From 5e1af654be2cc6ac569fde6a437db0038700e762 Mon Sep 17 00:00:00 2001
From: Aron Xu <aron@debian.org>
Date: Wed, 19 Jan 2022 16:54:23 +0800
Subject: Reference upstream commit for CVE-2022-0235/node-fetch

---
 data/CVE/2022.list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index 570adbc336..f443fa0bdb 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -524,7 +524,7 @@ CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium vers
 CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...)
 	- node-fetch <unfixed>
 	NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
-	TODO: check fixing commit
+	NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1)
 CVE-2022-0234
 	RESERVED
 CVE-2022-0233 (The ProfileGrid &#8211; User Profiles, Memberships, Groups and Communi ...)
-- 
cgit v1.2.3