From d1ce8cecd378158e220adc44b98c39aaa7fcb61e Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 23 Sep 2020 22:40:15 +0200
Subject: Add additional reference for CVE-2020-8252

This one is not yet public, but hopefully soon which can give additional
background to the issue.
---
 data/CVE/2020.list | 1 +
 1 file changed, 1 insertion(+)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 63cae552ac..13eb7bbe3e 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -39045,6 +39045,7 @@ CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before R
 CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
 	- libuv1 1.39.0-1
 	[stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
+	NOTE: https://hackerone.com/reports/965914
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
 	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead
 	NOTE: of the bundled one.
-- 
cgit v1.2.3