Salvatore Bonaccorso · Salvatore Bonaccorso · 7330dcde
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -240,8 +240,12 @@ CVE-2019-11501
 	RESERVED
 CVE-2019-11500
 	RESERVED
-CVE-2019-11499
+CVE-2019-11499 [Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent]
 	RESERVED
+	- dovecot <unfixed>
+	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115758.html
 CVE-2019-11498 (WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack t ...)
 	- wavpack 5.1.0-6 (low; bug #927903)
 	[stretch] - wavpack <no-dsa> (Minor issue)
@@ -253,8 +257,12 @@ CVE-2019-11496
 	RESERVED
 CVE-2019-11495
 	RESERVED
-CVE-2019-11494
+CVE-2019-11494 [Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.]
 	RESERVED
+	- dovecot <unfixed>
+	[stretch] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	[jessie] - dovecot <not-affected> (Vulnerable code not present, introduced in 2.3)
+	NOTE: https://dovecot.org/pipermail/dovecot/2019-April/115757.html
 CVE-2019-11493 (VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pd ...)
 	NOT-FOR-US: VeryPDF
 CVE-2019-11492 (ProjectSend before r1070 writes user passwords to the server logs. ...)