Updated to use both original, redirect and archive URLs.

Original URL cited for consistency with previous transparency
report. Redirect URL cited in case that is ever turned off.
Archive URL cited in case Chromium data deleted for whatever
reason.

Author: smithp35

llvm/docs/SecurityTransparencyReports.rst

@@ -14,6 +14,10 @@ Chromium issue tracker. All of these issues contain an attached PDF
 with the content of the Chromium issue, and have the SecurityArchive
 label.
 
+Each Chromium issue has 3 URLs, the first is the original URL recorded in
+previous transparency reports. the second is the redirect URL to the archive.
+The third is to the GitHub archive issue.
+
 2021
 ----
 
@@ -39,10 +43,12 @@ In 2021, the security group received 13 issue reports that were made publicly
 visible before 31st of December 2021.  The security group judged 2 of these
 reports to be security issues:
 
-* https://issuetracker.google.com/issues/42410043 archive:
+* original: https://bugs.chromium.org/p/llvm/issues/detail?id=5
+  redirect: https://issuetracker.google.com/issues/42410043 archive:
   https://github.com/llvm/llvm-project/issues/125709
 
-* https://issuetracker.google.com/issues/42410002 archive:
+* original: https://bugs.chromium.org/p/llvm/issues/detail?id=11
+  redirect: https://issuetracker.google.com/issues/42410002 archive:
   https://github.com/llvm/llvm-project/issues/127644
 
 Both issues were addressed with source changes: #5 in clangd/vscode-clangd, and
@@ -67,27 +73,32 @@ the time of writing this transparency report.
 
 5 of these were judged to be security issues:
 
-* https://issuetracker.google.com/issues/42410008 reports a miscompile in
-  LLVM that can result in the frame pointer and return address being
-  overwritten. This was fixed. Archive: https://github.com/llvm/llvm-project/issues/127645
+* https://bugs.chromium.org/p/llvm/issues/detail?id=17 reports a miscompile in LLVM
+  that can result in the frame pointer and return address being overwritten. This
+  was fixed. Redirect: https://issuetracker.google.com/issues/42410008 archive:
+  https://github.com/llvm/llvm-project/issues/127645
 
-* https://issuetracker.google.com/issues/42410010 reports a vulnerability
-  in `std::filesystem::remove_all` in libc++. This was fixed. Archive:
+* https://bugs.chromium.org/p/llvm/issues/detail?id=19 reports a vulnerability in
+  `std::filesystem::remove_all` in libc++. This was fixed.
+  Redirect: https://issuetracker.google.com/issues/42410010 archive:
   https://github.com/llvm/llvm-project/issues/127647
 
-* https://issuetracker.google.com/issues/42410015 reports a new Spectre
+* https://bugs.chromium.org/p/llvm/issues/detail?id=23 reports a new Spectre
   gadget variant that Speculative Load Hardening (SLH) does not mitigate. No
   extension to SLH was implemented to also mitigate against this variant.
-  Archive: https://github.com/llvm/llvm-project/issues/127648
+  Redirect: https://issuetracker.google.com/issues/42410015 archive:
+  https://github.com/llvm/llvm-project/issues/127648
 
-* https://issuetracker.google.com/issues/42410023 reports missing memory
+* https://bugs.chromium.org/p/llvm/issues/detail?id=30 reports missing memory
   safety protection on the (C++) exception handling path. A number of fixes
-  were implemented. Archive: https://github.com/llvm/llvm-project/issues/127649
+  were implemented. Redirect: https://issuetracker.google.com/issues/42410023
+  archive: https://github.com/llvm/llvm-project/issues/127649
 
-* https://issuetracker.google.com/issues/42410026 reports the RETBLEED
+* https://bugs.chromium.org/p/llvm/issues/detail?id=33 reports the RETBLEED
   vulnerability. The outcome was clang growing a new security hardening feature
   `-mfunction-return=thunk-extern`, see https://reviews.llvm.org/D129572.
-  Archive: https://github.com/llvm/llvm-project/issues/127650
+  Redirect: https://issuetracker.google.com/issues/42410026 archive:
+  https://github.com/llvm/llvm-project/issues/127650
 
 
 No dedicated LLVM releases were made for any of the above issues.
@@ -100,37 +111,52 @@ that were received earlier, but were disclosed in 2023.
 
