Mark CVE-2018-11798/thrift as unimportant

unimportant as the source is affected, but the binary packages are configured via debian/rules --without-nodejs and thus not including the nodejs module.
author: Salvatore Bonaccorso <carnil@debian.org> 2019-01-08 21:44:44 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2019-01-08 21:44:44 +0100
commit: b802cea664d0fbfefd967ad5bd535e2c8ecf2277 (patch)
tree: 50ca3fd72120c67ff356b9a85a319004456421d7 /data
parent: 01cd2f656387fedee7e1b6c30c7568778f86aec3 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 48165a1f3a..f1aed0678a 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -34420,9 +34420,10 @@ CVE-2018-11800
 CVE-2018-11799 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 5.0.0 ...)
 	NOT-FOR-US: Apache Oozie
 CVE-2018-11798 (The Apache Thrift Node.js static web server in versions 0.9.2 through ...)
-	- thrift <unfixed>
+	- thrift <unfixed> (unimportant)
 	NOTE: https://issues.apache.org/jira/browse/THRIFT-4647
 	NOTE: https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
+	NOTE: src:thrift in Debian configured with --without-nodejs
 CVE-2018-11797 (In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully ...)
 	{DLA-1547-1}
 	- libpdfbox-java 1:1.8.16-1 (bug #910390)
author	Salvatore Bonaccorso <carnil@debian.org>	2019-01-08 21:44:44 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2019-01-08 21:44:44 +0100
commit	b802cea664d0fbfefd967ad5bd535e2c8ecf2277 (patch)
tree	50ca3fd72120c67ff356b9a85a319004456421d7 /data
parent	01cd2f656387fedee7e1b6c30c7568778f86aec3 (diff)