upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-16 01:08:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Explicit sub-steps for assessing -S and EOL

Browse source 
For the step where we assess which product versions/branches are
vulnerable to the flaw, add explicit subordinate steps for assessing
Special Subscriber -S Preview edition, and end-of-life versions that
are still received paid fixes.

While we have GitLab labels to indicate affected versions, there is no
satisfactory mechanism in place to indicate that assessment of all
versions is complete, and thus anything not labeled as affected can be
considered immune.  Explicit checklist steps will allow others to see
when assessment is complete.

Per the following discussions:

https://zulip.isc.org/#narrow/channel/4-bind9/topic/Unaffected.20labels.20for.20vulnerability.20issues/near/25643

https://zulip.isc.org/#narrow/channel/4-bind9/topic/CVE.20checklist.20updates/near/26307
This commit is contained in:
Ben Scott 2026-06-10 15:56:00 -04:00
parent a026d31095
commit 4fac2a92db
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitlab/issue_templates/Internal_use_only-CVE.md
View file

@ -43,7 +43,9 @@ confidential!
- [ ] [:grey_question:][step_coordinate_cve_id] **(SwEng)** Check if we need to coordinate with other vendors (an industry-wide CVE identifier might be necessary)
- [ ] [:grey_question:][step_assign_cve_id] **(SwEng)** Assign a CVE identifier, and update the GitLab Issue with it
- [ ] [:grey_question:][step_note_cve_info] **(SwEng)** Determine CVSS score and CWE category, and update the GitLab Issue with them
- [ ] [:grey_question:][step_versions_affected] **(SwEng)** Determine the branches of product versions affected (including the Subscription Edition and supported EOL versions)
- [ ] [:grey_question:][step_versions_affected] **(SwEng)** Determine product branches/versions affected
- [ ] **(SwEng)** Including Subscription Edition(s)
- [ ] **(SwEng)** Including EOL version(s) receiving paid support
- [ ] [:grey_question:][step_earliest_prepare] **(Support)** Prepare "earliest" notification text
- [ ] [:grey_question:][step_earliest_send] **(Support)** Update "earliest" notification ticket in support portal Earliest queue which will notify earliest customers
- [ ] [:grey_question:][step_advisory_mr] **(Support)** Create a merge request for the Security Advisory and include all readily available information in it