From 4f91b16afc46003d599ec19ffe71b11aaccef7cb Mon Sep 17 00:00:00 2001
From: Shengjing Zhu <zhsj@debian.org>
Date: Sat, 4 Dec 2021 01:19:00 +0800
Subject: Update CVE-2021-38297 CVE-2021-41772 for golang-1.15

---
 data/CVE/2021.list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index edfde9681a..2e6eeb05db 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6473,7 +6473,7 @@ CVE-2021-3839
 CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...)
 	- golang-1.17 1.17.3-1
 	- golang-1.16 1.16.10-1
-	- golang-1.15 <unfixed>
+	- golang-1.15 <not-affected> (Vulnerable code introduced in 1.16)
 	- golang-1.11 <removed>
 	- golang-1.8 <removed>
 	- golang-1.7 <removed>
@@ -14767,6 +14767,7 @@ CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to bl
 CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...)
 	- golang-1.17 1.17.2-1
 	- golang-1.16 1.16.9-1
+	- golang-1.15 <unfixed>
 	- golang-1.11 <removed>
 	[buster] - golang-1.11 <no-dsa> (Minor issue)
 	- golang-1.8 <not-affected> (Vulnerable code not present)
-- 
cgit v1.2.3