From 8ec141a460e9c5b5c60d3afc246fe604027ca526 Mon Sep 17 00:00:00 2001 From: Vicky Risk Date: Thu, 8 Sep 2022 17:29:55 +0000 Subject: Update CVE_draft.md --- .gitlab/issue_templates/CVE_draft.md | 100 ++++++++++++++++++++++++++++++++++- 1 file changed, 98 insertions(+), 2 deletions(-) diff --git a/.gitlab/issue_templates/CVE_draft.md b/.gitlab/issue_templates/CVE_draft.md index e09db1d4..f3397393 100644 --- a/.gitlab/issue_templates/CVE_draft.md +++ b/.gitlab/issue_templates/CVE_draft.md @@ -93,5 +93,101 @@ your name here ISC Support Engineer --------- -(INTERNAL) attach text copies of the CVE Advisory draft(s) here +--------------- +[DRAFT TEXT OF THE ADVISORY IS BELOW, NOTE THAT THIS IS ONLY A WORKING DRAFT] + + +CVE: CVE-9999-99999 [FILL IN] + +Document version: 1.0 + +Posting date: [FILL IN DD MONTH YEAR] + +Program impacted: DHCP + +Versions affected: DHCP [FILL IN] + +Severity: [FILL IN - MEDIUM, HIGH OR CRITICAL] + +Exploitable: [FILL IN - REMOTELY OR LOCALLY] + +Description: + +[FILL IN] + +Impact: + +[FILL IN] + +CVSS Score: [FILL IN] + +CVSS Vector: CVSS v3.1 Vector: [PASTE HERE] + +For more information on the Common Vulnerability Scoring System and to +obtain your specific environmental score please visit: +https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C&version=3.1. + +Workarounds: + +[FILL IN, OFTEN ...] +No workarounds known. + +Active exploits: +[FILL IN, OFTEN ...] +We are not aware of any active exploits. + +Solution: +[FILL IN, TYPICALLY SOMETHING LIKE THIS...] +Upgrade to the patched release most closely related to your current +version of DHCP: + +DHCP 4.4.x (Current Stable) +DHCP 4.1.x (Old Stable) + +Acknowledgments: ISC would like to thank [REPORTER] from [REPORTER ORGANIZATION] +for for discovering and reporting this issue. + +Document revision history: + +1.0 Early Notification, [DAY MONTH YEAR] + +Related documents: + + +Do you still have questions? Questions regarding this advisory should +go to security-officer@isc.org. To report a new issue, please encrypt +your message using security-officer@isc.org's PGP key which can be +found here: https://www.isc.org/pgpkey/. If you are unable to use +encrypted email, you may also report new issues at: +https://www.isc.org/reportbug/. + +Note: + +ISC patches only currently supported versions. When possible we +indicate EOL versions affected. (For current information on which +versions are actively supported, please see: +https://www.isc.org/download/ ) + +ISC Security Vulnerability Disclosure Policy: + +Details of our current security advisory policy and practice can be +found in the ISC Software Defect and Security Vulnerability Disclosure +Policy at https://kb.isc.org/docs/aa-00861. + +The Knowledgebase article [PASTE IN THE LINK HERE] is the +complete and official security advisory document. + +Legal Disclaimer: + +Internet Systems Consortium (ISC) is providing this notice on an "AS +IS" basis. No warranty or guarantee of any kind is expressed in this +notice and none should be implied. ISC expressly excludes and +disclaims any warranties regarding this notice or materials referred +to in this notice, including, without limitation, any implied warranty +of merchantability, fitness for a particular purpose, absence of +hidden defects, or of non-infringement. Your use or reliance on this +notice or materials referred to in this notice is at your own risk. +ISC may change this notice at any time. A stand-alone copy or +paraphrase of the text of this document that omits the document URL is +an uncontrolled copy. Uncontrolled copies may lack important +information, be out of date, or contain factual errors. -- cgit v1.2.1