This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
Add explicit list of supported Perl versions and URL where to find it
[perl5.git] / Porting / security_template.pod
CommitLineData
1f3be43f
TC
1=begin editor
2
3Delete this begin/end block before publication.
4
5Note every heading below is appropriate for every security issue, so
6some may be deleted.
7
8Look for FIXME to see what needs to be filled in.
9
10=end editor
11
12=encoding utf8
13
14=head1 NAME
15
16FIXME - short description of the security issue, with an identifier of the issue as the manpage name
17
18=head1 DESCRIPTION
19
20=for editor
21Ideally, FIXME here should be the CVE-ID as a link to cve.mitre.org
22
23This document describes the
24L<FIXME|http://cve.mitre.org/cgi-bin/cvename.cgi?name=FIXME>
25security vulnerability for perl 5.
26
27=head2 Are there any known exploits "in the wild" for this vulnerability
28
29FIXME or delete
30
31=head2 Who is particularly vulnerable because of this issue?
32
33FIXME or delete
34
35=head2 What is the nature of the vulnerability?
36
37FIXME
38
39=head2 What potential exploits are enabled by this vulnerability?
40
41FIXME or delete
42
43=head2 Which major versions of perl 5 are affected?
44
45FIXME with a list of versions that are affected, and which were updated.
46
47=head2 How can users protect themselves?
48
49FIXME or use the following:
50
cf4ed238
MM
51If you are vulnerable, upgrade to the latest maintenance release for the
52version of perl you are using.
53
54If your release of perl is no longer supported by the perl 5 committers you
55may need to upgrade to a new major release of perl. The versions currently
56supported by the perl 5 committers are
57FIXME 5.28.2 (until 2020-05-31)
58and
59FIXME 5.30.1 (until 2021-05-31).
60The current version of perl is available from https://www.perl.org/get.html .
1f3be43f
TC
61
62=head2 Who was given access to the information about the vulnerability?
63
64FIXME or use the following:
65
66Specifics about the vulnerability were first disclosed to
67C<perl5-security-report>, a closed subscriber mailing list that has a
68subset of the perl 5 committers subcribed to it.
69
70=head2 When was the vulnerability discovered?
71
72FIXME
73
74=head2 Who discovered the vulnerability?
75
76FIXME
77
78=head2 How was the vulnerability reported?
79
80FIXME: something like "So-and-so sent email to
81perl5-security-report@perl.org"
82
83=cut