Add explanatory note for CVE-2021-41133/flatpak and unstable fix

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 09:41:29 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-09 09:41:29 +0200
commit: 620ed428f7b6256a98ccfb07d3065550ab30f4b0 (patch)
tree: 5e15b733492cb4ab9c7f253b64b1c0112eb003a3
parent: 9a4154a69d7cfb4799e37f33342ff4e02de6cda1 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 3f6f7da9f7..0d5111491d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -25,6 +25,8 @@ CVE-2021-3870
 CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed  ...)
 	- flatpak 1.12.1-1 (bug #995935)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
+	NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency
+	NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented.
 CVE-2021-42100
 	RESERVED
 CVE-2021-42099
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 09:41:29 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-09 09:41:29 +0200
commit	620ed428f7b6256a98ccfb07d3065550ab30f4b0 (patch)
tree	5e15b733492cb4ab9c7f253b64b1c0112eb003a3
parent	9a4154a69d7cfb4799e37f33342ff4e02de6cda1 (diff)