Difference between revisions of "SVG:General Advisory Template"
Jump to navigation
Jump to search
Line 2: | Line 2: | ||
<pre> | <pre> | ||
<add or delete sections as needed> | <add or delete sections as needed> | ||
Line 17: | Line 18: | ||
Title: <Title - refer to any CVE number and include name software> | Title: <Title - refer to any CVE number and include name software> | ||
Date: <date> | Date: <date> | ||
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd | |||
<Put on Wiki for WHITE information only> | |||
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd or | |||
URL: https://wiki.egi.eu/wiki/SVG:Advisories/advisory-SVG-RT<number> | |||
Introduction | Introduction | ||
Line 33: | Line 38: | ||
Details | Details | ||
======= | ======= | ||
<describe the problem, something about why it occurs, and the effect on sites> | <describe the problem, something about why it occurs, and the effect on sites> | ||
<take care not to release anything useful to an attacker, unless it is already public, | <take care not to release anything useful to an attacker, unless it is already public, | ||
Line 103: | Line 111: | ||
2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME | 2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME | ||
2010-??-?? | 2010-??-?? Acknowlegement from the EGI SVG to the reporter | ||
2010-??-?? Updated packages available in the EGI UMD | 2010-??-?? Software providers responded and involved in investigation | ||
2010-??-?? Assessment by the EGI Software Vulnerability Group reported to the software providers | |||
2010-??-?? Updated packages available <in the EGI UMD/other location> | |||
2010-??-?? Public disclosure | 2010-??-?? Public disclosure | ||
Revision as of 17:02, 10 November 2010
Main page | Software Security Checklist | Issue Handling | Advisories | Notes On Risk | Advisory Template | More |
General Advisory Template
<add or delete sections as needed> ** WHITE information - Unlimited distribution allowed ** or ** GREEN information - Community wide distribution ** or ** AMBER information - Limited distribution ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-yyyymmdd] or EGI SVG ADVISORY [EGI-SVG-yyyymmdd] Title: <Title - refer to any CVE number and include name software> Date: <date> <Put on Wiki for WHITE information only> URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/<xxx>-yyyy-mm-dd or URL: https://wiki.egi.eu/wiki/SVG:Advisories/advisory-SVG-RT<number> Introduction ============ <Describe the reason for the issuing of this advisory> <this could include - e.g. updated as patch available> <include cve- number if one has been issued> <include EGI RT number for SVG/UMD issues> Details ======= <describe the problem, something about why it occurs, and the effect on sites> <take care not to release anything useful to an attacker, unless it is already public, especially if you are sending it in WHITE> Risk Category ============= <This issue has been assess as Critical/High/Moderate/Low by CSIRT or SVG as appropriate> <if critical - include critical in title and e-mail title> Affected Software ================= <e.g. which version(s) of Linux are effected> <e.g. which middleware component is effected within gLite/ARC/Unicore/Globus/Other> Mitigation ========== <Describe mitigation to carry out - this may be to run a script> Component Installation information ================================== <e.g. patch not yet available> <e.g. patch available from vendor for x system but not y> <e.g. pointer to UMD release > Recommendations =============== <as appropriate e.g.> <Immediately apply the mitigation described above to all user-accessible systems.> <Apply vendor kernel updates when they become available.> <Apply new version in EGI UMD> Credit ====== <if applicable - person who discovers vulnerability> References ========== <refer to any public disclosure> <e.g. Linux vendors info> <any other info on the problem> Timeline <probably SVG/EGI UMD issues only> ======== Yyyy-mm-dd 2010-??-?? Vulnerability reported by <name1> WE NEED TO ASK HIM/HER BEFORE PUTTING HIS/HER NAME 2010-??-?? Acknowlegement from the EGI SVG to the reporter 2010-??-?? Software providers responded and involved in investigation 2010-??-?? Assessment by the EGI Software Vulnerability Group reported to the software providers 2010-??-?? Updated packages available <in the EGI UMD/other location> 2010-??-?? Public disclosure On behalf of the <EGI CSIRT / EGI CSIRT and SVG / EGI SVG as appropriate> ,
| RAT Issue Handling Instructions | RAT Issue Handling Templates | RAT Issue Handling Templates contd | SVG-CSIRT Critical Notes | Advisory Template |
| Issue Handling Summary | Reporters | SVG View | Software Providers | EGI MW Unit | Deployment | Notes on Risk |