From ff0ea77b0e59f2dc37ee2f996df7edddfb227cbe Mon Sep 17 00:00:00 2001
From: Anton Gladky <gladk@debian.org>
Date: Sat, 3 Apr 2021 22:29:44 +0200
Subject: Update information about CVE-2021-3426

---
 data/CVE/2021.list | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 15dc352e0f..648a1fcbdc 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -4366,7 +4366,7 @@ CVE-2021-28374 (The Debian courier-authlib package before 0.71.1-2 for Courier A
 	- courier-authlib 0.71.1-2 (bug #984810)
 	NOTE: Re-introduction of #378571 while migrating from debian/permissions to
 	NOTE: debian/courier-authdaemon.tmpfiles in 0.66.4-2.
-CVE-2021-3426
+CVE-2021-3426 (Running `pydoc -p` allows other local users to extract arbitrary files. The `/getfile?key=path` URL allows to read arbitrary file on the filesystem.)
 	RESERVED
 	[experimental] - python3.9 3.9.3-1
 	- python3.9 <unfixed>
@@ -4376,6 +4376,7 @@ CVE-2021-3426
 	- python3.5 <removed>
 	- python2.7 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.python.org/issue42988
+	NOTE: https://github.com/python/cpython/commit/9b999479c0022edfc9835a8a1f06e046f3881048
 	NOTE: https://python-security.readthedocs.io/vuln/pydoc-getfile.html
 	NOTE: https://github.com/python/cpython/pull/24337
 	NOTE: https://github.com/python/cpython/pull/24285
-- 
cgit v1.2.3