From 93ed96551726e2d470426f17c19e145e8a8d3d15 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 19 Jan 2021 06:55:41 +0100
Subject: Add CVE-2020-36193/php-pear

---
 data/CVE/list | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 2ed1b547de..0a47794644 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -16816,6 +16816,9 @@ CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may enc
 	NOT-FOR-US: libuci in OpenWrt
 CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...)
 	NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART)
+CVE-2020-36193 [Disallow symlinks to out-of-path filenames]
+	- php-pear <unfixed> (bug #980428)
+	NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916
 CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
 	{DSA-4817-1 DLA-2466-1 DLA-2465-1}
 	- drupal7 <removed>
-- 
cgit v1.2.3