data/CVE/list

@@ -410,7 +410,9 @@ CVE-2018-1000164 [Improper neutralization of CRLF Sequences http/wsgi.py:process
 CVE-2018-1000161 [directory traversal in the way the non-default http-fetch script sanitized URLs]
 	- nmap 7.70+dfsg1-1
 	[stretch] - nmap <no-dsa> (Minor issue)
-	[jessie] - nmap <no-dsa> (Minor issue)
+	[jessie] - nmap <not-affected> (Vulnerable code not present)
+	[wheezy] - nmap <not-affected> (Vulnerable code not present)
+	NOTE: script added in 6.49BETA6 according to https://bugzilla.novell.com/show_bug.cgi?id=CVE-2018-1000161
 CVE-2018-1000157
 	REJECTED
 CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the standard ...)
@@ -19320,6 +19322,7 @@ CVE-2018-2767 [Use of SSL/TLS not enforced in client library (Return of BACKRONY
 	- mysql-5.7 <unfixed>
 	- mysql-5.5 <removed>
 	[jessie] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
+	[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
 	NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
 	NOTE: Oracle products.
@@ -23843,6 +23846,7 @@ CVE-2018-1100 [check bounds on buffer in mail checking]
 	- zsh 5.5-1 (bug #895225)
 	[stretch] - zsh <no-dsa> (Minor issue)
 	[jessie] - zsh <no-dsa> (Minor issue)
+	[wheezy] - zsh <no-dsa> (Minor issue)
 	NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
 	NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
 CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An ...)

data/dla-needed.txt

@@ -93,6 +93,8 @@ sharutils (Abhijith PA)
 --
 slurm-llnl (Thorsten Alteholz)
 --
+squirrelmail
+--
 tiff (Hugo Lefeuvre)
   NOTE: incomplete fix of CVE-2017-18013, see CVE-2018-7456.
 --