From 495bc703711f5b44ddd95e236be389f9c2a4ec03 Mon Sep 17 00:00:00 2001
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 24 Sep 2022 11:28:31 +0200
Subject: mark CVE-2020-36604 as not-affected for Buster

---
 data/CVE/list | 1 +
 1 file changed, 1 insertion(+)

(limited to 'data/CVE/list')

diff --git a/data/CVE/list b/data/CVE/list
index de5b782733..df80d4fb91 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -78,6 +78,7 @@ CVE-2022-3277 [unrestricted creation of security groups]
 	TODO: details missing on RH bugzilla entry
 CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...)
 	- node-hoek 9.0.3+~5.0.0+~4.0.0-1
+	[buster] - node-hoek <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/hapijs/hoek/issues/352
 	NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3)
 CVE-2022-3276
-- 
cgit v1.2.3