data/CVE/list

@@ -5,7 +5,16 @@ CVE-2018-7189
 CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...)
 	NOT-FOR-US: Tiki
 CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure ...)
-	TODO: check
+	- golang-1.10 <unfixed>
+	- golang-1.9 <unfixed>
+	- golang-1.8 <unfixed>
+	[stretch] - golang-1.8 <ignored> (Minor issue)
+	- golang-1.7 <unfixed>
+	[stretch] - golang-1.7 <ignored> (Minor issue)
+	- golang <removed>
+	[jessie] - golang <ignored> (Minor issue)
+	NOTE: https://github.com/golang/go/issues/23867
+	NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
 CVE-2018-7185
 	RESERVED
 CVE-2018-7184
@@ -1631,10 +1640,14 @@ CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases
 	- golang-1.10 1.10~rc2-1
 	- golang-1.9 1.9.4-1
 	- golang-1.8 <unfixed>
+	[stretch] - golang-1.8 <ignored> (Minor issue)
 	- golang-1.7 <unfixed>
+	[stretch] - golang-1.7 <ignored> (Minor issue)
 	- golang <removed>
+	[jessie] - golang <ignored> (Minor issue)
 	NOTE: https://github.com/golang/go/issues/23672
-	NOTE: similar to CVE-2017-15041, which was fixed in wheezy, but no-dsa in jessie and ignored in stretch
+	NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
+	NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
 CVE-2018-6573
 	RESERVED
 CVE-2018-6572