tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Can't find reference to vulnerability fixes in change log
Date Tue, 19 Aug 2008 20:31:10 GMT
Tim McCune wrote:
> Hi.  I'm looking at,
> specifically the 4 vulnerabilities that are "Fixed in Apache Tomcat
> 6.0.18" and trying to find out which commits actually fixed the
> vulnerabilities.  I was hoping to be able to check out the change log at
> but I see no
> mention of any of these fixes listed there.  I also tried a bugzilla
> search for the issues, but "Zarro Boogs found."
> Can anyone give me a pointer to where I could find the actual bugzilla
> issues for the vulnerability fixes and/or links to the commits for them?

Adding svn references to the security pages and CVE references to the
commit log is on my todo list .

Because we have to fix this issue in public, the original commit will make
no reference to them.

You also won't find a bugzilla entry for these for the same reason.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message