Add additional reference for CVE-2020-27843

Note, that while the commit make it avoid the oub of bounds access of the reported issue it is likely not meant to be the final and proper fix.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-02-28 10:28:25 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-02-28 10:28:25 +0100
commit: 1369010f03ae98e7a7ca51345061e50b21082c2d (patch)
tree: a9294d96e68c3f00a153a533ea0736b375ce0357 /data/CVE/2020.list
parent: 3a147752266e72b95bc6ed1e9d450f2ebc8c8f5c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 0f1fce11dd..116fdddb2f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -6922,6 +6922,7 @@ CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This fl
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
 	[stretch] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1297
+	NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0)
 CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...)
 	- openjpeg2 <unfixed>
 	[buster] - openjpeg2 <no-dsa> (Minor issue)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-02-28 10:28:25 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-02-28 10:28:25 +0100
commit	1369010f03ae98e7a7ca51345061e50b21082c2d (patch)
tree	a9294d96e68c3f00a153a533ea0736b375ce0357 /data/CVE/2020.list
parent	3a147752266e72b95bc6ed1e9d450f2ebc8c8f5c (diff)