buster triage

mark one wp issue as undetermined, no actionable information except some second hand media reports

2 files changed, 5 insertions, 2 deletions

diff --git a/data/CVE/list b/data/CVE/list
index d19c4985cf..b602652318 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12765,6 +12765,7 @@ CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.
 	NOT-FOR-US: Actions Http-Client
 CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
 	- ruby-faye <unfixed> (bug #959392)
+	[buster] - ruby-faye <no-dsa> (Minor issue)
 	NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5
 	NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e
 CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...)
@@ -13834,6 +13835,7 @@ CVE-2020-10731
 	RESERVED
 CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found  ...)
 	- ldb 2:2.1.4-1
+	[buster] - ldb <no-dsa> (Minor issue)
 	- samba 2:4.12.5+dfsg-1
 	[buster] - samba <postponed> (Minor issue, fix along in next DSA)
 	[stretch] - ldb <not-affected> (Vulnerable code introduced later)
@@ -105388,8 +105390,7 @@ CVE-2018-1000801 (okular version 18.08 and earlier contains a Directory Traversa
 CVE-2018-1000800 (zephyr-rtos version 1.12.0 contains a NULL base pointer reference vuln ...)
 	NOT-FOR-US: zephyr-rtos
 CVE-2018-1000773 (WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation ...)
-	- wordpress <unfixed>
-	[jessie] - wordpress <postponed> (cf. CVE-2017-1000600)
+	- wordpress <undetermined>
 	NOTE: This CVE exists due to an incomplete fix in 4.9 for CVE-2017-1000600.
 CVE-2018-1000673
 	REJECTED
diff --git a/data/dsa-needed.txt b/data/dsa-needed.txt
index 42399b4585..39e3876209 100644
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -41,6 +41,8 @@ squid (jmm)
 --
 teeworlds (jmm)
 --
+tomcat9
+--
 xcftools
   Hugo proposed to work on this update
 --