From f5abdfe85d302ed98b3649512409c99924ce5551 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 30 Jan 2020 08:10:19 +0100
Subject: Add CVE-2020-7238/netty

---
 data/CVE/2020.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 61f7c0865d..f2dbb9df32 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -2417,7 +2417,10 @@ CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with pri
 CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
 	NOT-FOR-US: conversation-watson plugin for WordPress
 CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
+	NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
+	NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti <unfixed> (bug #949997)
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
-- 
cgit v1.2.3