From e51714b40f0a33c9fce2b04b780f965d21e66ecb Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 8 Apr 2020 14:45:06 +0200
Subject: Mark CVE-2020-6817/python-bleach

The issue is minor (considering the DOS potential) and there is quite
some regression potenial with invasive fixes. Mark the issue no-dsa for
buster and stretch.
---
 data/CVE/list.2020 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index fe2f500166..8dc81a7b63 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -10460,10 +10460,13 @@ CVE-2020-6817 [Regular expression denial of service]
 	RESERVED
 	{DLA-2167-1}
 	- python-bleach 3.1.4-1 (bug #955388)
+	[buster] - python-bleach <no-dsa> (Minor issue; some regression potential)
+	[stretch] - python-bleach <no-dsa> (Minor issue; some regression potential)
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
 	NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
 	NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7
+	NOTE: Regression report: https://github.com/mozilla/bleach/pull/530
 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
-- 
cgit v1.2.3