{
  "repository": "proftpd/proftpd",
  "commit_source": "git_rev_parse",
  "commit_sha": "390b21555268bbc64b66d2dfa7ae40476419b80f",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "390b21555268bbc64b66d2dfa7ae40476419b80f",
    "version": "v1.3.9b",
    "ref": "refs/tags/v1.3.9b",
    "display": "proftpd/proftpd v1.3.9b (390b2155)"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "390b21555268bbc64b66d2dfa7ae40476419b80f",
    "version": "v1.3.9b + proposed RNFR patch",
    "ref": "repo-patched worktree",
    "display": "proftpd/proftpd v1.3.9b (390b2155) with the one-line RNFR dir_check->dir_check_canon patch applied"
  },
  "notes": "The vulnerable source was tested at the exact tag v1.3.9b (commit 390b2155). The patched source is the same commit plus a local patch applied in a separate git worktree at /data/pruva/project-cache/e16fa440-7670-4503-8601-378cf2096f7e/repo-patched. The patch modifies modules/mod_core.c line 6482, changing core_rnfr()'s dir_check() call to dir_check_canon()."
}
