libsass triage

1 files changed, 7 insertions, 16 deletions

diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index f976aaf924..de73047cc4 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -16940,16 +16940,11 @@ CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in l
 CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...)
 	NOT-FOR-US: Apache2Triad
 CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered  ...)
-	- libsass <undetermined> (low; bug #873034)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
+	NOTE: Bogus report against historic libsass version
 CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...)
-	- libsass <undetermined> (low; bug #873034)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
-	NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed
-	NOTE: with the upstream patch for CVE-2017-11555.
+	NOTE: Bogus report against historic libsass version
 CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...)
-	- libsass <undetermined> (low; bug #873034)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
+	NOTE: Bogus report against historic libsass version
 CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...)
 	- pspp 1.0.1-1 (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436
@@ -20906,8 +20901,7 @@ CVE-2017-11607
 CVE-2017-11606
 	RESERVED
 CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...)
-	- libsass <undetermined> (bug #870184)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019
+	NOTE: Bogus report against historic libsass version
 CVE-2017-11604
 	RESERVED
 CVE-2017-11603
@@ -21711,11 +21705,9 @@ CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHIC
 	[wheezy] - chicken <no-dsa> (Minor issue)
 	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
 CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...)
-	- libsass <undetermined> (bug #868577)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722
+	NOTE: Bogus report against historic libsass version
 CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5.  ...)
-	- libsass <undetermined> (bug #868577)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
+	NOTE: Bogus report against historic libsass version
 CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...)
 	- exiv2 <not-affected> (Vulnerable code introduced after 0.25; only affected experimental; bug #868578)
 	NOTE: https://github.com/Exiv2/exiv2/issues/53
@@ -23672,8 +23664,7 @@ CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDir
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712
 	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
 CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...)
-	- libsass <undetermined> (low; bug #866672)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
+	NOTE: Bogus report against historic libsass version
 CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
 	{DLA-1041-1}
 	- nasm 2.13.02-0.1 (bug #867988)