 9 of these were judged to be security issues:
 
- * https://issuetracker.google.com/issues/42410029 reports the presence of
-   .git folder in https://llvm.org/.git. Archive: https://github.com/llvm/llvm-project/issues/131841
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=36 reports the presence of
+   .git folder in https://llvm.org/.git. Redirect:
+   https://issuetracker.google.com/issues/42410029 archive:
+   https://github.com/llvm/llvm-project/issues/131841
 
- * https://issuetracker.google.com/issues/42410060 reports the presence of
-   a GitHub Personal Access token in a DockerHub imaage. Archive: https://github.com/llvm/llvm-project/issues/131846
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=66 reports the presence of a
+   GitHub Personal Access token in a DockerHub imaage. Redirect
+   https://issuetracker.google.com/issues/42410060 archive:
+   https://github.com/llvm/llvm-project/issues/131846
 
- * https://issuetracker.google.com/issues/42410035 reports a potential gap
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=42 reports a potential gap
    in the Armv8.1-m BTI protection, involving a combination of large switch statements
-   and __builtin_unreachable() in the default case. Archive: https://github.com/llvm/llvm-project/issues/131848
-
- * https://issuetracker.google.com/issues/42410036 reports a dependency on
-   an old version of xml2js with a CVE filed against it.
-   Archive: https://github.com/llvm/llvm-project/issues/131849
-
- * https://issuetracker.google.com/issues/42410038 reports a number of
-   dependencies that have had vulnerabilities reported against them.
-   Archive: https://github.com/llvm/llvm-project/issues/131851
-
- * https://issuetracker.google.com/issues/42410039 is related to issue 42410038.
-   Archive: https://github.com/llvm/llvm-project/issues/131852
-
- * https://issuetracker.google.com/issues/42410041 reports a buffer overflow
-   in std::format from -fexperimental-library. Archive: https://github.com/llvm/llvm-project/issues/131856
-
- * https://issuetracker.google.com/issues/42410047 reports a memory leak in
+   and __builtin_unreachable() in the default case. Redirect:
+   https://issuetracker.google.com/issues/42410035 archive:
+   https://github.com/llvm/llvm-project/issues/131848
+
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=43 reports a dependency
+   on an old version of xml2js with a CVE filed against it. Redirect:
+   https://issuetracker.google.com/issues/42410036 archive:
+   https://github.com/llvm/llvm-project/issues/131849
+
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=45 reports a number of
+   dependencies that have had vulnerabilities reported against them. Redirect:
+   https://issuetracker.google.com/issues/42410038 archive:
+   https://github.com/llvm/llvm-project/issues/131851
+
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=46 is related to
+   issue 43. Redirect https://issuetracker.google.com/issues/42410039 archive:
+   https://github.com/llvm/llvm-project/issues/131852
+
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=48 reports a buffer overflow in
+   std::format from -fexperimental-library. Redirect:
+   https://issuetracker.google.com/issues/42410041 archive:
+   https://github.com/llvm/llvm-project/issues/131856
+
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=54 reports a memory leak in
    basic_string move assignment when built with libc++ versions <=6.0 and run against
-   newer libc++ shared/dylibs. Archive: https://github.com/llvm/llvm-project/issues/131857
+   newer libc++ shared/dylibs. Redirect:
+   https://issuetracker.google.com/issues/42410047 archive:
+   https://github.com/llvm/llvm-project/issues/131857
 
- * https://issuetracker.google.com/issues/42410049 reports an out of bounds buffer
-   store introduced by LLVM backends, that regressed due to a procedural oversight.
-   Archive: https://github.com/llvm/llvm-project/issues/131858
+ * https://bugs.chromium.org/p/llvm/issues/detail?id=56 reports an out
+   of bounds buffer store introduced by LLVM backends, that regressed
+   due to a procedural oversight. Redirect
+   https://issuetracker.google.com/issues/42410049 archive:
+   https://github.com/llvm/llvm-project/issues/131858
 
 No dedicated LLVM releases were made for any of the above issues.
 
@@ -172,11 +198,13 @@ publishing security advisories for those issues at
 https://github.com/llvm/llvm-security-repo/security/advisories/.
 
