data/DLA/list

+[20 Dec 2018] DLA-1611-2 libav - security update
+	{CVE-2015-6822 CVE-2015-6823 CVE-2015-6824}
+	[jessie] - libav 6:11.12-1~deb8u3
 [19 Dec 2018] DLA-1611-1 libav - security update
-	{CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191}
+	{CVE-2014-9317 CVE-2015-6761 CVE-2015-6818 CVE-2015-6820 CVE-2015-6821 CVE-2015-6822 CVE-2015-6825 CVE-2015-6826 CVE-2015-8216 CVE-2015-8217 CVE-2015-8363 CVE-2015-8364 CVE-2015-8661 CVE-2015-8662 CVE-2015-8663 CVE-2016-10190 CVE-2016-10191}
 	[jessie] - libav 6:11.12-1~deb8u2
 [17 Dec 2018] DLA-1610-1 sleuthkit - security update
 	{CVE-2018-19497}

data/dla-needed.txt

@@ -63,10 +63,10 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181206: CVE-2016-9824: no patch available, PoC available (needs testing), currently <no-dsa>
   NOTE: 20181206: CVE-2016-9825: no patch available, PoC available (needs testing), currently <ignored>
   NOTE: 20181206: CVE-2016-9826: no patch available, PoC available (needs testing), currently <ignored>
-  NOTE: 20181220: Due to a flaw in security-tracker, CVE-2015-6823 and CVE-2015-6824 are not fixed in
-  NOTE: 20181220: +deb8u2 as mentioned in the changelog. The CVE/list file has now been updated with the
-  NOTE: 20181220: correct patches.
---
+  NOTE: 20181220: All CVEs from 2015 and 2016 that have been +/- "easily" addressable have been uploaded (+deb8u3).
+  NOTE: 20181220: Markus Koschany will now work on CVEs from 2017 and 2018 at the end of December.
+  NOTE: 20181220: Then, in January, we will see what's left and if anything else is "easily" doable.
+---
 libphp-phpmailer
   NOTE: 20181217: https://lists.debian.org/debian-lts/2018/12/msg00026.html
   NOTE: 20181218: $this->DKIM_private_string introduced in 5.2.17. (abhijith)