1=begin editor 2 3Delete this begin/end block before publication. 4 5Not every heading below is appropriate for every security issue, so 6some may be deleted. 7 8Look for FIXME to see what needs to be filled in. 9 10=end editor 11 12=encoding utf8 13 14=head1 NAME 15 16FIXME - short description of the security issue, with an identifier of the issue as the manpage name 17 18=head1 DESCRIPTION 19 20=for editor 21Ideally, FIXME here should be the CVE-ID as a link to cve.mitre.org 22 23This document describes the 24L<FIXME|http://cve.mitre.org/cgi-bin/cvename.cgi?name=FIXME> 25security vulnerability for perl 5. 26 27=head2 Are there any known exploits "in the wild" for this vulnerability 28 29FIXME or delete 30 31=head2 Who is particularly vulnerable because of this issue? 32 33FIXME or delete 34 35=head2 What is the nature of the vulnerability? 36 37FIXME 38 39=head2 What potential exploits are enabled by this vulnerability? 40 41FIXME or delete 42 43=head2 Which major versions of perl 5 are affected? 44 45FIXME with a list of versions that are affected, and which were updated. 46 47=head2 How can users protect themselves? 48 49FIXME or use the following: 50 51If you are vulnerable, upgrade to the latest maintenance release for the 52version of perl you are using. 53 54If your release of perl is no longer supported by the perl 5 committers you 55may need to upgrade to a new major release of perl. The versions currently 56supported by the perl 5 committers are 57FIXME 5.28.2 (until 2020-05-31) 58and 59FIXME 5.30.1 (until 2021-05-31). 60The current version of perl is available from https://www.perl.org/get.html . 61 62=head2 Who was given access to the information about the vulnerability? 63 64FIXME or use the following: 65 66Specifics about the vulnerability were first disclosed to 67C<perl-security>, a closed subscriber mailing list that has a 68subset of the perl committers subcribed to it. 69 70=head2 When was the vulnerability discovered? 71 72FIXME 73 74=head2 Who discovered the vulnerability? 75 76FIXME 77 78=head2 How was the vulnerability reported? 79 80FIXME: something like "So-and-so sent email to 81perl-security@perl.org" 82 83=cut 84