From ed85481b4d3ff9af3777540825bb5e78153c0bf4 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 2 Dec 2021 22:35:07 +0100
Subject: Update status for CVE-2021-41816

---
 data/CVE/2021.list | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 0ab975fb7b..64e06e27dc 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6302,8 +6302,8 @@ CVE-2021-41816 [Buffer Overrun in CGI.escape_html]
 	RESERVED
 	- ruby3.0 <unfixed>
 	- ruby2.7 <unfixed>
-	- ruby2.5 <removed>
-	- ruby2.3 <removed>
+	- ruby2.5 <not-affected> (Vulnerable code introduced later)
+	- ruby2.3 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed in Ruby 3.0.3, 2.7.5
 	NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/
 	NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0)
-- 
cgit v1.2.3