Reassociate some older NFUs with the php-laravel-framework source package

1 files changed, 4 insertions, 3 deletions

diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 684d5ab911..26327c0d8b 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -5785,7 +5785,7 @@ CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass
 CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...)
 	NOT-FOR-US: Arq
 CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...)
-	NOT-FOR-US: Laravel framework
+	- php-laravel-framework <undetermined>
 CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...)
 	- piwigo <removed>
 CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...)
@@ -11984,7 +11984,8 @@ CVE-2017-14777
 CVE-2017-14776
 	REJECTED
 CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://github.com/laravel/framework/pull/21320
 CVE-2017-14774
 	RESERVED
 CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...)
@@ -27676,7 +27677,7 @@ CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulati
 	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
 	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77
 CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...)
-	NOT-FOR-US: Laravel
+	- php-laravel-framework <not-affected> (Fixed before initial upload to Debian)
 CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...)
 	NOT-FOR-US: RealPlayer
 CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)