From b6a371b65f9706f4de5088ff132ef8282a356af0 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 24 Nov 2021 06:24:53 +0100
Subject: Add CVE-2020-16156/perl

---
 data/CVE/2020.list | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'data/CVE/2020.list')

diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 3ba12be977..9f3e252b05 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -33710,8 +33710,11 @@ CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vu
 	NOT-FOR-US: GoPro
 CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
 	NOT-FOR-US: Nagios Log Server
-CVE-2020-16156
+CVE-2020-16156 [Signature Verification Bypass]
 	RESERVED
+	- perl <unfixed>
+	NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
+	NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
 CVE-2020-16155 [does not uniquely define signed data]
 	RESERVED
 	- libcpan-checksums-perl <unfixed>
-- 
cgit v1.2.3