From de0065bed62e4f5a58600bb3231a4ab875303f75 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 29 Jan 2020 09:48:56 +0100
Subject: Track MariaDB as well for CVE-2020-2574

All MariaDB updates are actually very intransparent. Upstream apparently
consider CVE-2020-2574 as well various other MariaDB versions
(apparently but any other CVE from the Oracle CPU from January?) and
fixed in 5.5.67, 10.1.44, 10.2.31, 10.3.22 and 10.4.12.

Add tracking for src:mariadb-10.3 and src:mariadb-10.1 repsectively.
---
 data/CVE/list | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index a19620ac8b..272648dce5 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13833,7 +13833,10 @@ CVE-2020-2575
 	RESERVED
 CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #949994)
+	- mariadb-10.3 1:10.3.22-1
+	- mariadb-10.1 <removed>
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
+	NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12
 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component:  ...)
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
-- 
cgit v1.2.3