Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -9,6 +9,12 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues

+--
+checkstyle
+  NOTE: CVE-2019-9658: changes appear to involve compatibility breakage, handle with care.
+  NOTE: CVE-2019-9658: removal of DTDs from http://checkstyle.sourceforge.net and
+  NOTE: CVE-2019-9658: http://puppycrawl.com/ might affect the validity of our default config
+  NOTE: CVE-2019-9658: so depending of the impact this might require a jessie update
 --
 cron (Mike Gabriel)
 --
@@ -38,12 +44,19 @@ kde4libs (Hugo Lefeuvre)
 libav
  NOTE: 20190131: Re-added after ~deb8u5 upload. Still not done, yet.
 --
+libjpeg-turbo
+  NOTE: CVE-2018-14498: fix available. assert severity and either provide upload or triage no-dsa.
+--
 liblivemedia (Hugo Lefeuvre)
  NOTE: 20190226: CVE-2019-773{2,3}: wait for upstream patch - hle
  NOTE: CVE-2019-9215: at least dos, might be used for remote code execution,
  NOTE: CVE-2019-9215: prepared a poc and updates for jessie and stretch.
  NOTE: CVE-2019-9215: waiting for stretch upload before going on with jessie.
 --
+libmatio
+  NOTE: fairly high number of open issues. Not sure why we never had a look at them.
+  NOTE: triage work needed, help security team for fixes if needed.
+--
 libraw (Thorsten Alteholz)
  NOTE: 20181222: As usual please consider to fix ignored/no-dsa issues too,
  NOTE: especially those that are still marked vulnerable in Stretch but also