[ https://issues.apache.org/jira/browse/WW-5105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart closed WW-5105. ----------------------------- Resolution: Not A Problem > Tracking the fix commit of CVE-2005-3745 and CVE-2018-1327 > ---------------------------------------------------------- > > Key: WW-5105 > URL: https://issues.apache.org/jira/browse/WW-5105 > Project: Struts 2 > Issue Type: Temp > Reporter: waganigong > Priority: Trivial > > Hi, this report is about a trivial question from me, and hope the struts > community could help me or provide any hints. > I'm a security researcher and I'm very interested in the fix of > [CVE-2005-3745|http://www.cvedetails.com/cve/CVE-2005-3745/] and > [CVE-2018-1327|http://www.cvedetails.com/cve/CVE-2008-1327] > According to the [Apache security vulnerability > handling|https://www.apache.org/security/committers.html] #16 , in svn era, > the log of fixing commit will be amended with CVE id, however, I cannot find > that log for CVE-2005-3745. > In git era, I cannot find a way to trace the fixing commit. I was wondering > that after a vulnerability is fixed, will the corresponding commit be amended > with CVE information somewhere else? > Any hints will be super helpful. > Thank you! > -- This message was sent by Atlassian Jira (v8.20.10#820010)