From bba8a702e5931ea34df71945ba54156434669ca6 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 2 Dec 2021 22:13:51 +0100
Subject: CVE-2021-41039: Replace reference for proposed fix with fix in
 upstream repository

---
 data/CVE/list.2021 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 2b978b5e4e..83eade45ac 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -8162,7 +8162,7 @@ CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 clien
 	[buster] - mosquitto <not-affected> (Vulnerable code introduced later)
 	[stretch] - mosquitto <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314
-	NOTE: Proposed fix: https://bugzillaattachments.eclipsecontent.org/bugs/attachment.cgi?id=286914
+	NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12)
 CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior  ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-41037
-- 
cgit v1.2.3