From 163454f82c0a0c12b9d7a03f5eb392cc05c20837 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Fri, 13 Nov 2020 17:01:40 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2020/15xxx/CVE-2020-15802.json | 5 +++++
 2020/26xxx/CVE-2020-26222.json | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/2020/15xxx/CVE-2020-15802.json b/2020/15xxx/CVE-2020-15802.json
index 3864c386223..a79085de40d 100644
--- a/2020/15xxx/CVE-2020-15802.json
+++ b/2020/15xxx/CVE-2020-15802.json
@@ -61,6 +61,11 @@
                 "refsource": "MISC",
                 "name": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709",
                 "url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/",
+                "url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
             }
         ]
     }
diff --git a/2020/26xxx/CVE-2020-26222.json b/2020/26xxx/CVE-2020-26222.json
index a1b25a8eb09..4e6dedb7c01 100644
--- a/2020/26xxx/CVE-2020-26222.json
+++ b/2020/26xxx/CVE-2020-26222.json
@@ -35,7 +35,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go.\nIn Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code.\n\nFor example, if Dependabot is configured to use the following source branch name: \"/$({curl,127.0.0.1})\", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository.\n\nThe fix was applied to version 0.125.1.\n\nAs a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class."
+                "value": "Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: \"/$({curl,127.0.0.1})\", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class."
             }
         ]
     },