Thorsten Alteholz · Thorsten Alteholz · 754d827a · 754d827a · 754d827a
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -76747,9 +76747,11 @@ CVE-2017-7655
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493
+	NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de
 CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject ...)
 	- mosquitto <unfixed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113
+	NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4
 CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...)
 	{DLA-1409-1 DLA-1334-1}
 	- mosquitto 1.4.15-1
--- a/data/DLA/list
+++ b/data/DLA/list
+[27 Sep 2018] DLA-1524-1 libxml2 - security update
+	{CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567}
+	[jessie] - libxml2 2.9.1+dfsg1-5+deb8u7
 [27 Sep 2018] DLA-1523-1 asterisk - security update
 	{CVE-2018-17281}
 	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u6

--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -45,10 +45,6 @@ libav (Hugo Lefeuvre)
 --
 libspring-java (Abhijith PA)
 --
-libxml2 (Thorsten Alteholz)
-  NOTE: 20180720: There are many open CVEs marked as <no-dsa> for jessie and stretch.
-  NOTE: 20180720: My  sense is that someone should go over them and fix those that are fixable.
--
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)