From 1b58dd59f752cf0a76f2da3109773cfc9ae03a56 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 5 Feb 2021 07:21:55 +0100
Subject: Add upstream commit for CVE-2018-20835

---
 data/CVE/2018.list | 1 +
 1 file changed, 1 insertion(+)

(limited to 'data/CVE/2018.list')

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 6415f59646..6868118721 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1014,6 +1014,7 @@ CVE-2018-20836 (An issue was discovered in the Linux kernel before 4.20. There i
 	NOTE: Fixed by: https://git.kernel.org/linus/b90cd6f2b905905fb42671009dc0e27c310a16ae
 CVE-2018-20835 (A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File O ...)
 	- node-tar-fs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2 (v1.16.2)
 CVE-2018-20834 (A vulnerability was found in node-tar before version 4.4.2 (excluding  ...)
 	- node-tar 4.4.4+ds1-2
 	[stretch] - node-tar <end-of-life> (Nodejs in stretch not covered by security support, minor issue)
-- 
cgit v1.2.3