From 8fa1cde4d87f6e4096cc207f16643849715a6a27 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 23 Jun 2022 07:40:17 +0200
Subject: Add CVE-2022-33105/redis

Keep a TODO as not yet verified it affects ever only the v7 releases for
redis. If so then no unstable version was affected because all previous
releases in v7 series were to experimental and as well already based on
the 7.0.1 version.

Needs a second pair of eyes to verify where the issue was introduced.
---
 data/CVE/list | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list b/data/CVE/list
index 2c9256cd8b..500a0fcffa 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2891,7 +2891,11 @@ CVE-2022-33107
 CVE-2022-33106
 	RESERVED
 CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...)
-	TODO: check
+	- redis 5:7.0.1-4
+	NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1)
+	NOTE: https://github.com/redis/redis/pull/10753
+	NOTE: https://github.com/redis/redis/pull/10829
+	TODO: check, if it affects only the v7.0 series, if so there was never an affected version in Debian unstable
 CVE-2022-33104
 	RESERVED
 CVE-2022-33103
-- 
cgit v1.2.3