From 279fb8cf7f7cc306fc42e423750ee33da0e8119d Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 12 Jun 2021 09:35:27 +0200
Subject: Add CVE-2020-25467/lrzip

---
 data/CVE/list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 404257df49..4defc2124f 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -52594,7 +52594,10 @@ CVE-2020-25469
 CVE-2020-25468
 	RESERVED
 CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...)
-	TODO: check
+	- lrzip <undetermined>
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641
+	NOTE: https://github.com/ckolivas/lrzip/issues/163
+	TODO: check fixing commit
 CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
 	NOT-FOR-US: CRMEB
 CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...)
-- 
cgit v1.2.3