From 3ebf1d9cb7673f2194d664a9b0a55d384ff0df68 Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Mon, 1 Nov 2021 12:05:30 +0000
Subject: Add notes on CVE-2020-27304/civetweb

---
 data/CVE/2020.list | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index ca6fcc1d40..3d1d50f614 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -9211,7 +9211,11 @@ CVE-2020-27306
 CVE-2020-27305
 	RESERVED
 CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...)
-	TODO: check
+	- civetweb 1.15+dfsg-1
+	NOTE: vulnerable code is an example, not packaged by Debian but present in source package
+	NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ
+	NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1
+	NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac
 CVE-2020-27303
 	RESERVED
 CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)
-- 
cgit v1.2.3