data/CVE/list

@@ -580,12 +580,13 @@ CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) softwa
 CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to the ...)
 	NOT-FOR-US: K7 Total Security
 CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not ...)
-	- coreutils <unfixed>
+	- coreutils <unfixed> (unimportant)
 	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
 	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
 	NOTE: Documentation patches proposed:
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
 	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
+	NOT-FOR-US: Neutralised by kernel hardening
 CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast ...)
 	NOT-FOR-US: Online Ticket Booking
 CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename ...)
@@ -3307,6 +3308,8 @@ CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink t
 	NOTE: https://github.com/syncthing/syncthing/issues/4286
 CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar ...)
 	- phpbb3 <removed>
+	[jessie] - phpbb3 <not-affected> (Vulnerable code not present)
+	[wheezy] - phpbb3 <not-affected> (Vulnerable code not present)
 CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
 	- wildmidi 0.4.2-1 (bug #886503)
 	[stretch] - wildmidi <no-dsa> (Minor issue)

data/dsa-needed.txt

@@ -14,6 +14,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 --
 389-ds-base (fw)
 --
+awstats
+--
 chromium-browser/stable
 --
 gdk-pixbuf