git message for CVE vulnerabilities

[Jinguang Dong]

Hi Android platfiorm friends,

   For CVE vulnerabilities, check whether a unified format is required in Git messages and whether the format is filled in commit messages.

   I could find some cve description on different repository, such as below, but not all for external repository, could you help to check it, whether there is a guidline or request for git message description?

```

external/ltp

external/curl

external/bzip2

external/expat

external/llvm

external/conscrypt

external/tcpdump

external/libpng

external/mdnsresponder

external/qemu

external/toybox

external/c-ares

```

BRs

Jinguang