From b063fb34d3b6b8e71e44bf3eff40f6ba64bc5b13 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 7 Dec 2021 10:19:24 +0100
Subject: Add CVE-2021-44420/python-django

---
 data/CVE/2021.list | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'data')

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 7ba365d2d4..26c86c6a32 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -666,8 +666,13 @@ CVE-2021-44422
 	RESERVED
 CVE-2021-44421
 	RESERVED
-CVE-2021-44420
+CVE-2021-44420 [Potential bypass of an upstream access control based on URL paths]
 	RESERVED
+	- python-django <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1
+	NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/
+	NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10)
+	NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25)
 CVE-2021-44419
 	RESERVED
 CVE-2021-44418
-- 
cgit v1.2.3