From f8887742470df76b533521cf383883b6618a39ee Mon Sep 17 00:00:00 2001
From: Reinhard Tartler <siretart@debian.org>
Date: Mon, 4 Jul 2022 14:56:49 +0000
Subject: info about CVE-2019-25067

---
 data/CVE/list | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index bc6e96dc03..914f2a9e53 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6656,12 +6656,13 @@ CVE-2019-25069 (A vulnerability, which was classified as problematic, has been f
 CVE-2019-25068 (A vulnerability classified as critical was found in Axios Italia Axios ...)
 	NOT-FOR-US: Axios Italia Axios RE
 CVE-2019-25067 (A vulnerability, which was classified as critical, was found in Podman ...)
-	- libpod <undetermined>
+	- libpod 3.0.0+dfsg1-1
 	NOTE: https://vuldb.com/?id.143949
 	NOTE: https://www.exploit-db.com/exploits/47500
 	NOTE: exploit demo script on client uses Python podman code which is not in Debian
-	NOTE: refers to old versions of remote code which were never uploaded to Debian
-	NOTE: unclear if the issue was ever reported upstream, could be Fedora/RedHat specific
+	NOTE: refers to old versions of remote code which never made it to a Debian release
+	NOTE: issue probably present in all versions with varlink, starting 1.6.2+dfsg-1
+	NOTE: upstream (Fedora/RedHat) refuses to look into it: https://bugzilla.redhat.com/show_bug.cgi?id=2097496
 CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified as crit ...)
 	- ajenti <itp> (bug #792019)
 CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...)
-- 
cgit v1.2.3