Add CVE-2021-22876/curl

author: Salvatore Bonaccorso <carnil@debian.org> 2021-03-31 08:19:06 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-03-31 08:19:06 +0200
commit: 0057ea4b2ee32ba45f399078eff0688971d8e9c2 (patch)
tree: 033ae86fcf7e2a9e3850dc1717db61a33243fed6
parent: b4ca512a7d007c599f34a579387d2e803b578e87 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index f231b90545..1ad44e9b89 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -15093,8 +15093,11 @@ CVE-2021-22878 (Nextcloud Server prior to 20.0.6 is vulnerable to reflected cros
 	- nextcloud-server <itp> (bug #941708)
 CVE-2021-22877 (A missing user check in Nextcloud prior to 20.0.6 inadvertently popula ...)
 	- nextcloud-server <itp> (bug #941708)
-CVE-2021-22876
+CVE-2021-22876 [Automatic referer leaks credentials]
 	RESERVED
+	- curl <unfixed>
+	NOTE: https://curl.se/docs/CVE-2021-22876.html
+	NOTE: Fixed by: https://github.com/curl/curl/commit/7214288898f5625a6cc196e22a74232eada7861c
 CVE-2021-22875 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
 	NOT-FOR-US: Revive Adserver
 CVE-2021-22874 (Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerab ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-03-31 08:19:06 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-03-31 08:19:06 +0200
commit	0057ea4b2ee32ba45f399078eff0688971d8e9c2 (patch)
tree	033ae86fcf7e2a9e3850dc1717db61a33243fed6
parent	b4ca512a7d007c599f34a579387d2e803b578e87 (diff)