Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -347,11 +347,13 @@ CVE-2019-11374 (74CMS v5.0.1 has a CSRF vulnerability to add a new admin user vi
 CVE-2019-11373 (An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer ...)
 	- libmediainfo <unfixed> (low; bug #927672)
 	[stretch] - libmediainfo <no-dsa> (Minor issue)
+	[jessie] - libmediainfo <no-dsa> (Minor issue)
 	NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
 	NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
 CVE-2019-11372 (An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test ...)
 	- libmediainfo <unfixed> (low; bug #927672)
 	[stretch] - libmediainfo <no-dsa> (Minor issue)
+	[jessie] - libmediainfo <no-dsa> (Minor issue)
 	NOTE: https://github.com/MediaArea/MediaInfoLib/pull/1111
 	NOTE: https://sourceforge.net/p/mediainfo/bugs/1101/
 CVE-2019-11371 (BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow vi ...)
@@ -72557,6 +72559,7 @@ CVE-2018-3979 (A remote denial-of-service vulnerability exists in the way the No
 	- xserver-xorg-video-nouveau <unfixed> (low)
 	[buster] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	[stretch] - xserver-xorg-video-nouveau <ignored> (Minor issue)
+	[jessie] - xserver-xorg-video-nouveau <ignored> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647
 CVE-2018-3978 (An exploitable out-of-bounds write vulnerability exists in the Word Do ...)
 	NOT-FOR-US: Atlantis Word Processor
@@ -87520,6 +87523,7 @@ CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a di
 CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP response f ...)
 	- node-fresh <unfixed> (bug #927715)
 	[stretch] - node-fresh <ignored> (Nodejs in stretch not covered by security support)
+	[jessie] - node-fresh <ignored> (Nodejs in jessie not covered by security support)
 	NOTE: https://nodesecurity.io/advisories/526
 CVE-2017-16118 (The forwarded module is used by the Express.js framework to handle the ...)
 	NOT-FOR-US: forwarded nodejs module
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -9,6 +9,8 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues

+--
+389-ds-base
 --
 axis
 --
@@ -42,6 +44,8 @@ gradle
  NOTE: 20190412: unless you believe http->https would cause significant breakage;
  NOTE: 20190412: ajax.googleapis.com's SSL cert appears well supported in jessie
 --
+graphicsmagick
+--
 hdf5 (Hugo Lefeuvre)
  NOTE: requires some prior triage, almost all cves undetermined.
  NOTE: contacted hdf5 upstream, received information, currently updating the tracker.
@@ -59,8 +63,14 @@ imagemagick (Roberto C. Sánchez)
 jinja2 (Hugo Lefeuvre)
  NOTE: 20190416: https://lists.debian.org/debian-lts/2019/04/msg00107.html
 --
+jquery
+  NOTE: 20190425: probably embedded versions need to be checked as well
+--
 jruby
 --
+kdepim
+  NOTE: 20190425: not yet fixed upstream
+--
 libav
  NOTE: 20190401: There are currently 20 CVE issues known for libav in jessie,
  NOTE: 20190401: 11 tagged as <no-dsa>. These issues have been triaged, no patch
@@ -88,6 +98,8 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
+mercurial
+--
 polarssl
  NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
 --