From 54b9e391d12eef4f712c6795023f8494bc11c395 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 31 Aug 2017 17:13:27 +0000
Subject: Workaround dcl issues due to source package name takeover

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@55325 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 data/CVE/2002.list | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'data/CVE/2002.list')

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 0efbbaa528..3d28749420 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -2485,9 +2485,15 @@ CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuratio
 CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
 	NOT-FOR-US: WebSecure
 CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
-	- dcl 1:0.9.2-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.2-1
 CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
-	- dcl 1:0.9.2-1
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/1:0.9.2-1
 CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
 	NOT-FOR-US: Fluid Dynamics
 CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
@@ -3524,7 +3530,10 @@ CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allo
 CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
 	NOT-FOR-US: Watchguard Firebox firmware
 CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
-	- dcl 20020706
+	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
+	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
+	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
+	NOTE: Original issue fixed in dcl/20020706
 CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Omnicron OmniHTTPd
 CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)
-- 
cgit v1.2.3