From e4550978b064884b3b22656400c81a27c91d09bd Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 6 Mar 2021 09:28:40 +0100
Subject: Add CVE-2020-28502/{node-xmlhttprequest,node-xmlhttprequest-ssl}

---
 data/CVE/2020.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a741328d2f..715ec12097 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -5447,7 +5447,10 @@ CVE-2020-28504
 CVE-2020-28503
 	RESERVED
 CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of  ...)
-	TODO: check
+	- node-xmlhttprequest 1.8.0-1
+	- node-xmlhttprequest-ssl <unfixed>
+	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
+	NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
 CVE-2020-28501
 	RESERVED
 CVE-2020-28500 (All versions of package lodash; all versions of package org.fujion.web ...)
-- 
cgit v1.2.3