blob: 62334274e85af30029529bb3313b1df6e2683cbd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
=begin editor
Delete this begin/end block before publication.
Not every heading below is appropriate for every security issue, so
some may be deleted.
Look for FIXME to see what needs to be filled in.
=end editor
=encoding utf8
=head1 NAME
FIXME - short description of the security issue, with an identifier of the issue as the manpage name
=head1 DESCRIPTION
=for editor
Ideally, FIXME here should be the CVE-ID as a link to cve.mitre.org
This document describes the
L<FIXME|http://cve.mitre.org/cgi-bin/cvename.cgi?name=FIXME>
security vulnerability for perl 5.
=head2 Are there any known exploits "in the wild" for this vulnerability
FIXME or delete
=head2 Who is particularly vulnerable because of this issue?
FIXME or delete
=head2 What is the nature of the vulnerability?
FIXME
=head2 What potential exploits are enabled by this vulnerability?
FIXME or delete
=head2 Which major versions of perl 5 are affected?
FIXME with a list of versions that are affected, and which were updated.
=head2 How can users protect themselves?
FIXME or use the following:
If you are vulnerable, upgrade to the latest maintenance release for the
version of perl you are using.
If your release of perl is no longer supported by the perl 5 committers you
may need to upgrade to a new major release of perl. The versions currently
supported by the perl 5 committers are
FIXME 5.28.2 (until 2020-05-31)
and
FIXME 5.30.1 (until 2021-05-31).
The current version of perl is available from https://www.perl.org/get.html .
=head2 Who was given access to the information about the vulnerability?
FIXME or use the following:
Specifics about the vulnerability were first disclosed to
C<perl-security>, a closed subscriber mailing list that has a
subset of the perl committers subcribed to it.
=head2 When was the vulnerability discovered?
FIXME
=head2 Who discovered the vulnerability?
FIXME
=head2 How was the vulnerability reported?
FIXME: something like "So-and-so sent email to
perl-security@perl.org"
=cut
|
