https://perl5.git.perl.org / perl5.git / blame
| Commit | Line | Data |
|---|---|---|
| 1f3be43f TC |
1 | =begin editor |
| 2 | ||
| 3 | Delete this begin/end block before publication. | |
| 4 | ||
| 0f750bd8 | 5 | Not every heading below is appropriate for every security issue, so |
| 1f3be43f TC |
6 | some may be deleted. |
| 7 | ||
| 8 | Look for FIXME to see what needs to be filled in. | |
| 9 | ||
| 10 | =end editor | |
| 11 | ||
| 12 | =encoding utf8 | |
| 13 | ||
| 14 | =head1 NAME | |
| 15 | ||
| 16 | FIXME - short description of the security issue, with an identifier of the issue as the manpage name | |
| 17 | ||
| 18 | =head1 DESCRIPTION | |
| 19 | ||
| 20 | =for editor | |
| 21 | Ideally, FIXME here should be the CVE-ID as a link to cve.mitre.org | |
| 22 | ||
| 23 | This document describes the | |
| 24 | L<FIXME|http://cve.mitre.org/cgi-bin/cvename.cgi?name=FIXME> | |
| 25 | security vulnerability for perl 5. | |
| 26 | ||
| 27 | =head2 Are there any known exploits "in the wild" for this vulnerability | |
| 28 | ||
| 29 | FIXME or delete | |
| 30 | ||
| 31 | =head2 Who is particularly vulnerable because of this issue? | |
| 32 | ||
| 33 | FIXME or delete | |
| 34 | ||
| 35 | =head2 What is the nature of the vulnerability? | |
| 36 | ||
| 37 | FIXME | |
| 38 | ||
| 39 | =head2 What potential exploits are enabled by this vulnerability? | |
| 40 | ||
| 41 | FIXME or delete | |
| 42 | ||
| 43 | =head2 Which major versions of perl 5 are affected? | |
| 44 | ||
| 45 | FIXME with a list of versions that are affected, and which were updated. | |
| 46 | ||
| 47 | =head2 How can users protect themselves? | |
| 48 | ||
| 49 | FIXME or use the following: | |
| 50 | ||
| cf4ed238 MM |
51 | If you are vulnerable, upgrade to the latest maintenance release for the |
| 52 | version of perl you are using. | |
| 53 | ||
| 54 | If your release of perl is no longer supported by the perl 5 committers you | |
| 55 | may need to upgrade to a new major release of perl. The versions currently | |
| 56 | supported by the perl 5 committers are | |
| 57 | FIXME 5.28.2 (until 2020-05-31) | |
| 58 | and | |
| 59 | FIXME 5.30.1 (until 2021-05-31). | |
| 60 | The current version of perl is available from https://www.perl.org/get.html . | |
| 1f3be43f TC |
61 | |
| 62 | =head2 Who was given access to the information about the vulnerability? | |
| 63 | ||
| 64 | FIXME or use the following: | |
| 65 | ||
| 66 | Specifics about the vulnerability were first disclosed to | |
| b135fd4a JL |
67 | C<perl-security>, a closed subscriber mailing list that has a |
| 68 | subset of the perl committers subcribed to it. | |
| 1f3be43f TC |
69 | |
| 70 | =head2 When was the vulnerability discovered? | |
| 71 | ||
| 72 | FIXME | |
| 73 | ||
| 74 | =head2 Who discovered the vulnerability? | |
| 75 | ||
| 76 | FIXME | |
| 77 | ||
| 78 | =head2 How was the vulnerability reported? | |
| 79 | ||
| 80 | FIXME: something like "So-and-so sent email to | |
| b135fd4a | 81 | perl-security@perl.org" |
| 1f3be43f TC |
82 | |
| 83 | =cut |