associate various JerryScript NFUs with iotjs, marked as <unfixed> initially

author: Moritz Muehlenhoff <jmm@debian.org> 2020-12-13 20:14:28 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2020-12-13 20:14:28 +0100
commit: d9d900c410fa9cf4dd9d975e26e4471eda4524f1 (patch)
tree: 030035f2c7b6b6045b6aa78596b4bd529da16b3e /data/CVE/2017.list
parent: d8a28570b583218ef96893414fb5c7bf8f6345d0 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 26c2b114fc..420b509d91 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1725,7 +1725,8 @@ CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regula
 	NOTE: https://nodesecurity.io/advisories/532
 	NOTE: nodejs not covered by security support
 CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
-	NOT-FOR-US: JerryScript
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2140
 CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was fou ...)
 	{DLA-2366-1}
 	- imagemagick 8:6.9.9.34+dfsg-3 (low)
@@ -12012,7 +12013,8 @@ CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, relat
 CVE-2017-14750
 	RESERVED
 CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...)
-	NOT-FOR-US: JerryScript
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008
 CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...)
 	NOT-FOR-US: Blizzard Overwatch
 CVE-2017-14747
author	Moritz Muehlenhoff <jmm@debian.org>	2020-12-13 20:14:28 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2020-12-13 20:14:28 +0100
commit	d9d900c410fa9cf4dd9d975e26e4471eda4524f1 (patch)
tree	030035f2c7b6b6045b6aa78596b4bd529da16b3e /data/CVE/2017.list
parent	d8a28570b583218ef96893414fb5c7bf8f6345d0 (diff)