From 9c5aa1c7a3aa0a9747f432b00566a043316db48f Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 3 Mar 2021 17:18:44 +0100
Subject: newlib issue affects picolibc

---
 data/CVE/2021.list | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 38f3825650..54bd60aa7d 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -1,8 +1,10 @@
 CVE-2021-3420
 	RESERVED
 	- newlib <unfixed>
+	- picolibc 1.5-1
+	NOTE: Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
 	NOTE: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
-	TODO: check libnewlib-nano, picolibc potentially derived code, if not then the CVE does not apply
+	TODO: check libnewlib-nano, potentially derived code, if not then the CVE does not apply
 CVE-2021-27917
 	RESERVED
 CVE-2021-27916
-- 
cgit v1.2.3