From 08d5b38c3d1079279f7dc01121b90eeaf91d1ef5 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 29 Nov 2021 22:21:36 +0100
Subject: Update status for CVE-2021-4024/libpod

---
 data/CVE/2021.list | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 5567a597f4..34a81461b9 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -269,8 +269,12 @@ CVE-2021-44228
 CVE-2021-4024 [podman: podman machine spawns gvproxy with port binded to all IPs]
 	RESERVED
 	- libpod <unfixed>
+	[bullseye] - libpod <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675
 	NOTE: https://twitter.com/discordianfish/status/1463462371675066371
+	NOTE: https://github.com/containers/podman/pull/12283
+	NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1)
+	NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48
 CVE-2021-44227
 	RESERVED
 CVE-2021-44226
-- 
cgit v1.2.3