extends ../../default/cve/edit block append bannerItemsLeft if doc && doc.body && doc.body.CVE_data_meta && doc.body.CVE_data_meta.ID a.icn.btn.Search.right(type="button",value="Google",href="https://google.com/search?q=\""+doc.body.CVE_data_meta.ID+"\"",target="_blank") Google a.icn.btn.Search.right(type="button",value="CVE",href="https://cve.mitre.org/cgi-bin/cvename.cgi?name="+doc.body.CVE_data_meta.ID,target="_blank") CVE block loadEditorloadJSON block loadEditor script include asfpreload.js script | var loadEditorWithProducts = async function() { | docSchema.definitions.product.properties.product_name.examples = await | loadProductNames(); | loadJSON(initJSON) | }; | loadEditorWithProducts(); script | selected = "aboutTab"; | document.getElementById(selected).checked = true; script | var tabs = document.getElementsByName("tabs"); | for (var i = 0; i < tabs.length; i++) { | var t = tabs[i]; | if (t.id == "emailTab") { | t.addEventListener('change',async function() { | var j = docEditor.getValue(); | var emailto = "oss-security@lists.openwall.com" | var replyto = j.CNA_private.userslist; | if (!replyto) { | replyto = await loadEmailLists( j.CNA_private.owner ); | j.CNA_private.userslist = replyto; | } | var subject = j.source.advisory || "" | if (subject) { | subject = subject + ": " | } | subject = subject + j.CVE_data_meta.ID+": " | if (j.CVE_data_meta.TITLE) { | if (!(j.CVE_data_meta.TITLE.includes("Apache"))) { | subject = subject + getProductListNoVendor(j) + ": " | } | subject = subject + j.CVE_data_meta.TITLE + " " | } else { | subject = subject + getProductListNoVendor(j)+": " | for (d of j.problemtype.problemtype_data) { | for (b of d.description) { | subject = subject + b.value | } | } | } | mt = "" | if (j.impact && j.impact[0] && j.impact[0].other) { | mt = mt + "Severity: "+j.impact[0].other+"\n\n" | } | mt = mt + "Description:\n\n" | for (d of j.description.description_data) { | mt = mt + d.value + "\n\n" | } | if (j.CVE_data_meta.AKA ) { | mt = mt + "This issue is also known as "+j.CVE_data_meta.AKA +"\n\n" | } | if (j.source.defect && j.source.defect != "") { | mt = mt + "This issue is being tracked as "+j.source.defect+"\n\n" | } | if (j.work_around && j.work_around[0]) { | mt = mt + "Mitigation:\n\n" | for (d of j.work_around) { | mt = mt + d.value + "\n\n" | } | } | if (j.credit && j.credit[0]) { | mt = mt + "Credit:\n\n" | for (d of j.credit) { | mt = mt + d.value + "\n" | } | mt = mt + "\n" | } | if (j.references && j.references.reference_data && j.references.reference_data[0].url) { | mt = mt + "References:\n\n" | for (d of j.references.reference_data) { | mt = mt + d.url + "\n" | } | mt = mt + "\n" | } | var jmt = "To: "+emailto+"\nReply-To: "+replyto+"\nSubject: "+subject+"\n\n" | document.getElementById("outemail").innerHTML = "<pre>"+jmt+mt+"</pre>\n" | document.getElementById("emailtext").value = mt | document.getElementById("emailsubject").value = subject | document.getElementById("emailreplyto").value = replyto | document.getElementById("emailto1").value = emailto | emailto = "announce@apache.org, "+replyto | jmt = "To: "+emailto+"\nBcc: security@apache.org\nReply-To: "+replyto+"\nSubject: "+subject+"\n\n" | document.getElementById("asfemail").innerHTML = "<pre>"+jmt+mt+"</pre>\n" | document.getElementById("emailto2").value = emailto | if (j.CNA_private.emailed) { | document.getElementById("emailbutton").disabled= true | document.getElementById("emailbuttonnote").innerHTML = "You have already sent the emails" | } else if (j.CVE_data_meta.STATE == "READY" || j.CVE_data_meta.STATE == "PUBLIC") { | document.getElementById("emailbutton").disabled= false | document.getElementById("emailbuttonnote").innerHTML = "" | } else { | document.getElementById("emailbutton").disabled= true | document.getElementById("emailbuttonnote").innerHTML = "State must be READY to send emails" | } | }); | } | } block customtabs input.tab(name='tabs', type='radio', id='jsonTab', value="6") label.lbl(for='jsonTab') CVE-JSON .wht.fil.bor.pad div(style='float:right') a.icn.right.copy.btn(onmouseover='this.textContent="Copy"',onclick='copyText(outjson);this.textContent="Copied"') Copy | a.icn.right.download.btn(onclick='downloadText(outjson, this);') Download .pre#outjson input.tab(name='tabs', type='radio', id='advisoryTab', value="4") label.lbl(for='advisoryTab') Advisory .wht.fil.bor.pad div.render(id="render") input.tab(name='tabs', type='radio', id='emailTab', value="7") label.lbl(for='emailTab') OSS/ASF Emails .wht.fil.bor.pad h1!= "OSS Email" p!= "Use the button below to send these mails, or copy, paste, and send the email yourself. Subscription not required. Use a separate email for this, don't cc or bcc." div(style='float:right') a.icn.right.copy.btn(onmouseover='this.textContent="Copy"',onclick='copyText(outemail);this.textContent="Copied"') Copy .indent.bor.pad div#outemail h1!= "ASF Email" p!= "Use the button below to send these mails, or copy, paste, and send the email yourself." p!= "Note that ASF announcement mailing lists are moderated. It may take some hours/days before your email will be published." div(style='float:right') a.icn.right.copy.btn(onmouseover='this.textContent="Copy"',onclick='copyText(asfemail);this.textContent="Copied"') Copy .indent.bor.pad div#asfemail p form.rnd(method='POST', action='/sendemails', onclick="var j=mainTabGroup.getValue(); j.CNA_private.emailed='yes';save()") input(type='hidden', name='_csrf', value=csrfToken) input(type='hidden',name='emailtext',id='emailtext') input(type='hidden',name='emailsubject',id='emailsubject') input(type='hidden',name='emailreplyto',id='emailreplyto') input(type='hidden',name='emailto1',id='emailto1') input(type='hidden',name='emailto2',id='emailto2') button.btn.sfe(disabled='true', type='submit', value='Email', id='emailbutton') Send these Emails div#emailbuttonnote block append customtabs input.tab(name='tabs', type='radio', id='aboutTab', value="0") label.lbl(for='aboutTab') Instructions .wht.fil.bor.pad p!= "This site is designed to help you handle vulnerabilities according to the <a href='https://www.apache.org/security/committers.html' target='_blank'>ASF CVE process</a>, step 16. A short <a href='https://s.apache.org/cveprocessvideo' target='_blank'>video overview</a> is also available." ul li!= "Fill in the details on <a href='#editor'>'Editor'</a> tab setting. Any field marked optional is not required and it is not given to the CVE project but is used for the emails. " p="" li!= "The information you enter is stored when you hit SAVE. It is only visible to other members of your PMC and the ASF security team. So you can prepare some of it in advance." p="" li!= "Once you go public set the state to 'READY'. Use the <a href='#email'>'OSS/ASF Emails'</a> tab for the emails you should send to oss-security and to Apache lists. Also update your security page if you have one." p="" li!= "Fill in a 'reference' type 'CONFIRM' with the URL to your public post about this issue. ASF Security will be notified and will submit to the CVE project and then set state to 'PUBLIC'." p="" li!= "'REVIEW' state is optional. Set this if you want ASF Security to be notified to help with this entry." p="" p!= "For further help contact <a href='mailto:security@apache.org' target='_blank'>security@apache.org</a>." block logolink