From 4bb3cddb330e855407a6d3c5c18cb1796bce9e60 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 28 Jan 2022 00:06:59 +0100
Subject: Add CVE-2021-44120/spip

---
 data/CVE/list.2021 | 4 +++-
 data/DLA/list      | 2 +-
 data/DSA/list      | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 2048d73af2..2c70a940ed 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -6567,7 +6567,9 @@ CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vu
 CVE-2021-44121
 	REJECTED
 CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
-	TODO: check
+	- spip 3.2.12-1
+	NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+	NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12)
 CVE-2021-44119
 	RESERVED
 CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability.  ...)
diff --git a/data/DLA/list b/data/DLA/list
index 1162408971..9bd44a70f1 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -110,7 +110,7 @@
 [29 Dec 2021] DLA-2857-2 postgis - regression update
 	[stretch] - postgis 2.3.1+dfsg-2+deb9u2
 [29 Dec 2021] DLA-2867-1 spip - security update
-	{CVE-2021-44122}
+	{CVE-2021-44120 CVE-2021-44122}
 	[stretch] - spip 3.1.4-4~deb9u4+deb9u2
 [29 Dec 2021] DLA-2866-1 uw-imap - security update
 	{CVE-2018-19518}
diff --git a/data/DSA/list b/data/DSA/list
index 8c20e2e608..c64be43e8b 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -128,7 +128,7 @@
 	[buster] - sogo 4.0.7-1+deb10u2
 	[bullseye] - sogo 5.0.1-4+deb11u1
 [22 Dec 2021] DSA-5028-1 spip - security update
-	{CVE-2021-44122}
+	{CVE-2021-44120 CVE-2021-44122}
 	[buster] - spip 3.2.4-1+deb10u5
 	[bullseye] - spip 3.2.11-3+deb11u1
 [21 Dec 2021] DSA-5027-1 xorg-server - security update
-- 
cgit v1.2.3