From 9ec33a4fb03801d472dc93a34494f1e9797b8473 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 23 Sep 2022 08:48:24 +0200
Subject: Update information for CVE-2022-4131{7,8}/squid

---
 data/CVE/list | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'data/CVE/list')

diff --git a/data/CVE/list b/data/CVE/list
index 823eb948aa..bf8d3d8e8d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20,16 +20,18 @@ CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rd
 	- rdiffweb <itp> (bug #969974)
 CVE-2022-3266
 	RESERVED
-CVE-2022-41318
+CVE-2022-41318 [Buffer Over Read in SSPI and SMB Authentication]
 	- squid <unfixed>
 	- squid3 <removed>
-	TODO: check
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2
-CVE-2022-41317
+	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch
+	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7)
+CVE-2022-41317 [Exposure of Sensitive Information in Cache Manager]
 	- squid <unfixed>
 	- squid3 <removed>
-	TODO: check
 	NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1
+	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
+	NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7)
 CVE-2022-41313
 	RESERVED
 CVE-2022-41312
-- 
cgit v1.2.3