From ff2be5019977b2efdc785f8b5e0f6666b37c2a1f Mon Sep 17 00:00:00 2001
From: Neil Williams <codehelp@debian.org>
Date: Thu, 18 Nov 2021 10:47:57 +0000
Subject: CVE-2021-41164,CVE-2021-41165/ckeditor bug #999909

---
 data/CVE/2021.list | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 9a8f4cca65..db0083ec6f 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6470,9 +6470,11 @@ CVE-2021-41167 (modern-async is an open source JavaScript tooling library for as
 CVE-2021-41166
 	RESERVED
 CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...)
-	TODO: check
+	- ckeditor <unfixed> (bug #999909)
+	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0)
 CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions  ...)
-	TODO: check
+	- ckeditor <unfixed> (bug #999909)
+	NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0)
 CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...)
 	NOT-FOR-US: Discourse
 CVE-2021-41162
-- 
cgit v1.2.3