Add CVE-2020-25467/lrzip

author: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 09:35:27 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 09:35:49 +0200
commit: 279fb8cf7f7cc306fc42e423750ee33da0e8119d (patch)
tree: bd24f5d088bd2afff8d7c0a2ab66435984fc3119 /data
parent: 360fddc1dfdad53061dd9a05b4b92518ca3008b7 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 404257df49..4defc2124f 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -52594,7 +52594,10 @@ CVE-2020-25469
 CVE-2020-25468
 	RESERVED
 CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
-	TODO: check
+	- lrzip <undetermined>
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
+	NOTE: https://github.com/ckolivas/lrzip/issues/163
+	TODO: check fixing commit
 CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
 	NOT-FOR-US: CRMEB
 CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 09:35:27 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 09:35:49 +0200
commit	279fb8cf7f7cc306fc42e423750ee33da0e8119d (patch)
tree	bd24f5d088bd2afff8d7c0a2ab66435984fc3119 /data
parent	360fddc1dfdad53061dd9a05b4b92518ca3008b7 (diff)