Salvatore Bonaccorso · Salvatore Bonaccorso · 3fd66586
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -9005,6 +9005,11 @@ CVE-2018-10887 (A flaw was found in libgit2 before version 0.27.3. It has been .
 	- libgit2 <unfixed> (bug #903509)
 	NOTE: https://github.com/libgit2/libgit2/commit/3f461902dc1072acb8b7607ee65d0a0458ffac2a
 	NOTE: https://github.com/libgit2/libgit2/commit/c1577110467b701dcbcf9439ac225ea851b47d22
+CVE-2018-XXXX [Incomplete fix for CVE-2018-10886]
+	- ant 1.10.5-1
+	[stretch] - ant <not-affected> (Incomplete fix for CVE-2018-10886 not applied)
+	NOTE: https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645d
+	NOTE: https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a6300
 CVE-2018-10886 (ant before version 1.9.12 unzip and untar targets allows the ...)
 	{DLA-1431-1}
 	- ant 1.10.4-1
@@ -28635,9 +28640,9 @@ CVE-2018-3773
 CVE-2018-3772
 	RESERVED
 CVE-2018-3771 (An XSS in statics-server &lt;= 0.0.9 can be used via injected iframe in ...)
-	TODO: check
+	NOT-FOR-US: statics-server nodejs module
 CVE-2018-3770 (A path traversal exists in markdown-pdf version &lt;9.0.0 that allows a ...)
-	TODO: check
+	NOT-FOR-US: markdown-pdf nodejs module
 CVE-2018-3769 (ruby-grape ruby gem suffers from a cross-site scripting (XSS) ...)
 	- ruby-grape <unfixed> (bug #903086)
 	[stretch] - ruby-grape <no-dsa> (Minor issue)