From 82da791d422b7731d52ec1d3373048b8181661d7 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 5 Mar 2021 21:15:21 +0100
Subject: Add CVE-2021-28041/openssh

---
 data/CVE/list.2021 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index c151d2f4dd..c0fd6c9034 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,7 +1,11 @@
 CVE-2021-3423
 	RESERVED
 CVE-2021-28041 (ssh-agent in OpenSSH before 8.5 has a double free that may be relevant ...)
-	TODO: check
+	- openssh <unfixed>
+	[buster] - openssh <not-affected> (Vulnerable code introduced later)
+	[stretch] - openssh <not-affected> (Vulnerable code introduced later)
+	NOTE: https://www.openwall.com/lists/oss-security/2021/03/03/1
+	NOTE: https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
 CVE-2021-28040 (An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vuln ...)
 	TODO: check
 CVE-2021-28037 (An issue was discovered in the internment crate before 0.4.2 for Rust. ...)
-- 
cgit v1.2.3