From 0684454437ba183b95f8fd75830d1d2887d14798 Mon Sep 17 00:00:00 2001
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 25 Sep 2022 16:23:47 +0200
Subject: mark CVE-2022-25869 and CVE-2022-25844 as no-dsa for Buster

---
 data/CVE/list | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 818b8276be..c9140feef8 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -42150,6 +42150,7 @@ CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pol
 CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
 	- angular.js <unfixed>
 	[bullseye] - angular.js <no-dsa> (Minor issue)
+	[buster] - angular.js <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781
 CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to  ...)
 	NOT-FOR-US: socket.io-client-java
@@ -42206,6 +42207,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to
 CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
 	- angular.js <unfixed> (bug #1014779)
 	[bullseye] - angular.js <no-dsa> (Minor issue)
+	[buster] - angular.js <no-dsa> (Minor issue, probably even not-affected)
 	[stretch] - angular.js <ignored> (Nodejs in stretch not covered by security support)
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
 CVE-2022-25843
-- 
cgit v1.2.3