From 370189ea18cefcb95ebcac5c47273df7564b18bc Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 31 Mar 2021 09:13:37 +0200
Subject: Update information for CVE-2021-20297/network-manager

---
 data/CVE/list.2021 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 9bf931146e..5bea967a0e 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -20620,7 +20620,11 @@ CVE-2021-20298
 CVE-2021-20297 [Setting match.path and activating a profiles crashes NetworkManager]
 	RESERVED
 	- network-manager <unfixed>
-	NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
+	[buster] - network-manager <not-affected> (Vulnerable code introduced later)
+	[stretch] - network-manager <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942741 (not yet public)
+	NOTE: Introduced by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/3ced486f4162edcd03ff42fa27535130aff0c86c (1.26-rc2)
+	NOTE: Fixed by: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/420784e342da4883f6debdfe10cde68507b10d27
 CVE-2021-20296
 	RESERVED
 	- openexr <unfixed>
-- 
cgit v1.2.3