From 24e57f98f9af2da3c33684df2e151ddb00c4e4fe Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Mon, 23 Nov 2020 11:59:04 +0100
Subject: [PATCH 1/5] vulnerailities: integrate vulnerabilities into
 documentation page

---
 _config.yml                                     |  6 ++++++
 .../vulnerabilities.json                        |  0
 .../vulnerabilities.md                          | 17 ++++++++++++++---
 3 files changed, 20 insertions(+), 3 deletions(-)
 rename docs/{vulnerabilities => _vulnerabilities}/vulnerabilities.json (100%)
 rename docs/{vulnerabilities => _vulnerabilities}/vulnerabilities.md (83%)

diff --git a/_config.yml b/_config.yml
index 3025084285b9..cbef41c89bc7 100644
--- a/_config.yml
+++ b/_config.yml
@@ -71,3 +71,9 @@ collections:
     caption: Whisper
     sidebar_index: 8
     frontpage: _whisper/Whisper-Overview.md
+  vulnerabilities:
+    output: true
+    permalink: docs/:collection/:slug
+    caption: Vulnerabilities
+    sidebar_index: 9
+    frontpage: _vulnerabilies/vulnerabilities.md
diff --git a/docs/vulnerabilities/vulnerabilities.json b/docs/_vulnerabilities/vulnerabilities.json
similarity index 100%
rename from docs/vulnerabilities/vulnerabilities.json
rename to docs/_vulnerabilities/vulnerabilities.json
diff --git a/docs/vulnerabilities/vulnerabilities.md b/docs/_vulnerabilities/vulnerabilities.md
similarity index 83%
rename from docs/vulnerabilities/vulnerabilities.md
rename to docs/_vulnerabilities/vulnerabilities.md
index 1c01185d8ac8..2d24aceca015 100644
--- a/docs/vulnerabilities/vulnerabilities.md
+++ b/docs/_vulnerabilities/vulnerabilities.md
@@ -1,4 +1,9 @@
-## Vulnerability disclosures
+---
+title: Vulnerability disclosure
+sort_key: A
+---
+
+## About disclosures
 
 In the software world, it is expected for security vulnerabilities to be immediately announced, thus giving operators an opportunity to take protective measure against attackers. 
 
@@ -47,7 +52,9 @@ In keeping with this policy, we have taken inspiration from [Solidity bug disclo
 
 ## Disclosed vulnerabilities
 
-In this folder, you can find a JSON-formatted list of some of the known security-relevant vulnerabilities concerning `geth`. 
+In this folder, you can find a JSON-formatted list ([`vulnerabilities.json`](vulnerabilities.json)) of some of the known security-relevant vulnerabilities concerning `geth`. 
+
+As of `geth` version `1.9.25`, geth has a built-in command to check whether it is affected by any publically disclosed vulnerability, using the command `geth version-check`. This command will fetch the latest json file (and the accompanying [signature-file](vulnerabilities.json.minisig), and cross-check the data against it's own version number.
 
 The file itself is hosted in the Github repository, on the `gh-pages`-branch. 
 The list was started in November 2020, and covers mainly `v1.9.7` and forward.
@@ -75,4 +82,8 @@ The JSON file of known vulnerabilities below is a list of objects, one for each
   - Takes into account the severity of impact and likelihood of exploitation.
 - `check`
   - This field contains a regular expression, which can be used against the reported `web3_clientVersion` of a node. If the check 
-    matches, the node is with a high likelyhood affected by the vulnerability.
\ No newline at end of file
+    matches, the node is with a high likelyhood affected by the vulnerability.
+
+### Why not use Github Security advisories
+
+We prefer to not rely on Github as the only/primary publishing protocol for security advisories. However, we do plan to also post public disclosures as advisories via the Github security infrastructure.

