Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · ae7d65ea
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36132,13 +36132,16 @@ CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a dir
 CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal ...)
 	TODO: check
 CVE-2017-16138 (The mime module is vulnerable to regular expression denial of service ...)
-	- node-mime <unfixed> (unimportant)
+	- node-mime <unfixed> (unimportant; bug #901277)
 	NOTE: https://github.com/broofa/node-mime/issues/167
 	NOTE: https://nodesecurity.io/advisories/535
 	NOTE: https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x)
 	NOTE: https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x)
+	NOTE: nodejs not covered by security support
 CVE-2017-16137 (The debug module is vulnerable to regular expression denial of service ...)
-	TODO: check
+	- node-debug 3.1.0-1 (unimportant)
+	NOTE: https://nodesecurity.io/advisories/534
+	NOTE: nodejs not covered by security support
 CVE-2017-16136 (method-override is a module used by the Express.js framework to let ...)
 	TODO: check
 CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to a ...)