From e4d1679a5964cbd16e4ba23f94fc9d4bd3a2f489 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 24 Sep 2022 14:30:01 +0200
Subject: Track upstream commits and fixes for CVE-2021-28861

---
 data/CVE/list | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'data/CVE/list')

diff --git a/data/CVE/list b/data/CVE/list
index 3736fcefc8..3fda6555b1 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -104449,7 +104449,17 @@ CVE-2021-28863
 CVE-2021-28862
 	RESERVED
 CVE-2021-28861 (** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnera ...)
-	NOT-FOR-US: Disputed Python issue
+	- python3.11 3.11.0~b4-1 (unimportant)
+	- python3.10 3.10.6-1 (unimportant)
+	- python3.9 <unfixed> (unimportant)
+	- python3.7 <removed> (unimportant)
+	NOTE: https://bugs.python.org/issue43223
+	NOTE: https://github.com/python/cpython/pull/93879
+	NOTE: https://github.com/python/cpython/commit/e2e8847bf52f4a81490653c6d13b7e3821b2c2be (v3.11.0b4)
+	NOTE: https://github.com/python/cpython/commit/5715382d3a89ca118ce2e224d8c69550d21fe51b (v3.10.6)
+	NOTE: https://github.com/python/cpython/commit/defaa2b19a9a01c79c1d5641a8aa179bb10ead3f (v3.9.14)
+	NOTE: https://github.com/python/cpython/commit/4dc2cae3abd75f386374d0635d00443b897d0672 (v3.8.14)
+	NOTE: https://github.com/python/cpython/commit/8a34afd55258c721e446d6de4a70353c39a24148 (v3.7.14)
 CVE-2021-28860 (In Node.js mixme, prior to v0.5.1, an attacker can add or alter proper ...)
 	NOT-FOR-US: Node mixme
 CVE-2021-28859
-- 
cgit v1.2.3