associate various JerryScript NFUs with iotjs, marked as <unfixed> initially

1 files changed, 6 insertions, 3 deletions

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index e0cad33115..de3867897a 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -15291,7 +15291,8 @@ CVE-2018-1000639 (LatexDraw version <=4.0 contains a XML External Entity (XXE
 CVE-2018-1000638 (MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerabilit ...)
 	NOT-FOR-US: MiniCMS
 CVE-2018-1000636 (JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726 ...)
-	NOT-FOR-US: JerryScript
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2435
 CVE-2018-1000635 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
 	NOT-FOR-US: Open Microscopy Environment
 CVE-2018-1000634 (The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 co ...)
@@ -26148,9 +26149,11 @@ CVE-2018-11421 (Moxa OnCell G3100-HSPA Series version 1.6 Build 17100315 and pri
 CVE-2018-11420 (There is Memory corruption in the web interface of Moxa OnCell G3100-H ...)
 	NOT-FOR-US: Moxa
 CVE-2018-11419 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
-	NOT-FOR-US: JerryScript
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2230
 CVE-2018-11418 (An issue was discovered in JerryScript 1.0. There is a heap-based buff ...)
-	NOT-FOR-US: JerryScript
+	- iotjs <unfixed>
+	NOTE: https://github.com/jerryscript-project/jerryscript/issues/2237
 CVE-2018-11417
 	RESERVED
 CVE-2018-11416 (jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of  ...)