From 4ffe33e2a6b58e83326e32da9bd78c0efc72f0a8 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 27 Jan 2022 08:49:38 +0100
Subject: Add CVE-2021-22570/protobuf

---
 data/CVE/2021.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 0f41ca5d6e..c824f23dd3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -58585,7 +58585,10 @@ CVE-2021-22572
 CVE-2021-22571
 	RESERVED
 CVE-2021-22570 (Nullptr dereference when a null char is present in a proto symbol. The ...)
-	TODO: check
+	[experimental] - protobuf 3.17.1-1
+	- protobuf <unfixed>
+	NOTE: Fixed upstream in v3.15.0: https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0
+	TODO: check details
 CVE-2021-22569 (An issue in protobuf-java allowed the interleaving of com.google.proto ...)
 	[experimental] - protobuf 3.19.3-1
 	- protobuf <unfixed>
-- 
cgit v1.2.3