 1. “Unexpected behavior when using LTO and branch-protection together” |br|
-   Details are available at https://issuetracker.google.com/issues/42410051
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=58 |br|
+   redirect: https://issuetracker.google.com/issues/42410051 |br|
    archive: https://github.com/llvm/llvm-project/issues/132185
 2. “Security weakness in PCS for CMSE”
    (`CVE-2024-0151 <https://nvd.nist.gov/vuln/detail/CVE-2024-0151>`_) |br|
-   Details are available at https://issuetracker.google.com/issues/42410062
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=68 |br|
+   redirect: https://issuetracker.google.com/issues/42410062 |br|
    archive: https://github.com/llvm/llvm-project/issues/132186
 3. “CMSE secure state may leak from stack to floating-point registers”
    (`CVE-2024-7883 <https://www.cve.org/cverecord?id=CVE-2024-7883>`_) |br|
@@ -187,10 +215,12 @@ Supply chain security related issues and project services-related issues
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 1. “GitHub User Involved in xz backdoor may have attempted to change to clang in order to help hide the exploit” |br|
-   Details are available at https://issuetracker.google.com/issues/42410066
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=71 |br|
+   redirect: https://issuetracker.google.com/issues/42410066 |br|
    archive: https://github.com/llvm/llvm-project/issues/132187
 2. “llvmbot account suspended due to supicious login” |br|
-   Details are available at https://issuetracker.google.com/issues/42410067
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=72 |br|
+   redirect: https://issuetracker.google.com/issues/42410067 |br|
    archive: https://github.com/llvm/llvm-project/issues/132243
 3. “.git Exposure” |br|
    GHSA-mr8r-vvrc-w6rq |br|
@@ -228,31 +258,40 @@ Issues deemed to not require coordinated action before disclosing publicly
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 1. “Clang Address Sanitizer gives False Negative for Array Out of Bounds Compiled with Optimization” |br|
-   Details are available at https://issuetracker.google.com/issues/42410050
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=57 |br|
+   redirect: https://issuetracker.google.com/issues/42410050 |br|
    archive: https://github.com/llvm/llvm-project/issues/132191
 2. “Found exposed .svn folder” |br|
-   Details are available at https://issuetracker.google.com/issues/42410052
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=59 |br|
+   redirect: https://issuetracker.google.com/issues/42410052
    archive: https://github.com/llvm/llvm-project/issues/132192
 3. “Arbitrary code execution when combining SafeStack \+ dynamic stack allocations \+ \_\_builtin\_setjmp/longjmp” |br|
-   Details are available at https://issuetracker.google.com/issues/42410054
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=60 |br|
+   redirect: https://issuetracker.google.com/issues/42410054
    archive: https://github.com/llvm/llvm-project/issues/132220
 4. “RISC-V: Constants are allocated in writeable .sdata section” |br|
-   Details are available at https://issuetracker.google.com/issues/42410055
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=61 |br|
+   redirect: https://issuetracker.google.com/issues/42410055 |br|
    archive: https://github.com/llvm/llvm-project/issues/132223
 5. “Manifest File with Out-of-Date Dependencies with CVEs” |br|
-   Details are available at https://issuetracker.google.com/issues/42410056
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=62 |br|
+   redirect: https://issuetracker.google.com/issues/42410056 |br|
    archive: https://github.com/llvm/llvm-project/issues/132225
 6. “Non-const derived ctor should fail compilation when having a consteval base ctor” |br|
-   Details are available at https://issuetracker.google.com/issues/42410061
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=67 |br|
+   redirect: https://issuetracker.google.com/issues/42410061 |br|
    archive: https://github.com/llvm/llvm-project/issues/132226
 7. “Wrong assembly code generation. Branching to the corrupted "LR".” |br|
-   Details are available at https://issuetracker.google.com/issues/42410063
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=69 |br|
+   redirect: https://issuetracker.google.com/issues/42410063 |br|
    archive: https://github.com/llvm/llvm-project/issues/132229
 8. “Security bug report” |br|
-   Details are available at https://issuetracker.google.com/issues/42410065
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=70 |br|
+   redirect: https://issuetracker.google.com/issues/42410065 |br|
    archive: https://github.com/llvm/llvm-project/issues/132233
 9. “Using ASan with setuid binaries can lead to arbitrary file write and elevation of privileges” |br|
-   Details are available at https://issuetracker.google.com/issues/42410068
+   Details are available at https://bugs.chromium.org/p/llvm/issues/detail?id=73 |br|
+   redirect: https://issuetracker.google.com/issues/42410068 |br|
    archive: https://github.com/llvm/llvm-project/issues/132235
 10. “Interesting bugs for bool variable in clang projects and aarch64 modes outputting inaccurate results.” |br|
     GHSA-w7qc-292v-5xh6 |br|