From f466ab61a0ed08b33600418514fb0ff95b9d3df9 Mon Sep 17 00:00:00 2001
From: Ola Lundqvist <ola@inguza.com>
Date: Tue, 17 May 2022 21:37:28 +0200
Subject: Marked CVE-2022-28368 as not-affected for php-dompdf. Checked the
 code and really tried to find any code that resembles the vulnerable code and
 could not find anything. So this must mean that the code is not vulnerable.

---
 data/CVE/list | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/CVE/list b/data/CVE/list
index ad0fe76beb..b5a526e769 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7163,6 +7163,7 @@ CVE-2022-28369
 	RESERVED
 CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...)
 	- php-dompdf <unfixed> (bug #1010090)
+	[stretch] - php-dompdf <not-affected> (Vulnerable code not present)
 	NOTE: https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/
 	NOTE: https://positive.security/blog/dompdf-rce
 	NOTE: https://github.com/dompdf/dompdf/issues/2598
-- 
cgit v1.2.3