svn commit: r52777 - head/en_US.ISO8859-1/htdocs/security
Glen Barber
gjb at FreeBSD.org
Thu Jan 24 17:47:50 UTC 2019
Author: gjb
Date: Thu Jan 24 17:47:48 2019
New Revision: 52777
URL: https://svnweb.freebsd.org/changeset/doc/52777
Log:
- Add templates for security advisories and errata notices to the
tree.
- Link to the templates on the reporting.html page.
Suggested by: emaste
Discussed with: secteam (emaste, remko)
Sponsored by: The FreeBSD Foundation
Added:
head/en_US.ISO8859-1/htdocs/security/advisory-template.txt (contents, props changed)
head/en_US.ISO8859-1/htdocs/security/errata-template.txt (contents, props changed)
Modified:
head/en_US.ISO8859-1/htdocs/security/Makefile
head/en_US.ISO8859-1/htdocs/security/reporting.xml
Modified: head/en_US.ISO8859-1/htdocs/security/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 08:13:11 2019 (r52776)
+++ head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 17:47:48 2019 (r52777)
@@ -11,6 +11,8 @@ SUBDIR= advisories
SUBDIR+= patches
DATA= so_public_key.asc
+DATA= advisory-template.txt
+DATA= errata-template.txt
DOCS= charter.xml
DOCS+= security.xml
DOCS+= advisories.xml
Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/security/advisory-template.txt Thu Jan 24 17:47:48 2019 (r52777)
@@ -0,0 +1,140 @@
+=============================================================================
+FreeBSD-SA-ADVISORY_TEMPLATE Security Advisory
+ The FreeBSD Project
+
+Topic:
+
+Category: < core | contrib >
+Module: <module name>
+Announced: 2019-XX-XX
+Credits:
+Affects: <affected versions>
+ <e.g., "All supported versions of FreeBSD.", "FreeBSD
+ 12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2">
+Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE)
+ 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX)
+ 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE)
+ 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX)
+CVE Name: CVE-XXXX-XXXX
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+<brief description of what the affected bits are supposed to do>
+
+II. Problem Description
+
+<detailed description of the problem>
+
+III. Impact
+
+<description as to why the above problem is bad>
+
+IV. Workaround
+
+<If no workaround exists:>
+No workaround is available.
+
+<... but some systems are unaffected:>
+No workaround is available. <insert simple description of some
+systems that are not vulnerable>
+
+<If a workaround exists:>
+<insert workaround here>
+
+V. Solution
+
+<insert solution here>
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+[XX Needs reboot? Mention please]
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+[XX Needs reboot? Mention please]
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch
+# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch.asc
+# gpg --verify XXXX.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+<for a userland utility:>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+<for a daemons>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+<for a common library>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+<for a kernel vulnerability:>
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+-------------------------------------------------------------------------
+stable/12/ rXXXXXX
+releng/12.0/ rXXXXXX
+stable/11/ rXXXXXX
+releng/11.2/ rXXXXXX
+-------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<other info on vulnerability>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-XXXX>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-XX:XX.XXXXX.asc>
Added: head/en_US.ISO8859-1/htdocs/security/errata-template.txt
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/security/errata-template.txt Thu Jan 24 17:47:48 2019 (r52777)
@@ -0,0 +1,140 @@
+=============================================================================
+FreeBSD-EN-ERRATA_TEMPLATE Errata Notice
+ The FreeBSD Project
+
+Topic:
+
+Category: < core | contrib >
+Module: <module name>
+Announced: 2019-XX-XX
+Credits:
+Affects: <affected versions>
+ <e.g., "All supported versions of FreeBSD.", "FreeBSD
+ 12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2">
+Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE)
+ 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX)
+ 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE)
+ 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+<brief description of what the affected bits are supposed to do>
+
+II. Problem Description
+
+<detailed description of the problem>
+
+III. Impact
+
+<description as to why the above problem is bad>
+
+IV. Workaround
+
+<If no workaround exists:>
+No workaround is available.
+
+<... but some systems are unaffected:>
+No workaround is available. <insert simple description of some
+systems that are not vulnerable>
+
+<If a workaround exists:>
+<insert workaround here>
+
+V. Solution
+
+<insert solution here>
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+[XX Needs reboot? Mention please]
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+[XX Needs reboot? Mention please]
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch
+# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc
+# gpg --verify XXXX.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+<for a userland utility:>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+<for a daemons>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+<for a common library>
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+<for a kernel bug:>
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+-------------------------------------------------------------------------
+stable/12/ rXXXXXX
+releng/12.0/ rXXXXXX
+stable/11/ rXXXXXX
+releng/11.2/ rXXXXXX
+-------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<other info on the problem>
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>
Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 08:13:11 2019 (r52776)
+++ head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 17:47:48 2019 (r52777)
@@ -49,6 +49,13 @@
<li>Example code if possible.</li>
</ul>
+ <p>Whenever possible, including the background, problem
+ description, impact, and workaround (if applicable) using the
+ templates for <a
+ href="advisory-template.txt">security advisories</a> and <a
+ href="errata-template.txt">errata notices</a> as appropriate
+ would also be helpful.</p>
+
<p>After this information has been reported the Security Officer
or a Security Team delegate will get back to you.</p>
More information about the svn-doc-all
mailing list