Add CVE-2021-3882/ledgersmb

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 09:50:42 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-15 09:50:42 +0200
commit: 0a0d3b0a92e3f8bd49b0f56f0df381a46d7ca762 (patch)
tree: 16c70ecdc2e979b9b9e8bf803a51901cebe0320a
parent: 75912b30f54a1c1cf4e2f6595d9a6da52be2315e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index fe07c93bbf..233cb2e7d2 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -273,7 +273,9 @@ CVE-2021-42264
 CVE-2021-42263
 	RESERVED
 CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...)
-	TODO: check
+	- ledgersmb <not-affected> (Vulnerable code introduced later)
+	NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/
+	NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie
 CVE-2021-3881
 	RESERVED
 CVE-2021-3880
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 09:50:42 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-15 09:50:42 +0200
commit	0a0d3b0a92e3f8bd49b0f56f0df381a46d7ca762 (patch)
tree	16c70ecdc2e979b9b9e8bf803a51901cebe0320a
parent	75912b30f54a1c1cf4e2f6595d9a6da52be2315e (diff)