From caea15e92f2cb1f3998d980c3fd15c8b33e50317 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 18 Feb 2022 20:46:13 +0100
Subject: Reference upstream commits for CVE-2022-25235/expat

---
 data/CVE/2022.list | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index d3f52d2cdd..bdd407bef7 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -320,6 +320,10 @@ CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers
 CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...)
 	- expat <unfixed> (bug #1005894)
 	NOTE: https://github.com/libexpat/libexpat/pull/562
+	NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da
+	NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
+	NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f
+	NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379
 CVE-2022-25229
 	RESERVED
 CVE-2022-25228
-- 
cgit v1.2.3