Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · 1e666606 · 1e666606
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -875,6 +875,7 @@ CVE-2019-11507 (In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1
 	NOT-FOR-US: Pulse Secure Pulse Connect Secure
 CVE-2019-11506 (In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, the ...)
 	- graphicsmagick 1.4~hg15968-1
+	[jessie] - graphicsmagick <no-dsa> (Minor issue)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/57ac0ae85e2a
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/604/
 CVE-2019-11505 (In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, ther ...)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -31,6 +31,7 @@ faad2 (Hugo Lefeuvre)
 ghostscript (Roberto C. Sánchez)
 --
 graphicsmagick (Hugo Lefeuvre)
+  NOTE: 20190512: preparing an update for recent buffer overflows.
 --
 hdf5 (Hugo Lefeuvre)
  NOTE: CVE-2018-17432: upstream claims to have fixed this in 1.10.5 (issue HDF-10590)
@@ -40,12 +41,9 @@ hdf5 (Hugo Lefeuvre)
  NOTE: a Jira issue for this: https://jira.hdfgroup.org/browse/HDFFV-10755 (hle)
 --
 imagemagick (Hugo Lefeuvre, Markus Koschany)
-  NOTE: 20181227: We should address the many open issues in imagemagick either
-  NOTE: by patching them separetely as we did in Wheezy or by updating to a
-  NOTE: new upstream version like the security team did with Graphicsmagick in
-  NOTE: Stretch. (apo)
-  NOTE: 20190408: Still waiting on security team response to inquiries from (apo) and (roberto)
-  NOTE: CVE-2019-11598: patch is broken. Wait for followup patches.
+  NOTE: many open issues, but most of them are minor. This is not enough to justify
+  NOTE: full backport of a more recent version -> handle vulnerabilities on a case by
+  NOTE: case basis (hle)
 --
 jruby
 --