serenaponta
commented
1 day ago @copernico we had to create two entried as we identified fix commits in separate repositories and they were analysed as CVE-2016-5007 for "https://github.com/spring-projects/spring-framework.git and CVE-2016-5007-SEC for https://github.com/spring-projects/spring-security.git in Eclipse Steady (where each vulnerability was linked to a single repository). I am not sure the current repository in branch vulnerability-data includes both.
@serenaponta @henrikplate Why did we need the -SEC modifier for the id of this vulnerability?