Commit | Line | Data |
---|---|---|
1f3be43f TC |
1 | =begin editor |
2 | ||
3 | Delete this begin/end block before publication. | |
4 | ||
0f750bd8 | 5 | Not every heading below is appropriate for every security issue, so |
1f3be43f TC |
6 | some may be deleted. |
7 | ||
8 | Look for FIXME to see what needs to be filled in. | |
9 | ||
10 | =end editor | |
11 | ||
12 | =encoding utf8 | |
13 | ||
14 | =head1 NAME | |
15 | ||
16 | FIXME - short description of the security issue, with an identifier of the issue as the manpage name | |
17 | ||
18 | =head1 DESCRIPTION | |
19 | ||
20 | =for editor | |
21 | Ideally, FIXME here should be the CVE-ID as a link to cve.mitre.org | |
22 | ||
23 | This document describes the | |
24 | L<FIXME|http://cve.mitre.org/cgi-bin/cvename.cgi?name=FIXME> | |
25 | security vulnerability for perl 5. | |
26 | ||
27 | =head2 Are there any known exploits "in the wild" for this vulnerability | |
28 | ||
29 | FIXME or delete | |
30 | ||
31 | =head2 Who is particularly vulnerable because of this issue? | |
32 | ||
33 | FIXME or delete | |
34 | ||
35 | =head2 What is the nature of the vulnerability? | |
36 | ||
37 | FIXME | |
38 | ||
39 | =head2 What potential exploits are enabled by this vulnerability? | |
40 | ||
41 | FIXME or delete | |
42 | ||
43 | =head2 Which major versions of perl 5 are affected? | |
44 | ||
45 | FIXME with a list of versions that are affected, and which were updated. | |
46 | ||
47 | =head2 How can users protect themselves? | |
48 | ||
49 | FIXME or use the following: | |
50 | ||
cf4ed238 MM |
51 | If you are vulnerable, upgrade to the latest maintenance release for the |
52 | version of perl you are using. | |
53 | ||
54 | If your release of perl is no longer supported by the perl 5 committers you | |
55 | may need to upgrade to a new major release of perl. The versions currently | |
56 | supported by the perl 5 committers are | |
57 | FIXME 5.28.2 (until 2020-05-31) | |
58 | and | |
59 | FIXME 5.30.1 (until 2021-05-31). | |
60 | The current version of perl is available from https://www.perl.org/get.html . | |
1f3be43f TC |
61 | |
62 | =head2 Who was given access to the information about the vulnerability? | |
63 | ||
64 | FIXME or use the following: | |
65 | ||
66 | Specifics about the vulnerability were first disclosed to | |
b135fd4a JL |
67 | C<perl-security>, a closed subscriber mailing list that has a |
68 | subset of the perl committers subcribed to it. | |
1f3be43f TC |
69 | |
70 | =head2 When was the vulnerability discovered? | |
71 | ||
72 | FIXME | |
73 | ||
74 | =head2 Who discovered the vulnerability? | |
75 | ||
76 | FIXME | |
77 | ||
78 | =head2 How was the vulnerability reported? | |
79 | ||
80 | FIXME: something like "So-and-so sent email to | |
b135fd4a | 81 | perl-security@perl.org" |
1f3be43f TC |
82 | |
83 | =cut |