From 32b301fe5748ebb3925d46eece7c7aff1f741198 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 1 Dec 2021 07:49:42 +0100
Subject: Add CVE-2021-41816/ruby

---
 data/CVE/2021.list | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 30be18fe1a..6a5ce323a2 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6143,8 +6143,15 @@ CVE-2021-41817 [Regular Expression Denial of Service Vulnerability of Date Parsi
 	NOTE: Followups to mimic previous behaviour:
 	NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2)
 	NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2)
-CVE-2021-41816
+CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
 	RESERVED
+	- ruby3.0 <unfixed>
+	- ruby2.7 <unfixed>
+	- ruby2.5 <removed>
+	- ruby2.3 <removed>
+	NOTE: Fixed in Ruby 3.0.3, 2.7.5
+	NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
+	TODO: check upstream commits
 CVE-2021-41815
 	RESERVED
 CVE-2021-41814
-- 
cgit v1.2.3