From 9fa19b6d237334f77548c5c7e5af26cd5f2092cb Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 30 Jan 2020 09:48:00 +0100
Subject: Add CVE-2019-2044{4,5}/netty

---
 data/CVE/list | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 770f4ee13d..d6eabd8053 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -31,9 +31,11 @@ CVE-2020-8434
 CVE-2020-8433
 	RESERVED
 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length  ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/issues/9861
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/issues/9866
 CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
 	- u-boot <unfixed> (low)
 	[buster] - u-boot <no-dsa> (Minor issue)
-- 
cgit v1.2.3