one libexif issue fixed by older patch, confirmed by upstream, might be rejected

  or amended, upstream will reach out to MITRE

3 files changed, 6 insertions, 3 deletions

diff --git a/data/CVE/list b/data/CVE/list
index c0cbaba40b..671f62ff05 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -38762,8 +38762,11 @@ CVE-2020-0182
 	NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22)
 CVE-2020-0181
 	RESERVED
-	- libexif <unfixed> (bug #962346)
+	{DSA-4618-1 DLA-2100-1}
+	- libexif <unfixed>
+	- libexif 0.6.21-6 (bug #962346)
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4
+	NOTE: Fixed by the patch for CVE-2019-9278
 CVE-2020-0180
 	RESERVED
 	NOT-FOR-US: Android Media Framework
diff --git a/data/DLA/list b/data/DLA/list
index 426cbdcc08..d37eaf5bd7 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -427,7 +427,7 @@
 	{CVE-2018-18898}
 	[jessie] - libemail-address-list-perl 0.05-1+deb8u1
 [10 Feb 2020] DLA-2100-1 libexif - security update
-	{CVE-2019-9278}
+	{CVE-2019-9278 CVE-2020-0181}
 	[jessie] - libexif 0.6.21-2+deb8u1
 [10 Feb 2020] DLA-2099-1 checkstyle - security update
 	{CVE-2019-10782}
diff --git a/data/DSA/list b/data/DSA/list
index ef65167db8..04be48d036 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -280,7 +280,7 @@
 	[stretch] - libxmlrpc3-java 3.1.3-8+deb9u1
 	[buster] - libxmlrpc3-java 3.1.3-9+deb10u1
 [06 Feb 2020] DSA-4618-1 libexif - security update
-	{CVE-2019-9278}
+	{CVE-2019-9278 CVE-2020-0181}
 	[stretch] - libexif 0.6.21-2+deb9u1
 	[buster] - libexif 0.6.21-5.1+deb10u1
 [03 Feb 2020] DSA-4617-1 qtbase-opensource-src - security update