020

On 6/16/20 12:35 PM, Lee Fisher wrote:
> Hi,
> In addition to a web page showing how to submit security issues, it
> would be nice if there was a web page showing OpenBMC CVEs. And/or a
> mailing list to announce OpenBMC security advisories. Having to
> subscribe to the dev list and watch the issue tracking system for CVEs
> will only keep security awareness isolated to OpenBMC devs.

Lee,  +cc: openbmc email list

I agree.  The security wiki [1] has a query to show all security 
advisories [2].  We had discussed creating an 
openbmc-public-security-announcements email list that you could 
subscribe to.  I'll add an item to the security working group agenda [3] 
to discuss the email again.

- Joseph


> Thanks,
> Lee
> On 6/15/20 12:31 PM, Joseph Reynolds wrote:
>> |The OpenBMC Security Response team has released an OpenBMC Security
>> Advisory: Thanks to
>> everyone who helped work on this. An OpenBMC Security Advisory
>> explains a security vulnerability, its severity, and how to protect
>> systems that are built on OpenBMC. For more information about OpenBMC
>> Security Response, see:
>> - Joseph |

More information about the openbmc mailing list