tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Can't find reference to vulnerability fixes in change log
Date Tue, 19 Aug 2008 20:31:10 GMT
Tim McCune wrote:
> Hi.  I'm looking at http://tomcat.apache.org/security-6.html,
> specifically the 4 vulnerabilities that are "Fixed in Apache Tomcat
> 6.0.18" and trying to find out which commits actually fixed the
> vulnerabilities.  I was hoping to be able to check out the change log at
> http://tomcat.apache.org/tomcat-6.0-doc/changelog.html but I see no
> mention of any of these fixes listed there.  I also tried a bugzilla
> search for the issues, but "Zarro Boogs found."
> 
> Can anyone give me a pointer to where I could find the actual bugzilla
> issues for the vulnerability fixes and/or links to the commits for them?

Adding svn references to the security pages and CVE references to the
commit log is on my todo list .

Because we have to fix this issue in public, the original commit will make
no reference to them.

You also won't find a bugzilla entry for these for the same reason.

Mark



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message