From 255eefbc38c04370d53a6280641208663fc04488 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 23 Jun 2022 08:35:10 +0200
Subject: Add CVE-2022-33068/harfbuzz

---
 data/CVE/list | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index f64c94bde3..194e34a4de 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2971,7 +2971,9 @@ CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmeti
 CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...)
 	TODO: check
 CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...)
-	TODO: check
+	- harfbuzz <unfixed>
+	NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557
+	NOTE: https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593
 CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...)
 	TODO: check
 CVE-2022-33066
-- 
cgit v1.2.3