From 02def56b9819941561de22bce3cba06834d8b965 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 2 Jun 2020 19:43:41 +0200
Subject: Add CVE-2020-12062 and mark it unimportant with negligible impact

---
 data/CVE/2020.list | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index ff005779cd..8610e8db06 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -3778,7 +3778,12 @@ CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12
 	NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals
 CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...)
-	TODO: check
+	- openssh <unfixed> (unimportant)
+	NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1
+	NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894
+	NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1
+	NOTE: Negligible security impact, a malicious peer can achieve no more than already
+	NOTE: able o achieve within the scp protocol.
 CVE-2020-12061
 	RESERVED
 CVE-2020-12060
-- 
cgit v1.2.3