[
https://issues.apache.org/jira/browse/WW-5105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart closed WW-5105.
-----------------------------
Resolution: Not A Problem
> Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327
> ----------------------------------------------------------
>
> Key: WW-5105
> URL: https://issues.apache.org/jira/browse/WW-5105
> Project: Struts 2
> Issue Type: Temp
> Reporter: waganigong
> Priority: Trivial
>
> Hi, this report is about a trivial question from me, and hope the struts
> community could help me or provide any hints.
> I'm a security researcher and I'm very interested in the fix of
> [CVE-2005-3745|http://www.cvedetails.com/cve/CVE-2005-3745/] and
> [CVE-2018-1327|http://www.cvedetails.com/cve/CVE-2008-1327]
> According to the [Apache security vulnerability
> handling|https://www.apache.org/security/committers.html] #16 , in svn era,
> the log of fixing commit will be amended with CVE id, however, I cannot find
> that log for CVE-2005-3745.
> In git era, I cannot find a way to trace the fixing commit. I was wondering
> that after a vulnerability is fixed, will the corresponding commit be amended
> with CVE information somewhere else?
> Any hints will be super helpful.
> Thank you!
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
