From 836192817653bc698e0fd1f1e607a36c28d17f85 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Wed, 18 May 2022 11:18:14 +0100
Subject: CVE-2022-1379/plantuml not-affected, vulnerable code introduced in
 1.2020.11

---
 data/CVE/list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index 04e4b8bf86..90f122f389 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4809,7 +4809,10 @@ CVE-2022-29267
 CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...)
-	TODO: check
+	- plantuml <not-affected> (Vulnerable code introduced later)
+	NOTE: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a
+	NOTE: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 (v1.2022.5)
+	NOTE: Introduced in https://github.com/plantuml/plantuml/commit/3192fa218c2ad0420d03de70f57f8521e1de315d (v1.2020.11)
 CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...)
 	NOT-FOR-US: Apache APISIX
 CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a  ...)
-- 
cgit v1.2.3