From 702deaf75bc6c3118cbf4aba93cbef245684cb08 Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Tue, 8 Feb 2022 13:14:07 +0100
Subject: Ignore CVE-2022-21682 and CVE-2021-43860 for flatpak in stretch
 following secteam analysis at 053f0cd77086c6f73f0d6d33b93833e99ba796c0 + no
 LTS contributor claimed it since it was added

---
 data/CVE/list.2021  | 1 +
 data/CVE/list.2022  | 1 +
 data/dla-needed.txt | 3 ---
 3 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5be611b4fd..eae30f66d2 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -7457,6 +7457,7 @@ CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution frame
 	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	[buster] - flatpak <ignored> (Intrusive and risky to backport)
+	[stretch] - flatpak <ignored> (Intrusive and risky to backport)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
 	NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
 	NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index 4326680c2c..7cab99a824 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -7909,6 +7909,7 @@ CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution frame
 	{DSA-5049-1}
 	- flatpak 1.12.3-1
 	[buster] - flatpak <ignored> (Intrusive and risky to backport)
+	[stretch] - flatpak <ignored> (Intrusive and risky to backport)
 	NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
 	NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
 	NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index a0ca456705..74f06e6a0f 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -42,9 +42,6 @@ firmware-nonfree (Markus Koschany)
   NOTE: 20210828: Most CVEs are difficult to backport. Contacted Ben regarding possible "ignore" tag
   NOTE: 20211207: Intend to release this week.
 --
-flatpak
-  NOTE: 20220113: upcoming DSA; non-trivial backport (Beuc)
---
 gif2apng (Anton)
   NOTE: 20220114: orphaned package with inactive upstream, maybe coordinate with Debian QA to write our own patches (Beuc)
   NOTE: 20220114: CVEs unrelated to apng2gif's (Beuc)
-- 
cgit v1.2.3