From d01ace851cdbcf49b8e651940e26142e526a1504 Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 19 Jan 2021 17:27:09 +0100
Subject: apache-log4j2 fixed in sid

---
 data/CVE/list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index 0856cd9d78..6b84d88217 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -66769,7 +66769,7 @@ CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in
 	[jessie] - tika <ignored> (the fix is too invasive to backport)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1
 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j  ...)
-	- apache-log4j2 <unfixed> (bug #959450)
+	- apache-log4j2 2.13.3-1 (bug #959450)
 	[buster] - apache-log4j2 <no-dsa> (Minor issue)
 	[stretch] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
 	[jessie] - apache-log4j2 <no-dsa> (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification)
-- 
cgit v1.2.3