mujs entered the archive, recheck some older CVEs

1 files changed, 28 insertions, 13 deletions

diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index e21273c8ba..271df30719 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -2574,11 +2574,17 @@ CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote at
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
 	NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6
 CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697448
 CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697401
 CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697381
 CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...)
 	- codeigniter <itp> (bug #471583)
 CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...)
@@ -5613,7 +5619,9 @@ CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old ver
 	NOTE: https://sourceforge.net/p/p7zip/bugs/185/
 	NOTE: no security impact
 CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697172
+	NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=5008105780c0b0182ea6eda83ad5598f225be3ee
 CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...)
 	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
 CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...)
@@ -5975,7 +5983,8 @@ CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented a
 	NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
 	NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
 CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697244
 CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...)
@@ -6090,9 +6099,9 @@ CVE-2016-9090
 CVE-2016-9089
 	RESERVED
 CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
 CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
 CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...)
 	- gajim-otr <itp> (bug #722130)
 	NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
@@ -6356,7 +6365,8 @@ CVE-2016-9019 (SQL injection vulnerability in the activate_address function in f
 CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows a ...)
 	NOT-FOR-US: RealPlayer
 CVE-2016-9017 (Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697171
 CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vul ...)
 	- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
 CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x bef ...)
@@ -10310,9 +10320,11 @@ CVE-2016-7566
 CVE-2016-7565 (install/index.php in Exponent CMS 2.3.9 allows remote attackers to exe ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697137
 CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to c ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697136
 CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
 	- ffmpeg 7:3.1.4-1 (bug #840434)
 	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804 (n3.1.4)
@@ -10403,11 +10415,14 @@ CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 al
 	- glpi <removed> (unimportant)
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp  ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697141
 CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of Arti ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697140
 CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
-	NOT-FOR-US: MuJS
+	- mujs <not-affected> (Fixed before initial upload to Debian)
+	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697142
 CVE-2016-7503
 	RESERVED
 CVE-2016-7502 (The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before ...)