automatic update

8 files changed, 50 insertions, 64 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 458c1b3421..9de6ba0658 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -6,7 +6,7 @@ CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default passw
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2483
 	- linux-2.6 2.4.20
-CVE-2002-2444 (Snoopy 2.0.0-1 has a security hole in exec cURL ...)
+CVE-2002-2444 (Snoopy before 2.0.0 has a security hole in exec cURL ...)
 	- libphp-snoopy <not-affected> (affected version never was in the repo)
 	NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
 	NOTE: http://sourceforge.net/p/snoopy/bugs/13/
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 8476c5cf17..e5ec0f9c6e 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -4358,8 +4358,7 @@ CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiO
 	NOT-FOR-US: FortiGate
 CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...)
 	NOT-FOR-US: FortiGate
-CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
-	RESERVED
+CVE-2005-3056 (TWiki allows arbitrary shell command execution via the Include functio ...)
 	- twiki 20040902-2 (bug #330733; high)
 CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial  ...)
 	{DSA-1017-1}
@@ -7325,10 +7324,9 @@ CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris,
 CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory f ...)
 	{DSA-744-1}
 	- fuse 2.3.0-1
-CVE-2005-2349 (Zoo 2.10-27 has Directory traversal ...)
+CVE-2005-2349 (Zoo 2.10 has Directory traversal ...)
 	- zoo 2.10-4 (low; bug #309594)
-CVE-2005-2350 [Cross Site Scripting in websieve]
-	RESERVED
+CVE-2005-2350 (Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remo ...)
 	- websieve <removed> (bug #311838; low)
 CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
 	NOT-FOR-US: phpCMS
@@ -7529,8 +7527,7 @@ CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to
 	- php4 4:4.3.10-16 (low)
 CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
 	- moodle 1.4.4.dfsg.1-3
-CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
-	RESERVED
+CVE-2005-2351 (Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of ser ...)
 	- mutt 1.5.20-7 (bug #311296; unimportant)
 	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
 	NOTE: An "attacker" could achieve the same by simply filling up /tmp
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 02910271a1..2d907ca1f0 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -583,10 +583,10 @@ CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC
 	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
 	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
 	NOTE: of the weird CVE assignments on this one
-CVE-2009-4900 (pixelpost 1.7.1-5 has XSS ...)
+CVE-2009-4900 (pixelpost 1.7.1 has XSS ...)
 	- pixelpost <removed> (bug #597224)
 	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
-CVE-2009-4899 (pixelpost 1.7.1-5 has SQL injection ...)
+CVE-2009-4899 (pixelpost 1.7.1 has SQL injection ...)
 	- pixelpost <removed> (bug #597224)
 	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
 CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2  ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index fc8f4eb637..7643d2b015 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -2659,7 +2659,7 @@ CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c
 	- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pf ...)
 	NOT-FOR-US: pfSense
-CVE-2010-4245 (pootle 2.0.5-0.2 has XSS via 'match_names' parameter ...)
+CVE-2010-4245 (pootle 2.0.5 has XSS via 'match_names' parameter ...)
 	- pootle 2.0.5-0.3 (low; bug #604060)
 	[lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4244
@@ -4296,12 +4296,10 @@ CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and oth
 CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...)
 	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3660 [Multiple security issues]
-	RESERVED
+CVE-2010-3660 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
 	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
-CVE-2010-3661 [Multiple security issues]
-	RESERVED
+CVE-2010-3661 (TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x ...)
 	{DSA-2098-1}
 	- typo3-src 4.3.5-1 (bug #590719)
 CVE-2010-3662 [Multiple security issues]
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 9716dd7396..6c306a53b0 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -3385,8 +3385,7 @@ CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Goog
 CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...)
 	- chromium-browser 16.0.912.77~r118311-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2011-3923 [struts ParameterInterceptor remote code execution]
-	RESERVED
+CVE-2011-3923 (Apache Struts before 2.3.1.2 allows remote attackers to bypass securit ...)
 	- libstruts1.2-java <not-affected> (Only affects 2.x)
 	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009
 	NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 2d180da6f8..78f7bc0609 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -9287,8 +9287,7 @@ CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to exe
 	- webmin <removed>
 CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on  ...)
 	NOT-FOR-US: Samsung and HTC Android
-CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
-	RESERVED
+CVE-2012-2979 (FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child ...)
 	- nsd3 <not-affected> (Debian version not affected)
 CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x bef ...)
 	{DSA-2515-1}
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index ceeea3cccb..653edc76c8 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -6998,8 +6998,7 @@ CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
 CVE-2013-4752
 	RESERVED
 	NOT-FOR-US: Symfony HttpFoundation component
-CVE-2013-4751
-	RESERVED
+CVE-2013-4751 (php-symfony2-Validator has loss of information during serialization ...)
 	NOT-FOR-US: Symfony Validator component
 CVE-2013-4750
 	RESERVED
@@ -8216,8 +8215,7 @@ CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and ea
 	{DSA-3006-1}
 	- xen 4.4.0-1
 	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
-CVE-2013-4367
-	RESERVED
+CVE-2013-4367 (ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain ...)
