add CSAF publication workflow and first document

Author: bernhardreiter

.github/workflows/publish.yml

@@ -0,0 +1,73 @@
+name: Validate & publish CSAF advisories
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'csaf_documents/**.json'
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  csaf:
+    runs-on: ubuntu-24.04
+    name: Update CSAF provider
+    strategy:
+      fail-fast: false
+
+    steps:
+    - name: Publish CSAF advisories
+      uses: csaf-tools/csaf-action@v0
+      with:
+        publisher_category: vendor
+        publisher_name: Isduba Development Community
+        publisher_namespace: https://github.com/ISDuBA
+        publisher_issuing_authority: Developers of the Free Software ISDuBA
+        publisher_contact_details: Open public issues at https://github.com/ISDuBA or contact one of the recently active developers in confidence.
+        source_csaf_documents: csaf_documents
+        generate_index_files: true
+        openpgp_key: |
+          -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBGj7dkwBDADffbLnN3FX1g2xRLI7UngOY/ecoTGgIrWjwZ/NX13SwpzNPrvC
+XMYdiZXKYRP2Nol7NBRvOAKQDRfUv/SHCqSG99uQyPRaC1skJPa6CCYpNTYhG7CU
+hb4V/bCC1yQNfzEmyQw7dMuEqlsCZam/njOyr0Hw7UAwVNIk/q55PlSZ79i1PhTO
+32sADFZ3B739qZA0HqDN4PlMdNzxJBbHekCQcDS/LYljKlqqEJZviK81LL/RGm1y
+CE8Wqx/IFwpv841ydz95nJjPXp4NqUCsWg9ZsjOnBexlWXNgHOm1YagAdIBX/eRy
+NhVxQAMcOeWR2IsA18RYytlnR+FH+IHLnHUJbsR2DuhoSQjql0Z6MCQcR2dWzOXJ
+avoWYOGCqvV/uuTLkhVin7XJnb1t7l4u+vT14I5jZ1bxOfrBx/UqEVVOhA13TlUC
+n72loDL32Jv28q+gWequuhvQYR4OTxzFh+IjJqXClOvJMfh0XBdgTbV04fye46u4
+b7bT9eiGL1aaaKkAEQEAAbQ4SXNkdWJhIERldmVsb3BtZW50IENvbW11bml0eSAo
+aHR0cHM6Ly9naXRodWIuY29tL0lTRHVCQSmJAdQEEwEKAD4WIQSiX+DxdYlr+mNv
+GgUd5kWxkmg13QUCaPt2TAIbAwUJC0c1AAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
+gAAKCRAd5kWxkmg13QtPC/wJlcTcMpKKZPzDXwgIMEn06PqBCjmpvqyS7bHaYWod
+jN+FgOLLYbNbAwwMdWlS1D5tKDXTm35LTvPaGgRLuCPN8Mf3Hpd0cAP1qGKXtLP8
+MUOshprsW0ntoVFHXw5Vsf2uycsQPqwx6KFnT+9833BVzIKGfNBgfnUTKJaWbWLS
+naNdNwnm1RTkbJezKMPYwRI/M9XH4JTm7QEOhO0cCJqbsdVs98038UBj0h1DEOL1
+e2n980a7l9RRrYJjmXosqrybhknOl3PGVUtWqWDH9O8tkfYGLyYQOy0Ae1Bvd4gg
+QpycI0cBoth5vqrkhC6RAbpJA8ExQxP15K0VdieNKx2qC+RDGrKGrLGdIPJ1TQqB
+ZLy6NMU3KsGp5VaIllKMZ2kIlEKQkGz0/24iGAdTWpOyHgZhd9i710zoyxfSr6bh
+rqM7KHQssbABeJvsplMed4R2iJsBg8vrp1dj3Pqb3cQFCH2SlUN43FICHG5rsKop
+REbpnyfDJ9fIaAKHpoDLugi5AY0EaPt2TAEMAOWwwh4xzz519By+Z7RFb8WjL71+
+IoQ8h3buemh+hjd9+dCYOu6wmTlGPBazQ6fVOIX0O5sIu4SOtyyjc2SwjleXh449
+jBwrfmlSxBrdlGWQJh2zfdommRdO0F9jplbyT8aU5yvTL5XgmRCxUKBjGMYrcCB1
+QbwArp3/0mRean3IxPYVgBNjsqHqJjj+pWelOyhEYxaFiLvWH3iBKNQpHRtiRLnW
+xFtvJvfXL67eNjhRHqbWE5KuVUqfbI+rDMU5GOagWudUyIOWIO5qdALg4fJWwGSe
+4FrrfMQLMe8P1nwhmHC1npbToZlb027NMJL1XMgeP+7MdlI/jWTvNjNk3KwE/9GW
+y++ARE5wTHTC7SZkQI2lpHPTFGuoKvAWknf2PBzVZUmBKkXIZBwjjAqUg6X1CmfQ
+QKlZxixhUZv5huG0D8V8eAmyWlvHDpKOWrCgReXysiMO0ZxgaPJMYvrpbK0QM6GG
+Hbxp6l9cbTUzEmcIOMnd30hqomNx/gTWnp+2QwARAQABiQG8BBgBCgAmFiEEol/g
+8XWJa/pjbxoFHeZFsZJoNd0FAmj7dkwCGwwFCQtHNQAACgkQHeZFsZJoNd0jogv/
+XGZRP3+vQvxjH12/7P4mmDvQ/cONiiEEi5vHivdGYQZ3suuvgD8A7FX/uYL7PBhH
+zDbuSk1vF1XgAmPk2e2zSALMP0UdUaL4qjs1dd2+cjjnCBtxwCftKb/hPuy22H6o
+QgrQwwNMzgpiyUE3vZl8W8oRvoujflaZpGtpoZXB9PNmAlhL79CeQXsFCBGhzOWT
+gSVi69GFXG+3nkmbA2y0EBzYbjllVLH/g91YayCwe80DChbpD/Dj9vA6nMq+dKXY
+RnK5NaoCVLah7Ts3JlOzf3aPB6zD6Ped/CgAYOEpffPdDcQliaGG1+XHb9SVpuLK
+z/8PZSkeAr2Wflj82UJsrUf0Krzy8h8N/Qz9J7AvlYSkFqrc9oLnyRyu5wLCCpFE
+jcKaW2YeGFnhtemjyr1CX5kH3X4dpxjvA4zpu/hqzE63YzoFIRFYrC+eChLMkHR5
+yYPU3BBj4wvyV4NoZ3nnTtrJ2st3ILa6ks7WpGUxDjfSGzdmU/rXu3qy6fJgo84F
+=ZY3x
+-----END PGP PUBLIC KEY BLOCK-----
+

