Demote CVE-2014-2875 to unimportant

Reasoning: as per previous commit the issue is present, but due to the code beeing broken the issue is unexploitable. Mark the issue as unfixed but demote it to unimportant.
author: Salvatore Bonaccorso <carnil@debian.org> 2020-03-31 22:41:38 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-03-31 22:41:38 +0200
commit: 9770cd8ac9fc7520d7f8fc9d91d27957c0f6fd61 (patch)
tree: 74d925847d84ea85dc463ca5c52be41af0c86c31 /data/CVE/list.2014
parent: d1076483936710831c8da66e9b03ee8762120255 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list.2014 b/data/CVE/list.2014
index 957d49fd15..cf502428b9 100644
--- a/data/CVE/list.2014
+++ b/data/CVE/list.2014
@@ -19574,10 +19574,11 @@ CVE-2014-2877
 CVE-2014-2876
 	RESERVED
 CVE-2014-2875 (The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses wea ...)
-	- lua-cgi <not-affected> (code is broken and cannot be exploited)
+	- lua-cgi <unfixed> (unimportant)
 	NOTE: https://github.com/keplerproject/cgilua/issues/17
 	NOTE: https://bugs.debian.org/953037
 	NOTE: https://bugs.debian.org/954300
+	NOTE: The code itself is broken and thus cannot be exploited per se if not fixed.
 CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
 	- virtualenvwrapper 4.3-1 (low; bug #745580)
 	[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-03-31 22:41:38 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-03-31 22:41:38 +0200
commit	9770cd8ac9fc7520d7f8fc9d91d27957c0f6fd61 (patch)
tree	74d925847d84ea85dc463ca5c52be41af0c86c31 /data/CVE/list.2014
parent	d1076483936710831c8da66e9b03ee8762120255 (diff)