From 7f5e2ed0fddc73403b6f6f665006727c6ed559cf Mon Sep 17 00:00:00 2001
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 2 Jul 2020 22:14:07 +0200
Subject: NFU one IM fixup in CVE list

---
 data/CVE/list | 21 +++++++++++----------
 data/DSA/list |  2 +-
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 455a3a05b6..7f3e611d85 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -977,7 +977,7 @@ CVE-2020-15048
 CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...)
 	- trojita <itp> (bug #795701)
 CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
-	TODO: check
+	NOT-FOR-US: Node traceroute
 CVE-2018-21267
 	RESERVED
 CVE-2018-21266
@@ -14490,7 +14490,8 @@ CVE-2020-10253
 CVE-2020-10252
 	RESERVED
 CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...)
-	- imagemagick <unfixed> (bug #953741)
+	- imagemagick <unfixed> (low; bug #953741)
+	[buster] - imagemagick <ignored> (Minor issue)
 	[stretch] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
 	[jessie] - imagemagick <not-affected> (Vulnerable code introduced later with HEIC image format support)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859
@@ -20332,7 +20333,7 @@ CVE-2020-7818
 CVE-2020-7817
 	RESERVED
 CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...)
-	TODO: check
+	NOT-FOR-US: DaView
 CVE-2020-7815
 	RESERVED
 CVE-2020-7814
@@ -20586,9 +20587,9 @@ CVE-2020-7691
 CVE-2020-7690
 	RESERVED
 CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...)
-	TODO: check
+	NOT-FOR-US: Node bcrypt
 CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
-	TODO: check
+	NOT-FOR-US: Node mversion
 CVE-2020-7687
 	RESERVED
 CVE-2020-7686
@@ -20606,7 +20607,7 @@ CVE-2020-7681
 CVE-2020-7680
 	RESERVED
 CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype Pollutio ...)
-	TODO: check
+	NOT-FOR-US: Node casperjs
 CVE-2020-7678
 	RESERVED
 CVE-2020-7677
@@ -20619,9 +20620,9 @@ CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-
 	NOTE: https://github.com/angular/angular.js/pull/17028
 	NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058
 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...)
-	TODO: check
+	NOT-FOR-US: Node cd-messenger
 CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...)
-	TODO: check
+	NOT-FOR-US: Node access-policy
 CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...)
 	TODO: check
 CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...)
@@ -59014,8 +59015,8 @@ CVE-2019-13309 (ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/5982632109cad48bc6dab867298fdea4dea57c51
 CVE-2019-13308 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow in MagickCor ...)
 	{DSA-4712-1}
-	- imagemagick <unfixed> (bug #931447)
-	[stretch] - imagemagick <postponed> (Needs further clarification on patch)
+	- imagemagick <unfixed> (low; bug #931447)
+	[stretch] - imagemagick <ignored> (Minor issue)
 	[jessie] - imagemagick <postponed> (minor, wait for upstream to clear patch-related questions)
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1595
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/19651f3db63fa1511ed83a348c4c82fa553f8d01
diff --git a/data/DSA/list b/data/DSA/list
index a3cd0b4963..2a47bbe623 100644
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -12,7 +12,7 @@
 	[stretch] - firefox-esr 68.10.0esr-1~deb9u1
 	[buster] - firefox-esr 68.10.0esr-1~deb10u1
 [30 Jun 2020] DSA-4712-1 imagemagick - security update
-	{CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949}
+	{CVE-2019-7175 CVE-2019-7395 CVE-2019-7396 CVE-2019-7397 CVE-2019-7398 CVE-2019-10649 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12977 CVE-2019-12978 CVE-2019-12979 CVE-2019-13135 CVE-2019-13137 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13308 CVE-2019-13309 CVE-2019-13311 CVE-2019-13454 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-16708 CVE-2019-16710 CVE-2019-16711 CVE-2019-16713 CVE-2019-19948 CVE-2019-19949 CVE-2019-13391}
 	[buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1
 [29 Jun 2020] DSA-4711-1 coturn - security update
 	{CVE-2020-4067 CVE-2020-6061 CVE-2020-6062}
-- 
cgit v1.2.3