From 369b4e8337544582e514ea376c5df6be3c41292a Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Fri, 20 May 2022 10:21:27 +0100
Subject: CVE-2021-27548/texlive-bin unfixed 1011333

---
 data/CVE/list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index 653c506db0..fa0d1b5a76 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -79603,7 +79603,10 @@ CVE-2021-27550 (Polaris Office v9.102.66 is affected by a divide-by-zero error i
 CVE-2021-27549 (** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipb ...)
 	NOT-FOR-US: Genymotion Desktop
 CVE-2021-27548 (There is a Null Pointer Dereference vulnerability in the XFAScanner::s ...)
-	TODO: check
+	- texlive-bin <unfixed> (bug #1011333)
+	[bullseye] - texlive-bin <not-affected> (Vulnerable code introduced later)
+	NOTE: embeds http://www.xpdfreader.com/download.html
+	NOTE: PoC crashes pdftosrc binary.
 CVE-2021-27547
 	RESERVED
 CVE-2021-27546
-- 
cgit v1.2.3