Add CVE-2021-44686/calibre

Note that the CVE description is wrong, but the upstream commit 235b7e38c197 ("Fix inefficient regex that slows down a lot with certain input. Fixes #1951979 [Private bug](https://bugs.launchpad.net/calibre/+bug/1951979)") references the right launchpad bug and is about the described issue. Additionally matches the information from LP: 1951979.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-12-07 09:27:04 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-12-07 09:27:04 +0100
commit: a98b48261e319048e8cd7b88f7b3ec8973dd9cd5 (patch)
tree: c0d01225fbbad7de4b632156bd7acaaa7af82226
parent: 2fa36984f043f286b18ed9540ba37b159aca15ef (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index f2bbb61a64..bfa0a325ae 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,7 +11,9 @@ CVE-2021-44688
 CVE-2021-44687
 	RESERVED
 CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...)
-	TODO: check
+	- calibre 5.33.0+dfsg-1
+	NOTE: https://bugs.launchpad.net/calibre/+bug/1951979
+	NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)
 CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...)
 	TODO: check
 CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-12-07 09:27:04 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-12-07 09:27:04 +0100
commit	a98b48261e319048e8cd7b88f7b3ec8973dd9cd5 (patch)
tree	c0d01225fbbad7de4b632156bd7acaaa7af82226
parent	2fa36984f043f286b18ed9540ba37b159aca15ef (diff)