From 6ce9803c5edeed34d0bbd43f6f9cfef3cd115b9b Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Mon, 1 Nov 2021 11:34:56 +0000
Subject: Update 3 old CVEs for calibre - code removed

Prior to 1.10, Debian packaging removed the vulnerable code
(described in bug #584915), it was then removed upstream.
---
 data/CVE/2011.list | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 51b09714e5..4747a73489 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -2787,11 +2787,14 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO io
 	- libguestfs 1:1.14.8-1
 	- linux-2.6 <removed>
 CVE-2011-4126 (Race condition issues were found in Calibre at devices/linux_mount_hel ...)
-	TODO: check
+	- calibre 0.6.54+dfsg-1 (bug #584915)
+	NOTE: Vulnerable code removed upstream at version 1.10, removed by Debian packaging prior to that.
 CVE-2011-4125 (A untrusted search path issue was found in Calibre at devices/linux_mo ...)
-	TODO: check
+	- calibre 0.6.54+dfsg-1 (bug #584915)
+	NOTE: Vulnerable code removed upstream at version 1.10, removed by Debian packaging prior to that.
 CVE-2011-4124 (Input validation issues were found in Calibre at devices/linux_mount_h ...)
-	TODO: check
+	- calibre 0.6.54+dfsg-1 (bug #584915)
+	NOTE: Vulnerable code removed upstream at version 1.10, removed by Debian packaging prior to that.
 CVE-2011-4123
 	REJECTED
 CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
-- 
cgit v1.2.3