 	NOT-FOR-US: ovirt
 CVE-2013-4366 (http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x bef ...)
 	- httpcomponents-client 4.3.2-1
@@ -10074,8 +10072,7 @@ CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in
 	NOT-FOR-US: Wordpress plugin Feedweb
 CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe componen ...)
 	NOT-FOR-US: Joomla!
-CVE-2013-3718 [evince missing check on number of pages]
-	RESERVED
+CVE-2013-3718 (evince is missing a check on number of pages which can lead to a segme ...)
 	- evince 3.10.0-1
 	[wheezy] - evince <not-affected>
 	[squeeze] - evince <not-affected> (Vulnerable code not present)
@@ -12384,13 +12381,11 @@ CVE-2013-2741 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2
 	NOT-FOR-US: BackupBuddy plugin for WordPress
 CVE-2013-2740
 	RESERVED
-CVE-2013-2739 [heap-based buffer overflow]
-	RESERVED
+CVE-2013-2739 (MiniDLNA has heap-based buffer overflow ...)
 	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
 	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
 	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
-CVE-2013-2738 [SQL Injection]
-	RESERVED
+CVE-2013-2738 (minidlna has SQL Injection that may allow retrieval of arbitrary files ...)
 	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
 	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
 	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
@@ -12687,8 +12682,7 @@ CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject Activ
 	NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
 CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allo ...)
 	NOT-FOR-US: Citrix XenClient XT
-CVE-2013-2600 [MiniUPnPd information disclosure]
-	RESERVED
+CVE-2013-2600 (MiniUPnPd has information disclosure use of snprintf() ...)
 	- miniupnpd 1.8.20130730-1 (bug #716936)
 CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonC ...)
 	NOT-FOR-US: Qualcomm (Android)
@@ -13628,8 +13622,7 @@ CVE-2013-2257
 CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 do ...)
 	- nova 2013.1.2-3 (bug #718905)
 	[wheezy] - nova <not-affected> (Affected code not present)
-CVE-2013-2255 [Inconsistent and non-validating HTTPS client]
-	RESERVED
+CVE-2013-2255 (HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, ...)
 	- keystone 2014.1-1
 	[wheezy] - keystone <no-dsa> (Minor issue)
 	- swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
@@ -13716,8 +13709,7 @@ CVE-2013-2228 [RSA exponent of 1]
 	RESERVED
 	- salt 0.15.1-1
 	NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3
-CVE-2013-2227 [local file inclusion]
-	RESERVED
+CVE-2013-2227 (GLPI 0.83.7 has Local File Inclusion in common.tabs.php. ...)
 	- glpi 0.83.91-1 (bug #714720; unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow rem ...)
@@ -15824,8 +15816,7 @@ CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-
 	{DSA-2641-1}
 	- perl 5.14.2-19 (bug #702296)
 	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
-CVE-2013-1666
-	RESERVED
+CVE-2013-1666 (Foswiki before 1.1.8 contains a code injection vulnerability in the MA ...)
 	- foswiki <itp> (bug #509864)
 CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...)
 	{DSA-2634-1}
@@ -19754,8 +19745,7 @@ CVE-2013-0191 (libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL
 	NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/
 CVE-2013-0187 (Foreman before 1.1 allows remote authenticated users to gain privilege ...)
 	- foreman <itp> (bug #663101)
-CVE-2013-0186
-	RESERVED
+CVE-2013-0186 (Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM al ...)
 	NOT-FOR-US: ManageIQ EVM (CloudForms)
 CVE-2013-0185 (Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise ...)
 	NOT-FOR-US: ManageIQ EVM (CloudForms)
@@ -19774,16 +19764,15 @@ CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not pro
 	NOT-FOR-US: Drupal module Payment
 CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API (s ...)
 	NOT-FOR-US: Drupal module search_api
-CVE-2013-0180
-	RESERVED
+CVE-2013-0180 (Insecure temporary file vulnerability in Redis 2.6 related to /tmp/red ...)
+	TODO: check
 CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and  ...)
 	- memcached 1.4.13-0.2 (low; bug #698231)
 	[squeeze] - memcached 1.4.5-1+deb6u1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054
 	NOTE: https://code.google.com/p/memcached/issues/detail?id=306
 	NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
-CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swap file]
-	RESERVED
+CVE-2013-0178 (Insecure temporary file vulnerability in Redis before 2.6 related to / ...)
 	- redis 2:2.6.0-1 (low)
 	[squeeze] - redis <no-dsa> (Minor issue)
 	[wheezy] - redis <no-dsa> (Minor issue)
@@ -19842,8 +19831,7 @@ CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privil
 CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d do ...)
 	{DSA-2621-1}
 	- openssl 1.0.1e-1 (bug #699889)
-CVE-2013-0165
-	RESERVED
+CVE-2013-0165 (cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in  ...)
 	NOT-FOR-US: OpenShift
 CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Re ...)
