Emilio Pozuelo Monfort · Emilio Pozuelo Monfort · Emilio Pozuelo Monfort · 334d73d8 · 334d73d8
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4575,6 +4575,7 @@ CVE-2019-11028 (GAT-Ship Web Module before 1.40 suffers from a vulnerability all
 	NOT-FOR-US: GAT-Ship Web Module
 CVE-2015-9284 (The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site ...)
 	- ruby-omniauth <unfixed>
+	[jessie] - ruby-omniauth <no-dsa> (Fix is in additional gem and needs CSRF protection in apps)
 	NOTE: https://github.com/omniauth/omniauth/pull/809
 	NOTE: https://www.openwall.com/lists/oss-security/2015/05/26/11
 CVE-2019-11027 (Ruby OpenID (aka ruby-openid) through 2.8.0 has a remotely exploitable ...)
@@ -5316,6 +5317,7 @@ CVE-2019-10735 (In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP
 	- claws-mail <unfixed> (low; bug #926705)
 	[buster] - claws-mail <postponed> (Revisit when fixed upstream)
 	[stretch] - claws-mail <postponed> (Revisit when fixed upstream)
+	[jessie] - claws-mail <postponed> (Revisit when fixed upstream)
 	NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159
 CVE-2019-10734 (In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypt ...)
 	- trojita <itp> (bug #795701)
@@ -30990,6 +30992,7 @@ CVE-2018-19608 (Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allo
 	- mbedtls 2.14.1-1 (bug #915796)
 	[stretch] - mbedtls <no-dsa> (Minor issue)
 	- polarssl <removed>
+	[jessie] - polarssl <no-dsa> (Minor issue)
 	NOTE: http://cat.eyalro.net/
 	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.14.1-2.7.8-and-2.1.17-released
 	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-03
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -17,9 +17,6 @@ bind9 (Thorsten Alteholz)
  NOTE: 20190526: test package failed, probably not vulnerable
  NOTE: 20190609: upstream patches do not seem to work
 --
-claws-mail
-  NOTE: 20190408: patch not yet available
--
 faad2 (Hugo Lefeuvre)
  NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon.
  NOTE: 20190525: see https://github.com/knik0/faad2/pull/36
@@ -89,9 +86,6 @@ mupdf
  NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/m/mupdf/mupdf_1.5-1+deb8u5.dsc
  NOTE: 20190529: Not yet fully tested.
 --
-polarssl
-  NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
--
 python-urllib3 (Roberto C. Sánchez)
  NOTE: 20190601: Packages built. (roberto)
 --
@@ -109,13 +103,6 @@ qemu
  NOTE: 20190529: Upload candidate: http://packages.sunweavers.net/debian/pool/main/q/qemu/qemu_2.1+dfsg-12+deb8u12.dsc
  NOTE: 20190529: More testing needed.
 --
-ruby-omniauth
-  NOTE: CVE-2015-9284: The vulnerability is rathar bad, especially in combination with other
-  NOTE: CVE-2015-9284: known vulnerabilities. However the issue is rather old and the impact
-  NOTE: CVE-2015-9284: may be rather large. When fixing this needs to be further investigated.
-  NOTE: CVE-2015-9284: This issue fixed in rails community by introducing a new gem called omniauth-
-  NOTE: CVE-2015-9284: rails.
--
 sdl-image1.2
  NOTE: see libsdl2 entry.
 --