From 00c9c7c32ce5e9ff2d5c928f3841ec88fa7e7ae3 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 23 Jun 2022 08:10:42 +0200
Subject: Add CVE-2022-3012{2,3}/ruby-rack

---
 data/CVE/list | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index b915226ff7..52628ac3a3 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11100,10 +11100,17 @@ CVE-2022-30125
 	RESERVED
 CVE-2022-30124
 	RESERVED
-CVE-2022-30123
+CVE-2022-30123 [Possible shell escape sequence injection vulnerability in Rack]
 	RESERVED
-CVE-2022-30122
+	- ruby-rack <unfixed>
+	NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8
+	NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr
+	NOTE: https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 (main)
+CVE-2022-30122 [Denial of Service Vulnerability in Rack Multipart Parsing]
 	RESERVED
+	- ruby-rack <unfixed>
+	NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk
+	NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2
 CVE-2022-30121
 	RESERVED
 CVE-2022-30120
-- 
cgit v1.2.3