Update entry for CVE-2022-23639

author: Salvatore Bonaccorso <carnil@debian.org> 2022-02-26 20:24:21 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-02-26 20:24:21 +0100
commit: 616ff1794118de004b1051caf8575f389bee6eb8 (patch)
tree: 2bea79614c4efe690e8d2858bcaadb5ad9401f73 /data
parent: a280cc869023e18a8506258531f96a7dff4ca74e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 0f88c86e4a..e0fab98ba6 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7365,8 +7365,10 @@ CVE-2022-23640
 	RESERVED
 CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...)
 	- rust-crossbeam <unfixed>
+	- rust-crossbeam-utils-0.7 <unfixed>
 	NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926
 	NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781
+	TODO: check, crossbeam-utils are vendored in various other sources, in particular rustc to be checked
 CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...)
 	NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2022-02-26 20:24:21 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-02-26 20:24:21 +0100
commit	616ff1794118de004b1051caf8575f389bee6eb8 (patch)
tree	2bea79614c4efe690e8d2858bcaadb5ad9401f73 /data
parent	a280cc869023e18a8506258531f96a7dff4ca74e (diff)