Add CVE-2021-44122/spip

3 files changed, 5 insertions, 1 deletions

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 49aea1817d..2048d73af2 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -6561,7 +6561,9 @@ CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerabili
 	NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master)
 	NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1)
 CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...)
-	TODO: check
+	- spip 3.2.12-1
+	NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db
+	NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12)
 CVE-2021-44121
 	REJECTED
 CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
diff --git a/data/DLA/list b/data/DLA/list
index 3765a047d4..1162408971 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -110,6 +110,7 @@
 [29 Dec 2021] DLA-2857-2 postgis - regression update
 	[stretch] - postgis 2.3.1+dfsg-2+deb9u2
 [29 Dec 2021] DLA-2867-1 spip - security update
+	{CVE-2021-44122}
 	[stretch] - spip 3.1.4-4~deb9u4+deb9u2
 [29 Dec 2021] DLA-2866-1 uw-imap - security update
 	{CVE-2018-19518}
diff --git a/data/DSA/list b/data/DSA/list
index c05bd3dbac..8c20e2e608 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -128,6 +128,7 @@
 	[buster] - sogo 4.0.7-1+deb10u2
 	[bullseye] - sogo 5.0.1-4+deb11u1
 [22 Dec 2021] DSA-5028-1 spip - security update
+	{CVE-2021-44122}
 	[buster] - spip 3.2.4-1+deb10u5
 	[bullseye] - spip 3.2.11-3+deb11u1
 [21 Dec 2021] DSA-5027-1 xorg-server - security update