From 04e613f5ecfa259ba9cf7b3bea178c482b3cd51b Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 27 Feb 2021 11:59:22 +0100
Subject: Add CVE-2020-27223/jetty

---
 data/CVE/2020.list | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'data/CVE/2020.list')

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 4dd50f23ed..8ea454370f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -8490,7 +8490,9 @@ CVE-2020-27225
 CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...)
-	TODO: check
+	- jetty9 <unfixed>
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
+	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7
 CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...)
 	NOT-FOR-US: Eclipse Californium
 CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...)
-- 
cgit v1.2.3