From f27c42fb780f1d7715f6ba2fa8070b1e98deec4a Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 26 Nov 2020 08:23:20 +0100
Subject: Track drupal7 as well under CVE-2020-2894{8,9}

The drupal project seems to reuse the CVes as well for the respective
affecting issues in the drupal code base. Follow that for now.
---
 data/CVE/list | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'data')

diff --git a/data/CVE/list b/data/CVE/list
index 753ed475e3..e0ad98f1d6 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -270,14 +270,18 @@ CVE-2020-28950
 	RESERVED
 CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...)
 	{DLA-2465-1}
+	- drupal7 <removed>
 	- php-pear <unfixed>
 	NOTE: https://github.com/pear/Archive_Tar/issues/33
 	NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
+	NOTE: https://www.drupal.org/sa-core-2020-013
 CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack because ph ...)
 	{DLA-2465-1}
+	- drupal7 <removed>
 	- php-pear <unfixed>
 	NOTE: https://github.com/pear/Archive_Tar/issues/33
 	NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da
+	NOTE: https://www.drupal.org/sa-core-2020-013
 CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view because ...)
 	NOT-FOR-US: MISP
 CVE-2020-28946
-- 
cgit v1.2.3