diff options
Diffstat (limited to '.gitlab/issue_templates/CVE_draft.md')
| -rw-r--r-- | .gitlab/issue_templates/CVE_draft.md | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/.gitlab/issue_templates/CVE_draft.md b/.gitlab/issue_templates/CVE_draft.md new file mode 100644 index 00000000..a266af03 --- /dev/null +++ b/.gitlab/issue_templates/CVE_draft.md @@ -0,0 +1,95 @@ +--- +name: CVE Communications Draft +about: Create draft emails for a security vulnerability + +--- + +(INTERNAL) (Non-authoritative Draft only) +The version in the KB is the authoritative Advisory, this is only DRAFT text to be used for communications (emails). This is also not the CVE checklist for this issue. Once the CVE is made public, this issue should be deleted from the repo. + +(INTERNAL) (Keep things text-only friendly) +All of the official communication about this vulnerability will use a text-only version of this article. This is most obvious in the way that certain links are constructed. Most links should be constructed contrary to "web best-practice" and use the full URL as their link text. + +(INTERNAL) +| header | header | +| ------ | ------ | +| CVE # | CVE-9999-99999 | +| GL Issue | | +| Versions affected | | +| link to Advisory draft in KB | | +| date for earliest | | +| date for T-5 | | +| public release date | | + +cut and paste below this line for the customer email + +---------------------- + +NOTE: This Advisory is Confidential and under NDA until Public Release +(date of planned release here) unless notified by the Internet +Systems Consortium's (ISC's) Security Officer (security-officer@isc.org). +We ask that you respect our phased disclosure process (see +https://www.isc.org/security-vulnerability-disclosure-policy ). + +If you know of an additional party who should be included in our phased +disclosure process please contact ISC directly and do not forward this +advisory to them. + +DO NOT forward this information to anyone per your Subscription +Agreement, as it has not yet been released to the public. + +If you need to ask a question about this Advance Security Bulletin, +before it is publicly released, please do so securely and do not make +any reference to the advisory or its existence via unencrypted email to +ISC or by opening a new support ticket. + +We suggest using one of the secure methods below: + +1. Log in to your RT queue via https to add the question to the advisory +notification ticket in your queue. ISC's support team will post a reply +and then inform you directly via email that we have responded and that +you need to check the ticket directly. + +2. Email your question, encrypted to security-officer@isc.org, using our +public PGP key which can be found here: + +http://www.isc.org/downloads/software-support-policy/openpgp-key/ + +Regards, + +ISC Support + +---- + +To Our Advance Notification Customers and Partners -- + +This message is being sent to you because you are on our list for Early Advance +Notification for security issues affecting ISC DHCP. + +We have learned of a security issue which can be exploited in the ISC DHCP +server (dhcpd). + +The issue, which is designated CVE-xxxx-xxxxx, occurs due to xxxxxxx. + +This defect applies to versions DHCP 4.1.x - 4.1.y and DHCP 4.4.x - 4.4.y. + +Description: + + + +Impact: + + + +Workaround: + + + +If you have questions, please use this ticket to ask them. + +your name here + +ISC Support Engineer + +-------- +(INTERNAL) attach text copies of the CVE Advisory draft(s) here |