Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some of the Vulnerability Fixing Commits Are Likely Unrelated to the Vulnerability They Are Associated With #105

Open
2 tasks
nuthanmunaiah opened this issue Mar 24, 2021 · 0 comments
Open
2 tasks

Some of the Vulnerability Fixing Commits Are Likely Unrelated to the Vulnerability They Are Associated With #105

nuthanmunaiah opened this issue Mar 24, 2021 · 0 comments

Comments

@nuthanmunaiah
Copy link

Description

The vulnerability fixing commits curated for CVE-2007-6422 and CVE-2015-3183 include commits that are likely unrelated to the vulnerability that they are associated with.

  • CVE-2007-6422
    0151920d1183bfb0eca003e4ba7fac8df41f0fed is likely not a fix. d80bc134c9448200f7e7f06e916d33ab3add026d (r607273) and 7d2f3417e54c8a4938010ac82ead6cb4e320da18 (r607402) seem to be the only relevant fixes because 84cb0035c259161663b0064491854fd9899c78de is a backport of the fixes to 2.2.x (indicated by the text in the commit message * Backport CVE-2007-6422 fix (r607273, r607402).). 0abfd39b25433598464c83b07f53e768771b8154 and 0151920d1183bfb0eca003e4ba7fac8df41f0fed appear to be fixing a bug unrelated to CVE-2007-6422.

  • CVE-2015-3183
    2182cbc99fd3423c3f95d8c5f909b7cd1f29a3c8 is not a fix. 2182cbc99fd3423c3f95d8c5f909b7cd1f29a3c8 is a commit, as indicated by the commit message SECURITY: CVE-2015-3185 (cve.mitre.org), that fixes CVE-2015-3185, not CVE-2015-3183.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nuthanmunaiah