exiv2 fixed

NFUs

2 files changed, 19 insertions, 9 deletions

diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 5828f756f5..7012eb071d 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -2894,8 +2894,8 @@ CVE-2018-20098 (There is a heap-based buffer over-read in Exiv2::Jp2Image::encod
 CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (low)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/590
 	NOTE: https://github.com/Exiv2/exiv2/commit/203ab0db28c9666b16069d4056ac5f66f753a51d
 CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...)
@@ -4502,8 +4502,8 @@ CVE-2018-19536
 CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #915135)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/428
 	NOTE: https://github.com/Exiv2/exiv2/pull/430
 CVE-2018-19534
@@ -5646,8 +5646,8 @@ CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended
 CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913272)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/426
 	NOTE: https://github.com/Exiv2/exiv2/pull/518
 	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
@@ -5655,8 +5655,8 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in
 CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...)
 	{DLA-1691-1}
 	- exiv2 <unfixed> (bug #913273)
-	[buster] - exiv2 <no-dsa> (Minor issue)
-	[stretch] - exiv2 <no-dsa> (Minor issue)
+	[buster] - exiv2 <ignored> (Minor issue)
+	[stretch] - exiv2 <ignored> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/issues/427
 	NOTE: https://github.com/Exiv2/exiv2/pull/518
 	NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b
@@ -31960,7 +31960,7 @@ CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in c
 	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
 	NOTE: https://github.com/Exiv2/exiv2/issues/247
 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial  ...)
-	- exiv2 <unfixed> (low; bug #903813)
+	- exiv2 0.27.2-6 (low; bug #903813)
 	[buster] - exiv2 <ignored> (Minor issue)
 	[stretch] - exiv2 <ignored> (Minor issue)
 	[jessie] - exiv2 <ignored> (Minor issue)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 5b09726ff9..b93efbc83e 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -12877,24 +12877,34 @@ CVE-2020-2109
 	RESERVED
 CVE-2020-2108
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2107
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2106
 	RESERVED
+	NOT-FOR-US: Jenkins plugin
 CVE-2020-2105
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2104
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2103
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2102
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2101
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2100
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2099
 	RESERVED
+	NOT-FOR-US: Jenkins
 CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...)