WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News


WebsiteBaker 2.13.9 R24 is now available!


R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html


* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker »
  • Security Announcements »
  • Template for publishing security patches
  • Print
Pages: [1]   Go Down

Author Topic: Template for publishing security patches  (Read 17529 times)

susigross

  • Guest
Template for publishing security patches
« on: September 04, 2009, 08:13:11 PM »
Some day (hopefully in the near future) we will have some forms on a page where you can report security related issues around WebsiteBaker.

For instance, when you are a module developer and found an issue with your module which makes it exploitable, you probably want to publish a patch as soon as it is available. This is what this board is for. But you can't write directly to this group, you need to report it to the Security Team (still seeking for members, by the way) first.
So until the web page for reporting issues is ready, please fill out the folowing template and send it to me by PM, together with links for downloading the patched and the vulnerable version of your module. This is because we will not publish unexamined messages in this board.

In the following template I did add some remarks to explain what is expected in each field.

Template for publishing security patches

Module:        
Name of the module

Patched Version:    
Version number of the patch you want to publish

Download Link:    
preferably link to the AMSP page of the module

Risk level:        
High, middle, or low

Risks:            
Name the risk group, like "code execution", "information disclosure", and so on

Description:        
Short description, do not give as much information as is necessary to exploit the hole on unpatched sites!

Suggestions:        
Describe whatever is necessary to fix the issue, for instance "Upgrade to version xxx as soon as possible"

Forum links:        
There is no discussion allowed in this group of the forum, because it is for announcements only. Therefore it is a good idea to link to forum threads discussing the module, may be in different languages if available.

Acknowledgement:    
If someone reported the bug to you, you can say thanks here
« Last Edit: September 04, 2009, 08:21:37 PM by FrankH »
Logged

  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker »
  • Security Announcements »
  • Template for publishing security patches
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2