From 2dd40ae3a8c88b28ecf775276cc8b62d9a9156e2 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 16 Feb 2022 09:25:22 +0100
Subject: Add CVE-2022-2523{5,6}/expat

---
 data/CVE/2022.list | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 945cdce0d1..ffdc4249e0 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -17,9 +17,11 @@ CVE-2022-25238
 CVE-2022-25237
 	RESERVED
 CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...)
-	TODO: check
+	- expat <unfixed>
+	NOTE: https://github.com/libexpat/libexpat/pull/561
 CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
-	TODO: check
+	- expat <unfixed>
+	NOTE: https://github.com/libexpat/libexpat/pull/562
 CVE-2022-25229
 	RESERVED
 CVE-2022-25228
-- 
cgit v1.2.3