CVE listing in SECURITY.md

The SECURITY.md file lists each known CVE and the release versions it is present in (and fixed in). Signed-off-by: Cary Phillips <cary@ilm.com>
AcademySoftwareFoundation · Sep 21, 2019 · 33d1ac6 · 33d1ac6
1 parent eae0e33
commit 33d1ac6
Showing 1 changed file with 26 additions and 7 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -3,15 +3,34 @@
 ## Reporting a Vulnerability
 
 If you think you've found a potential vulnerability in OpenEXR, please
-report it by emailing security@openexr.com. Only TSC members and ASWF
-project management have access to these messages. Include detailed
-steps to reproduce the issue, and any other information that could aid
-an investigation. Our policy is to respond to vulernability reports
-within 14 days.
+report it by emailing security@openexr.com. Only Technical Steering
+Committee members and Academy Software Foundation project management
+have access to these messages. Include detailed steps to reproduce the
+issue, and any other information that could aid an investigation. Our
+policy is to respond to vulernability reports within 14 days.
 
 Our policy is to address critical security vulnerabilities rapidly and
 post patches as quickly as possible.
 
-See the [release notes](CHANGES.md) for a listing of known CVEs and
-the releases in which they have been addressed.
+## Known Vulnerabilities
+
+* [CVE-2018-18444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18444) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
+* [CVE-2018-18443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18443) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
+* [CVE-2017-9116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-9110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110) 2.0.0, 2.0.1, 2.1.0, 2.2.0
+* [CVE-2017-14988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14988) invalid CVE
+* [CVE-2017-12596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596) 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.2.1, 2.3.0
+* [CVE-2016-4630](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4630) unknown
+* [CVE-2016-4629](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4629) unknown
+* [CVE-2009-1722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1722) 1.0.*, 1.1.*, 1.2.*, 1.3.*, 1.4.*, 1.5.*, 1.6.*
+* [CVE-2009-1721](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1721) 1.0.*, 1.1.*, 1.2.*, 1.3.*, 1.4.*, 1.5.*, 1.6.*
+* [CVE-2009-1720](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1720) 1.0.*, 1.1.*, 1.2.*, 1.3.*, 1.4.*, 1.5.*, 1.6.*
+* [CVE-2006-2277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2277) unknown
+
+See the [release notes](CHANGES.md) for more information.