From 315e5412369d3ed324ae431a53d452e910e3879b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 18 Feb 2022 20:44:17 +0100
Subject: Reference commits for CVE-2022-25236/expat

---
 data/CVE/list.2022 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 7e8dff8f5b..d3f52d2cdd 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -314,6 +314,9 @@ CVE-2022-25237
 CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
 	- expat <unfixed> (bug #1005895)
 	NOTE: https://github.com/libexpat/libexpat/pull/561
+	NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71
+	NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4
+	NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d
 CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
 	- expat <unfixed> (bug #1005894)
 	NOTE: https://github.com/libexpat/libexpat/pull/562
-- 
cgit v1.2.3