You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "waganigong (Jira)" <ji...@apache.org> on 2020/12/08 03:20:00 UTC

[jira] [Created] (WW-5105) Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327

waganigong created WW-5105:
------------------------------

             Summary: Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327
                 Key: WW-5105
                 URL: https://issues.apache.org/jira/browse/WW-5105
             Project: Struts 2
          Issue Type: Temp
            Reporter: waganigong


Hi, this report is about a trivial question from me, and hope the struts community could help me if it is an easy one for you.

 

I'm a security researcher and I'm very interested in the fix of [CVE-2005-3745|http://www.cvedetails.com/cve/CVE-2005-3745/] and [CVE-2018-1327|[http://www.cvedetails.com/cve/CVE-2008-1327/].|https://www.cvedetails.com/cve/CVE-2008-1327/].]

 

According to the [Apache security vulnerability handling|https://www.apache.org/security/committers.html] #16 , in svn era, the log of fixing commit will be amended with CVE id, however, I cannot find that log for CVE-2005-3745.

In git era, I cannot find a way to trace the fixing commit. I was wondering that after a vulnerability is fix, will the corresponding commit be amended with CVE information somewhere else?  

Any hints will be super helpful.

Thank you!

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)