Tim McCune wrote: > Hi. I'm looking at http://tomcat.apache.org/security-6.html, > specifically the 4 vulnerabilities that are "Fixed in Apache Tomcat > 6.0.18" and trying to find out which commits actually fixed the > vulnerabilities. I was hoping to be able to check out the change log at > http://tomcat.apache.org/tomcat-6.0-doc/changelog.html but I see no > mention of any of these fixes listed there. I also tried a bugzilla > search for the issues, but "Zarro Boogs found." > > Can anyone give me a pointer to where I could find the actual bugzilla > issues for the vulnerability fixes and/or links to the commits for them?
Adding svn references to the security pages and CVE references to the commit log is on my todo list . Because we have to fix this issue in public, the original commit will make no reference to them. You also won't find a bugzilla entry for these for the same reason. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
