From f190f380ddad501545c0e144b0aadab970c2f60f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20C=2E=20S=C3=A1nchez?= <roberto@debian.org>
Date: Tue, 4 Jan 2022 21:47:37 -0500
Subject: LTS: mark CVE-2019-20165/gpac as <not-affected> for stretch and
 buster

---
 data/CVE/2019.list | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index f2c191388a..647d1afb9b 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -2196,10 +2196,11 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
 CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
 	{DLA-2072-1}
 	- gpac 1.0.1+dfsg1-2 (bug #972053)
-	[buster] - gpac <no-dsa> (Minor issue)
-	[stretch] - gpac <no-dsa> (Minor issue)
+	[buster] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
+	[stretch] - gpac <not-affected> (Vulnerable code introduced later, in version 0.8.0)
 	NOTE: https://github.com/gpac/gpac/issues/1338
 	NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #1)
+	NOTE: Introduced by https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf
 CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
 	- gpac <not-affected> (Vulnerable code introduced in 0.7.0)
 	NOTE: https://github.com/gpac/gpac/issues/1332
-- 
cgit v1.2.3