From f9f18477359fc353b85a5784669f8888878f6bcc Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Fri, 14 Feb 2020 15:49:50 +0100
Subject: CVE-2014-0193/netty-3.9: add fixed version and upstream commit

---
 data/CVE/list.2014 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index 8e4170eaa2..f7b1cbad40 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -26111,6 +26111,8 @@ CVE-2014-0194
 CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...)
 	- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
 	- netty-3.9 <removed>
+	[stretch] - netty-3.9 3.9.9.Final-1
+	NOTE: https://github.com/netty/netty/commit/48edb7802b42b0e2eb5a55d8eca390e0c9066783
 CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...)
 	- foreman <itp> (bug #663101)
 CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before  ...)
-- 
cgit v1.2.3