From 790c79d6ea4d9f905bee07921dd85fead82aeed5 Mon Sep 17 00:00:00 2001
From: particleflux <particleflux@gmail.com>
Date: Fri, 26 Mar 2021 09:51:33 +0100
Subject: [PATCH] Fix facade/ignition CVE-2021-3129

The vulnerability in `facade/ignition` is falsely reported for version
2.4.2.

It has been fixed in https://github.com/facade/ignition/pull/334 for
2.5.x, and in https://github.com/facade/ignition/pull/356 for 2.4.x.

Fixes #543
---
 facade/ignition/CVE-2021-3129.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/facade/ignition/CVE-2021-3129.yaml b/facade/ignition/CVE-2021-3129.yaml
index ee35c4ecc..bfc43ec58 100644
--- a/facade/ignition/CVE-2021-3129.yaml
+++ b/facade/ignition/CVE-2021-3129.yaml
@@ -4,7 +4,10 @@ cve:       CVE-2021-3129
 branches:
     "master":
         time:     2020-11-17 09:18:00
-        versions: ['<=2.5.1', '>=2.0']
+        versions: ['<=2.5.1', '>=2.5.0']
+    "2.4.x":
+        time:     2020-11-17 09:18:00
+        versions: ['<=2.4.1', ">=2.0.0"]
     "1.x":
         time:     2021-02-13 10:47:03
         versions: ['<=1.16.13']