From 6ff5af13ce5ba1d1b0a77c3594679537ed848d81 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 24 Nov 2021 06:22:39 +0100
Subject: Add CVE-2020-16155/libcpan-checksums-perl

---
 data/CVE/2020.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'data/CVE/2020.list')

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a8ac961ca5..3ba12be977 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -33712,8 +33712,11 @@ CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.
 	NOT-FOR-US: Nagios Log Server
 CVE-2020-16156
 	RESERVED
-CVE-2020-16155
+CVE-2020-16155 [does not uniquely define signed data]
 	RESERVED
+	- libcpan-checksums-perl <unfixed>
+	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16154 [Signature Verification Bypass]
 	RESERVED
 	- cpanminus <unfixed>
-- 
cgit v1.2.3