From 7e507c932b999df48f808969c00f07a638e3357b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 31 Dec 2023 06:54:25 +0100
Subject: Mark CVE-2023-40462 as NFU

The vulnerability report states that "one issue has two CVE IDs because
it affects TinyXML independently (CVE-2023-34194) and as used by
ACEmanager (CVE-2023-40462).

With that and given both CVEs are listed under the same issue in the
Table 2, it looks safe to assume that CVE-2023-40462 is the ACEmanager
specific CVE, while CVE-2023-34194 is for the underlying part in
tinyxml.

This is as well inline with the product association given in the CVE
entry from MITRE.

Link: https://www.forescout.com/resources/sierra21-vulnerabilities
Link: https://www.cve.org/CVERecord?id=CVE-2023-40462
---
 data/DLA/list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'data/DLA')

diff --git a/data/DLA/list b/data/DLA/list
index 85f3afe48a..b3289c9d79 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -2,7 +2,7 @@
 	{CVE-2023-7101}
 	[buster] - libspreadsheet-parseexcel-perl 0.6500-1+deb10u1
 [31 Dec 2023] DLA-3701-1 tinyxml - security update
-	{CVE-2023-34194 CVE-2023-40462}
+	{CVE-2023-34194}
 	[buster] - tinyxml 2.6.2-4+deb10u2
 [30 Dec 2023] DLA-3700-1 cjson - security update
 	{CVE-2023-50471}
-- 
cgit v1.2.3