data/CVE/list

@@ -143998,7 +143998,8 @@ CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmp
 CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
-	- libav <undetermined>
+	- libav <removed>
+	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
 CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
 	- ffmpeg 7:2.7.2-1
 	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)

data/dla-needed.txt

@@ -26,8 +26,9 @@ libav (Markus Koschany, Mike Gabriel)
   NOTE: 20181129: "undetermined" issues. Then we can decide what CVE should be fixed ASAP.
   NOTE: 20181130: Adding my self as co-worker. Coordination of CVEs to be worked on: IRC
   NOTE: 20181130: #debian-lts.
-  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (for now)
-  NOTE: 20181130: CVE-2015-6818: patch available, issue untested, vulnerable
+  NOTE: 20181130: CVE-2015-6761: patch available, issue non-reproducible, vulnerable (maybe: not-affected instead)
+  NOTE: 20181130: CVE-2015-6818: patch available, issue untested (no PoC), vulnerable
+  NOTE: 20181130: CVE-2015-6820: patch available, issue untested (no PoC), vulnerable
 --
 libsndfile (Hugo Lefeuvre)
   NOTE: 20181123: CVE-2018-19432 minor but several older CVEs triaged no-dsa (such as CVE-2017-8361)