You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "waganigong (Jira)" <ji...@apache.org> on 2020/12/08 03:20:00 UTC
[jira] [Created] (WW-5105) Tracking the fix commit of CVE-2005-3745
and CVE-2018-1327
waganigong created WW-5105:
------------------------------
Summary: Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327
Key: WW-5105
URL: https://issues.apache.org/jira/browse/WW-5105
Project: Struts 2
Issue Type: Temp
Reporter: waganigong
Hi, this report is about a trivial question from me, and hope the struts community could help me if it is an easy one for you.
I'm a security researcher and I'm very interested in the fix of [CVE-2005-3745|http://www.cvedetails.com/cve/CVE-2005-3745/] and [CVE-2018-1327|[http://www.cvedetails.com/cve/CVE-2008-1327/].|https://www.cvedetails.com/cve/CVE-2008-1327/].]
According to the [Apache security vulnerability handling|https://www.apache.org/security/committers.html] #16 , in svn era, the log of fixing commit will be amended with CVE id, however, I cannot find that log for CVE-2005-3745.
In git era, I cannot find a way to trace the fixing commit. I was wondering that after a vulnerability is fix, will the corresponding commit be amended with CVE information somewhere else?
Any hints will be super helpful.
Thank you!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)