NFUs

add explicit status for older libidn2-0 src pkg name

4 files changed, 20 insertions, 19 deletions

diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 5803fcdf2b..d0cebc29cc 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -11,7 +11,7 @@ CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmw
 CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...)
 	NOT-FOR-US: Dataprobe iBootBar
 CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in  ...)
-	TODO: check
+	NOT-FOR-US: feed-proxy.php
 CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...)
 	NOT-FOR-US: GE Healthcare Centricity DMS
 CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index dc4f61515b..c66fc8ca88 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1050,7 +1050,7 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi
 	NOTE: http://secunia.com/advisories/49889/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...)
-	TODO: check
+	NOT-FOR-US: Soapbox
 CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...)
 	NOT-FOR-US: Android browser
 CVE-2012-6300
@@ -2399,7 +2399,7 @@ CVE-2012-5778
 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...)
 	NOT-FOR-US: EmpireCMS
 CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in  ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2012-5775
 	REJECTED
 CVE-2012-5774
@@ -2585,7 +2585,7 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN
 CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature  ...)
 	NOT-FOR-US: TP-LINK TL-WR841N router
 CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...)
-	TODO: check
+	NOT-FOR-US: ZPanel
 CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...)
 	NOT-FOR-US: ZPanel
 CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier  ...)
@@ -12899,9 +12899,9 @@ CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x befor
 	{DSA-2423-1}
 	- movabletype-opensource 5.1.3+dfsg-1
 CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers  ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
 	RESERVED
 	{DSA-2424-1}
@@ -14171,7 +14171,7 @@ CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access
 	- nvidia-graphics-drivers 295.40-1
 	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
 CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...)
-	TODO: check
+	NOT-FOR-US: whoopsie-daisy
 CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does  ...)
 	- aptdaemon 0.43+bzr790-1
 	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index cf85331602..ce2e1922e8 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -6152,15 +6152,15 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri
 CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...)
 	NOT-FOR-US: DotNetNuke
 CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...)
-	TODO: check
+	NOT-FOR-US: Evernote
 CVE-2013-5115
 	RESERVED
 CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...)
-	TODO: check
+	NOT-FOR-US: LastPass
 CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...)
-	TODO: check
+	NOT-FOR-US: LastPass
 CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...)
-	TODO: check
+	NOT-FOR-US: Evernote
 CVE-2013-5111
 	RESERVED
 CVE-2013-5110
@@ -12432,11 +12432,11 @@ CVE-2013-2680
 CVE-2013-2679
 	RESERVED
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2677
 	RESERVED
 CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
-	TODO: check
+	NOT-FOR-US: Brother
 CVE-2013-2675
 	RESERVED
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
@@ -12535,7 +12535,7 @@ CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.14
 	- libv8-3.14 <removed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
 CVE-2013-2631 (TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure ...)
-	TODO: check
+	NOT-FOR-US: TinyWebGallery
 CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12 ...)
 	NOT-FOR-US: CA Service Desk Manager
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
@@ -12552,7 +12552,7 @@ CVE-2013-2625 (An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1
 	NOTE: DSA-2733-1
 	NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
 CVE-2013-2624 (Telean before 1.3.1 contains a full path disclosure vulnerability whic ...)
-	TODO: check
+	NOT-FOR-US: Telean
 CVE-2013-2623 (Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attack ...)
 	NOT-FOR-US: Uebimiau Webmail
 CVE-2013-2622 (Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remot ...)
@@ -12663,7 +12663,7 @@ CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to t
 CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...)
 	NOT-FOR-US: TP-Link
 CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
-	TODO: check
+	NOT-FOR-US: Xpient point of sale (POS)
 CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
 	NOT-FOR-US: Zavio
 CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...)
@@ -12951,7 +12951,7 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a
 	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274
 	NOTE: Versions affected: 1.8.0 to 1.8.5
 CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...)
-	TODO: check
+	NOT-FOR-US: AWS XMS
 CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
 	{DSA-2727-1 DSA-2722-1}
 	- openjdk-6 6b27-1.12.6-1
@@ -16444,7 +16444,7 @@ CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php,
 	{DSA-2633-1}
 	- fusionforge 5.2.1+20130227-1
 CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...)
-	TODO: check
+	- webcalendar <removed>
 CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar  ...)
 	- webcalendar <removed>
 CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...)
@@ -19283,7 +19283,7 @@ CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SS
 	- sssd <not-affected> (Introduced in 1.9.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
 CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...)
-	TODO: check
+	NOT-FOR-US: Wordpress theme
 CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before  ...)
 	NOT-FOR-US: nori Ruby gem
 CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 272ac626b8..3643067da7 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -5647,6 +5647,7 @@ CVE-2019-18225 (An issue was discovered in Citrix Application Delivery Controlle
 CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a hea ...)
 	{DSA-4613-1}
 	- libidn2 2.2.0-1 (bug #942895)
+	- libidn2-0 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420
 	NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
 CVE-2019-18223