waganigong created WW-5105:
------------------------------
Summary: Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327
Key: WW-5105
URL: https://issues.apache.org/jira/browse/WW-5105
Project: Struts 2
Issue Type: Temp
Reporter: waganigong
Hi, this report is about a trivial question from me, and hope the struts
community could help me if it is an easy one for you.
I'm a security researcher and I'm very interested in the fix of
[CVE-2005-3745|http://www.cvedetails.com/cve/CVE-2005-3745/] and
[CVE-2018-1327|[http://www.cvedetails.com/cve/CVE-2008-1327/].|https://www.cvedetails.com/cve/CVE-2008-1327/].]
According to the [Apache security vulnerability
handling|https://www.apache.org/security/committers.html] #16 , in svn era, the
log of fixing commit will be amended with CVE id, however, I cannot find that
log for CVE-2005-3745.
In git era, I cannot find a way to trace the fixing commit. I was wondering
that after a vulnerability is fix, will the corresponding commit be amended
with CVE information somewhere else?
Any hints will be super helpful.
Thank you!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
