Clarify 49c364ab for mupdf

Vulnerable C code exists in the source package but this is neither compiled nor packaged in stretch. Set <ignored> in preference to <not-affected>.
author: Neil Williams <codehelp@debian.org> 2021-08-06 09:41:21 +0100
committer: Neil Williams <codehelp@debian.org> 2021-08-06 09:41:21 +0100
commit: eb9f76f35ead7c9a3b720a5071a0d297a18ef4de (patch)
tree: d6561bdfa3448f41de853e618f09db7589b7b4ac /data/CVE/list.2017
parent: 2667233a343d7ea710170067b83e8ee32f2c7a99 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 207e7aac6e..2b7ed5eb00 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -37212,7 +37212,7 @@ CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of
 CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...)
 	- mupdf 1.12.0+ds1-1 (unimportant)
 	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
-	[stretch] - mupdf <not-affected> (Vulnerable code not present)
+	[stretch] - mupdf <ignored> (Vulnerable code not packaged or compiled)
 	NOTE: Although jstest_main.c compiled during build and mujstest is created
 	NOTE: it is not included in the produced binary packages
 	NOTE: https://www.openwall.com/lists/oss-security/2017/02/18/1
author	Neil Williams <codehelp@debian.org>	2021-08-06 09:41:21 +0100
committer	Neil Williams <codehelp@debian.org>	2021-08-06 09:41:21 +0100
commit	eb9f76f35ead7c9a3b720a5071a0d297a18ef4de (patch)
tree	d6561bdfa3448f41de853e618f09db7589b7b4ac /data/CVE/list.2017
parent	2667233a343d7ea710170067b83e8ee32f2c7a99 (diff)