Details
-
Temp
-
Status: Closed
-
Trivial
-
Resolution: Not A Problem
-
None
-
None
-
None
-
None
Description
Hi, this report is about a trivial question from me, and hope the struts community could help me or provide any hints.
I'm a security researcher and I'm very interested in the fix of CVE-2005-3745 and CVE-2018-1327
According to the Apache security vulnerability handling #16 , in svn era, the log of fixing commit will be amended with CVE id, however, I cannot find that log for CVE-2005-3745.
In git era, I cannot find a way to trace the fixing commit. I was wondering that after a vulnerability is fixed, will the corresponding commit be amended with CVE information somewhere else?
Any hints will be super helpful.
Thank you!