 	NOT-FOR-US: OpenShift
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 6ca7c9685b..f9245f92bb 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -6,10 +6,10 @@ CVE-2019-18656 (Pimcore 6.2.3 has XSS in the translations grid because bundles/A
 	NOT-FOR-US: Pimcore
 CVE-2019-18655
 	RESERVED
-CVE-2019-18654
-	RESERVED
-CVE-2019-18653
-	RESERVED
+CVE-2019-18654 (A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet S ...)
+	TODO: check
+CVE-2019-18653 (A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, In ...)
+	TODO: check
 CVE-2019-18652
 	RESERVED
 CVE-2019-18651
@@ -42,8 +42,8 @@ CVE-2019-18638
 	RESERVED
 CVE-2019-18637
 	RESERVED
-CVE-2019-18636
-	RESERVED
+CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka A ...)
+	TODO: check
 CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...)
 	NOT-FOR-US: Mooltipass Moolticute
 CVE-2019-18634
@@ -3820,10 +3820,10 @@ CVE-2019-16910 (Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, whe
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-10
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/298a43a77ec0ed2c19a8c924ddd8571ef3e65dfd (2.7.12)
 	NOTE: https://github.com/ARMmbed/mbedtls/commit/33f66ba6fd234114aa37f0209dac031bb2870a9b (2.16.3)
-CVE-2019-16909
-	RESERVED
-CVE-2019-16908
-	RESERVED
+CVE-2019-16909 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
+	TODO: check
+CVE-2019-16908 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
+	TODO: check
 CVE-2019-16907 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
 	NOT-FOR-US: Infosysta
 CVE-2019-16906 (An issue was discovered in the Infosysta "In-App &amp; Desktop Notific ...)
@@ -6913,8 +6913,8 @@ CVE-2019-15590
 	RESERVED
 CVE-2019-15589
 	RESERVED
-CVE-2019-15588
-	RESERVED
+CVE-2019-15588 (There is an OS Command Injection in Nexus Repository Manager &lt;= 2.1 ...)
+	TODO: check
 CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may o ...)
 	{DSA-4554-1}
 	- ruby-loofah 2.3.1+dfsg-1 (bug #942894)
@@ -14133,8 +14133,8 @@ CVE-2019-12754 (Symantec My VIP portal, previous version which has already been
 	NOT-FOR-US: Symantec My VIP portal
 CVE-2019-12753 (An information disclosure vulnerability in Symantec Reporter web UI 10 ...)
 	NOT-FOR-US: Symantec
-CVE-2019-12752
-	RESERVED
+CVE-2019-12752 (The Symantec SONAR component, prior to 12.0.2, may be susceptible to a ...)
+	TODO: check
 CVE-2019-12751 (Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a p ...)
 	NOT-FOR-US: Symantec
 CVE-2019-12750 (Symantec Endpoint Protection, prior to 14.2 RU1 &amp; 12.1 RU6 MP10 an ...)
@@ -20775,7 +20775,7 @@ CVE-2019-10209 (Postgresql, versions 11.x before 11.5, is vulnerable to a memory
 	- postgresql-9.6 <not-affected> (Only affects PostgreSQL 11)
 	- postgresql-9.4 <not-affected> (Only affects PostgreSQL 11)
 	NOTE: https://www.postgresql.org/about/news/1960/
-CVE-2019-10208 (A flaw was discovered in postgresql where arbitrary SQL statements can ...)
+CVE-2019-10208 (A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5. ...)
 	{DSA-4493-1 DSA-4492-1 DLA-1874-1}
 	- postgresql-11 11.5-1
 	- postgresql-9.6 <removed>
@@ -25740,6 +25740,7 @@ CVE-2019-8764
 	RESERVED
 CVE-2019-8763
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -25808,6 +25809,7 @@ CVE-2019-8734
 	RESERVED
 CVE-2019-8733
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -25848,6 +25850,7 @@ CVE-2019-8720
 	NOTE: https://webkitgtk.org/security/WSA-2019-0005.html
 CVE-2019-8719
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -25876,6 +25879,7 @@ CVE-2019-8708
 	RESERVED
 CVE-2019-8707
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -26021,6 +26025,7 @@ CVE-2019-8675 [stack-buffer-overflow in libcups's asn1_get_type function]
 	NOTE: https://github.com/apple/cups/commit/f24e6cf6a39300ad0c3726a41a4aab51ad54c109
 CVE-2019-8674
 	RESERVED
+	{DSA-4515-1}
 	- webkit2gtk 2.24.4-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -30896,10 +30901,10 @@ CVE-2019-6660
 	RESERVED
 CVE-2019-6659
 	RESERVED
-CVE-2019-6658
-	RESERVED
-CVE-2019-6657
-	RESERVED
+CVE-2019-6658 (On BIG-IP AFM 15.0.0-15.0.1, 14.0.0-14.1.2, 13.1.0-13.1.3.1, and 12.1. ...)
+	TODO: check
+CVE-2019-6657 (On BIG-IP 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, a refle ...)
+	TODO: check
 CVE-2019-6656 (BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs t ...)
 	NOT-FOR-US: F5
 CVE-2019-6655 (On versions 13.0.0-13.1.0.1, 12.1.0-12.1.4.1, 11.6.1-11.6.4, and 11.5. ...)