Luciano Bello · Luciano Bello · ea3ccaff
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -15,7 +15,8 @@ CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter &quot;file&quot; in the
 CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
 	NOT-FOR-US: YzmCMS
 CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...)
-	TODO: check
+	NOT-FOR-US: Zonemaster Web GUI
+	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
 CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
 	NOT-FOR-US: Exponent CMS
 CVE-2017-18214 [Regular Expression Denial of Service]
@@ -307,7 +308,10 @@ CVE-2018-1000105
 CVE-2018-1000104
 	NOT-FOR-US: Jenkins plugin
 CVE-2018-7567 (In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 ...)
-	TODO: check
+	- otrs2 6.0.2-1
+	[stretch] - otrs2 <no-dsa> (non-free not supported)
+	NOTE: PoC https://0day.today/exploit/29938
+	NOTE: According with the reporter, affects "5.0.0 through 5.0.24 and 6.0.0 through 6.0.1".
 CVE-2018-7566 [ALSA: seq: Fix racy pool initializations]
 	RESERVED
 	- linux <unfixed>