Update release notes for 2.6, and the vulnerabilities page to mention
CVE-2021-3581. This CVE is under embargo until Sept 4, 2021.
Signed-off-by: David Brown <david.brown@linaro.org>
Fix up a handful of references to 'master' in the security documentation
to refer to the new 'main' branch.
Signed-off-by: David Brown <david.brown@linaro.org>
These CVEs have been released from embargo. Include details in the v2.3
release notes, and in the vulnerabilities document.
Signed-off-by: David Brown <david.brown@linaro.org>
Include documentation for CVE issues that are now out of embargo. This
includes links to the CVE database, as well as referencing the PRs
within Zephyr that fix these issues.
Signed-off-by: David Brown <david.brown@linaro.org>
In addition to having security vulnerability fixes reported within each
release note page, consolidate all of them in a new vulnerabilities
document.
This gives us two advantages: 1. The vulnerabilities can easily be
referenced in a single place, which is useful for someone trying to
cross reference against CVE lists, and 2. It allows a release to be made
with just CVE numbers when issues are under embargo, and the details can
be added to this vulnerabilities page. The release notes will be locked
to a tag, and updates will not be visible.
Signed-off-by: David Brown <david.brown@linaro.org>
