From 85125a6abcb1e919cafb23566e559f0d55ee2605 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 25 Feb 2021 21:59:00 +0100
Subject: Replace some jenkins specific NFUs to the source package

---
 data/CVE/2018.list | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

(limited to 'data/CVE/2018.list')

diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 1d74d94326..f5fa559205 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1301,7 +1301,7 @@ CVE-2018-20744 (The Olivier Poitrey Go CORS handler through 1.3.0 actively conve
 CVE-2018-20742 (An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01.  ...)
 	NOT-FOR-US: UC Berkeley RISE Opaque
 CVE-2018-1000997 (A path traversal vulnerability exists in the Stapler web framework use ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-20741
 	RESERVED
 CVE-2018-20740
@@ -1495,15 +1495,15 @@ CVE-2018-1000412 (An improper authorization vulnerability exists in Jenkins Jira
 CVE-2018-1000411 (A cross-site request forgery vulnerability exists in Jenkins JUnit Plu ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000410 (An information exposure vulnerability exists in Jenkins 2.145 and earl ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000409 (A session fixation vulnerability exists in Jenkins 2.145 and earlier,  ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000408 (A denial of service vulnerability exists in Jenkins 2.145 and earlier, ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000407 (A cross-site scripting vulnerability exists in Jenkins 2.145 and earli ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000406 (A path traversal vulnerability exists in Jenkins 2.145 and earlier, LT ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-20683 (commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsyn ...)
 	- gitolite3 3.6.11-1 (bug #918849)
 	[stretch] - gitolite3 <no-dsa> (Minor issue)
@@ -3725,17 +3725,17 @@ CVE-2018-20010 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-accoun
 CVE-2018-20009 (DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Prov ...)
 	NOT-FOR-US: DomainMOD
 CVE-2018-1000866 (A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59  ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000865 (A sandbox bypass vulnerability exists in Script Security Plugin 1.47 a ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000864 (A denial of service vulnerability exists in Jenkins 2.153 and earlier, ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000863 (A data modification vulnerability exists in Jenkins 2.153 and earlier, ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000862 (An information exposure vulnerability exists in Jenkins 2.153 and earl ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000861 (A code execution vulnerability exists in the Stapler web framework use ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-20008 (iBall Baton iB-WRB302N20122017 devices have improper access control ov ...)
 	NOT-FOR-US: iBall Baton iB-WRB302N20122017 devices
 CVE-2018-20007 (Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access con ...)
@@ -18459,19 +18459,19 @@ CVE-2018-14391
 CVE-2018-14390
 	RESERVED
 CVE-2018-1999001 (A unauthorized modification of configuration vulnerability exists in J ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999002 (A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999003 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999004 (A Improper authorization vulnerability exists in Jenkins 2.132 and ear ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999005 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999006 (A exposure of sensitive information vulnerability exists in Jenkins 2. ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1999007 (A cross-site scripting vulnerability exists in Jenkins 2.132 and earli ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-14389 (joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val ...)
 	NOT-FOR-US: joyplus-cms
 CVE-2018-14388 (joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_de ...)
@@ -25059,11 +25059,11 @@ CVE-2018-1000197 (An improper authorization vulnerability exists in Jenkins Blac
 CVE-2018-1000196 (A exposure of sensitive information vulnerability exists in Jenkins Gi ...)
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-1000195 (A server-side request forgery vulnerability exists in Jenkins 2.120 an ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000194 (A path traversal vulnerability exists in Jenkins 2.120 and older, LTS  ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-1000193 (A improper neutralization of control sequences vulnerability exists in ...)
-	NOT-FOR-US: Jenkins
+	- jenkins <removed>
 CVE-2018-12015 (In Perl through 5.26.2, the Archive::Tar module allows remote attacker ...)
 	{DSA-4226-1}
 	- perl 5.26.2-6 (bug #900834)
-- 
cgit v1.2.3