csaf_documents/isduba-2025-01.json

@@ -0,0 +1,129 @@
+{
+    "document": {
+        "category": "csaf_vex",
+        "csaf_version": "2.0",
+        "distribution": {
+            "tlp": {
+                "label": "WHITE",
+                "url": "https://www.first.org/tlp/v1/"
+            }
+        },
+        "lang": "en",
+        "publisher": {
+            "category": "vendor",
+            "contact_details": "See contact points at https://github.com/ISDuBA",
+            "name": "Isduba Development Community",
+            "namespace": "https://github.com/ISDuBA"
+        },
+        "title": "does not integrate Cisco Secure Firewall Adaptive Security Appliance Software",
+        "tracking": {
+            "current_release_date": "2025-10-02T17:35:00.000Z",
+            "id": "isduba-2025-01",
+            "initial_release_date": "2025-10-02T17:35:00.000Z",
+            "revision_history": [
+                {
+                    "date": "2025-10-02T17:35:00.000Z",
+                    "number": "1.0.0",
+                    "summary": "Initial revision"
+                }
+            ],
+            "status": "final",
+            "version": "1.0.0"
+        }
+    },
+    "product_tree": {
+        "branches": [
+            {
+                "branches": [
+                    {
+                        "branches": [
+                            {
+                                "category": "product_version_range",
+                                "name": "vers:all/*",
+                                "product": {
+                                    "name": "ISDuBA all versions",
+                                    "product_id": "isduba-all-versions"
+                                }
+                            }
+                        ],
+                        "category": "product_name",
+                        "name": "ISDuBA"
+                    }
+                ],
+                "category": "vendor",
+                "name": "Isduba Development Community"
+            }
+        ]
+    },
+    "vulnerabilities": [
+        {
+            "cve": "CVE-2025-20333",
+            "notes": [
+                {
+                    "category": "summary",
+                    "text": "Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability"
+                }
+            ],
+            "product_status": {
+                "known_not_affected": [
+                    "isduba-all-versions"
+                ]
+            },
+            "threats": [
+                {
+                    "category": "impact",
+                    "details": "Vulnerable component not present",
+                    "product_ids": [
+                        "isduba-all-versions"
+                    ]
+                }
+            ]
+        },
+        {
+            "cve": "CVE-2025-20362",
+            "notes": [
+                {
+                    "category": "summary",
+                    "text": "Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability"
+                }
+            ],
+            "product_status": {
+                "known_not_affected": [
+                    "isduba-all-versions"
+                ]
+            },
+            "threats": [
+                {
+                    "category": "impact",
+                    "details": "Vulnerable component not present",
+                    "product_ids": [
+                        "isduba-all-versions"
+                    ]
+                }
+            ]
+        },
+        {
+            "cve": "CVE-2025-20363",
+            "notes": [
+                {
+                    "category": "summary",
+                    "text": "Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability"
+                }
+            ],
+            "product_status": {
+                "known_not_affected": [
+                    "isduba-all-versions"
+                ]
+            },
+            "threats": [
+                {
+                    "category": "impact",
+                    "details": "Vulnerable component not present",
+                    "product_ids": [
+                        "isduba-all-versions"
+                    ]
+                }
+            ]
+        }
+    ]
+}

csaf_documents/isduba-2025-01.json.asc

@@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQGzBAABCgAdFiEEol/g8XWJa/pjbxoFHeZFsZJoNd0FAmj7eKEACgkQHeZFsZJo
+Nd22zwv9GRCeZOyfTCMdWBmuyp7vG/ZSGNwzqED5ZirOP2+F6TkojgJf2p3jJnrL
+NiTa19l49YSnDECpaRITto5fvRj8IcfMdDpD/g8LEwO52ZyvYEixk9EKLsbZ9/0P
+MJMR9KAk8FmUSs8Xmlq4Xx0u/af3wJWOf5DYcLfs5GKKi2ykxnK72ZUyp76rB+3t
+Dfyz1AljhCYYVz0aL7wmHV6CmKQW2HGjz26TG6udW0Prfi3NEMAxuCWjBBarGC2u
+4RYrieejsh69l1RCJfkX8VSa5vLU1XYAE5Ii/dCWqMyMi+xEPIDXHEogiRe6+A1L
+wCsPkS1RZ4jAtRspzRBrM1YwlOUNJcA+33W2sMBPdNEam+8MZtlb2mezG8kFwcLQ
+FwsnUAGE9E8bbg8mORPS24nIMjd1u662pd0XW7AEGH9fD7POcKutxr5IpYc46c4+
+fMGtkELrIhqFV1n28wGWzOJykQwG3TrtVLq5+QYgGu1jKpFUzbD7T5a0iKpHY8ep
+BJZ7i60h
+=Op54
+-----END PGP SIGNATURE-----