From 183537ebd736151ded43af86bff9137b62571c1b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 30 Jan 2020 08:10:19 +0100
Subject: Add CVE-2020-7238/netty

---
 data/CVE/list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'data/CVE/list')

diff --git a/data/CVE/list b/data/CVE/list
index 7061367da8..0063426a28 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2582,7 +2582,10 @@ CVE-2019-20383
 CVE-2019-20382
 	RESERVED
 CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
+	NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
+	NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti <unfixed> (bug #949997)
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
-- 
cgit v1.2.3