From 17a45edd6bc0f901ed51876d4407d40dd528c28d Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 2 Dec 2021 22:10:05 +0100
Subject: Add CVE-2021-41039/mosquitto

---
 data/CVE/2021.list | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 36215dc018..2b978b5e4e 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -8158,7 +8158,11 @@ CVE-2021-41041
 CVE-2021-41040
 	RESERVED
 CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...)
-	TODO: check
+	- mosquitto <unfixed>
+	[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
+	[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
+	NOTE: Proposed fix: https://bugzillaattachments.eclipsecontent.org/bugs/attachment.cgi?id=286914
 CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior  ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-41037
-- 
cgit v1.2.3