From 57b6b616bc2c57f4555a19fa0e2789e1304a6f90 Mon Sep 17 00:00:00 2001
From: Dan Luhring <dluhring@chainguard.dev>
Date: Mon, 14 Aug 2023 20:43:42 -0400
Subject: [PATCH] zot: add affected advisories

Signed-off-by: Dan Luhring <dluhring@chainguard.dev>
---
 zot.advisories.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 zot.advisories.yaml

diff --git a/zot.advisories.yaml b/zot.advisories.yaml
new file mode 100644
index 0000000000..2d09e15445
--- /dev/null
+++ b/zot.advisories.yaml
@@ -0,0 +1,13 @@
+package:
+  name: zot
+
+advisories:
+  CVE-2023-25656:
+    - timestamp: 2023-08-14T20:41:53.435338-04:00
+      status: affected
+      action: We are waiting on zot to update its code to use a fixed version of the affected notation library.
+
+  CVE-2023-33959:
+    - timestamp: 2023-08-14T20:42:56.411344-04:00
+      status: affected
+      action: We are waiting on zot to update its code to use a fixed version of the affected notation library.