From 392031c5bf5ff52136ea917b49ae0fcbbd82a672 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin@piware.de>
Date: Tue, 25 Jan 2022 08:32:07 +0100
Subject: Track fixed version for CVE-2021-3698/cockpit

The fix also needs sssd 2.6.1, which is also in bookworm now.
---
 data/CVE/list.2021 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 7aea5792af..14dbb36ed8 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -20386,10 +20386,12 @@ CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allo
 	NOT-FOR-US: Winner (aka ToneWinner) desktop speakers
 CVE-2021-3698 [authenticates with revoked certificates]
 	RESERVED
-	- cockpit <unfixed>
+	- cockpit 260-1
 	[bullseye] - cockpit <no-dsa> (Minor issue)
 	[buster] - cockpit <not-affected> (Vulnerable code not present, introduced in 208)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149
+	NOTE: Needs sssd 2.6.1
+	NOTE: https://cockpit-project.org/blog/cockpit-260.html
 CVE-2021-3697
 	RESERVED
 CVE-2021-3696
-- 
cgit v1.2.3