From b34c5cbf15b28108dd0b2d855c3b7712a43f6e72 Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Mon, 23 Nov 2020 13:53:54 +0100
Subject: [PATCH 2/5] vulnerabilities: add signature file

---
 docs/_vulnerabilities/vulnerabilities.json.minisig | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 docs/_vulnerabilities/vulnerabilities.json.minisig

diff --git a/docs/_vulnerabilities/vulnerabilities.json.minisig b/docs/_vulnerabilities/vulnerabilities.json.minisig
new file mode 100644
index 000000000000..62455907bd6c
--- /dev/null
+++ b/docs/_vulnerabilities/vulnerabilities.json.minisig
@@ -0,0 +1,4 @@
+untrusted comment: signature from minisign secret key
+RWQk7Lo5TQgd+6yVey1A8y2f2GZduUSb95pD+1lmBDFQvhVULfofBQnW+/c3xHoBxB/0OoJjlEO/IPP44u1m7gJmYCFZF4S19gc=
+trusted comment: timestamp:1606134012	file:vulnerabilities.json
+K09k9CDs8910uUdom54obtZJh5In7o8c3Phto4RDdM94ONPGDFA/3/QrwZ44Wr2F6qmI52P4mmOg7OGQHpq3CQ==

From 695a23d5d3a4ed54daffb391abaa1d4c6bccf51f Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Tue, 24 Nov 2020 11:30:15 +0100
Subject: [PATCH 3/5] vulnerabilities: add CVE

---
 docs/_vulnerabilities/vulnerabilities.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/_vulnerabilities/vulnerabilities.md b/docs/_vulnerabilities/vulnerabilities.md
index 2d24aceca015..69c0685890c6 100644
--- a/docs/_vulnerabilities/vulnerabilities.md
+++ b/docs/_vulnerabilities/vulnerabilities.md
@@ -83,6 +83,8 @@ The JSON file of known vulnerabilities below is a list of objects, one for each
 - `check`
   - This field contains a regular expression, which can be used against the reported `web3_clientVersion` of a node. If the check 
     matches, the node is with a high likelyhood affected by the vulnerability.
+- `CVE`
+  - The assigned `CVE` identifier, if available (optional)
 
 ### Why not use Github Security advisories
 

From 3e523181cff4620606c63854d5fb2e2f946331f2 Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Tue, 24 Nov 2020 11:33:20 +0100
Subject: [PATCH 4/5] vulnerabilities: more info about github advisories

---
 docs/_vulnerabilities/vulnerabilities.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/_vulnerabilities/vulnerabilities.md b/docs/_vulnerabilities/vulnerabilities.md
index 69c0685890c6..9b7e24bb86d0 100644
--- a/docs/_vulnerabilities/vulnerabilities.md
+++ b/docs/_vulnerabilities/vulnerabilities.md
@@ -86,6 +86,7 @@ The JSON file of known vulnerabilities below is a list of objects, one for each
 - `CVE`
   - The assigned `CVE` identifier, if available (optional)
 
-### Why not use Github Security advisories
+### What about Github security advisories
 
-We prefer to not rely on Github as the only/primary publishing protocol for security advisories. However, we do plan to also post public disclosures as advisories via the Github security infrastructure.
+We prefer to not rely on Github as the only/primary publishing protocol for security advisories, but 
+we plan use the Github-advisory process as a second channel for disseminating vulnerability-information. 

From 25bc84bbaf404187c2c514c2220ccf46eb5f8b5b Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Tue, 24 Nov 2020 11:46:27 +0100
Subject: [PATCH 5/5] vulnerabilities: link to GH advisories

---
 docs/_vulnerabilities/vulnerabilities.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/_vulnerabilities/vulnerabilities.md b/docs/_vulnerabilities/vulnerabilities.md
index 9b7e24bb86d0..4fb554992da7 100644
--- a/docs/_vulnerabilities/vulnerabilities.md
+++ b/docs/_vulnerabilities/vulnerabilities.md
@@ -90,3 +90,5 @@ The JSON file of known vulnerabilities below is a list of objects, one for each
 
 We prefer to not rely on Github as the only/primary publishing protocol for security advisories, but 
 we plan use the Github-advisory process as a second channel for disseminating vulnerability-information. 
+
+Advisories published via Github can be accessed [here](https://github.com/ethereum/go-ethereum/security/advisories?state=published).
\ No newline at end of file