{"uuid": "f5ac1ede-8d1c-409b-b6bc-ce202e11fc90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "title": "Timeline of reporting, publication/disclosure and fix", "description": "The timeline on https://bugzilla.tianocore.org/show_bug.cgi?id=3387 is interesting:\n\n- 2021-05-10 16:43 UTC  - Bug reported by John Mathews \n-  2021-07-07 14:02:27  - Working patch mentioned by Vincent Zimmer  (and also recommends the need of a CVE)\n- 2022-05-10 21:04:45 UTC  \"Blackduck has this CVE in their database so this CVE is being flagged for all edk2 products that are scanned.\"\n- 2022-06-14 05:52:10 UTC - Patch doesn't build.\n- 2022-11-04 - Patch merged in the repo https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6\n\nBut the vulnerability was published 2022-03-03 21:53 or is the timeline incorrect?", "description_format": "markdown", "vulnerability": "CVE-2021-38578", "creation_timestamp": "2024-07-27T08:42:43.664278+00:00", "timestamp": "2024-07-27T08:42:43.664278+00:00", "related_vulnerabilities": [], "author": {"login": "sync_user", "name": "sync_user", "uuid": "4f29edb9-4c4b-44ca-b041-9b050656b6ae"}}