From e323cb2579b0f9c6578d6300492187b6974c7773 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 15 Nov 2021 19:22:18 +0100
Subject: CVE-2021-43608: Add explanation after <not-affected> tag

---
 data/CVE/2021.list | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 4f932e7033..a774dd7fd3 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -284,8 +284,9 @@ CVE-2021-43609
 	RESERVED
 CVE-2021-43608 [SQL Injection Security Vulnerability]
 	RESERVED
-	- php-doctrine-dbal <not-affected>
-	NOTE: Bug was introduced in 3.0, and fixed in experimental in 3.1.4+dfsg-1
+	- php-doctrine-dbal <not-affected> (Vulnerable code introduced in 3.0.0)
+	NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and
+	NOTE: only present in experimental suite.
 	NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622
 CVE-2021-43607
 	RESERVED
-- 
cgit v1.2.3