Chris Lamb · Chris Lamb · Chris Lamb · Chris Lamb · Chris Lamb · 42474c31
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -97,26 +97,32 @@ CVE-2018-19892 (DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.ph
 CVE-2018-19891 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/24
 CVE-2018-19890 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/20
 CVE-2018-19889 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/22
 CVE-2018-19888 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/25
 CVE-2018-19887 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/21
 CVE-2018-19886 (An invalid memory address dereference was discovered in the huffcode ...)
 	- faac <unfixed> (bug #915763)
 	[stretch] - faac <no-dsa> (Non-free not supported)
+	[jessie] - faac <no-dsa> (Non-free not supported)
 	NOTE: https://github.com/knik0/faac/issues/23
 CVE-2018-19885
 	RESERVED
@@ -191,6 +197,7 @@ CVE-2018-19858
 	RESERVED
 CVE-2018-19857 (The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player ...)
 	- vlc <unfixed> (bug #915760)
+	[jessie] - vlc <end-of-life> (See https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://dyntopia.com/advisories/013-vlc
 	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=0cc5ea748ee5ff7705dde61ab15dff8f58be39d0
 CVE-2018-19856
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -32,6 +32,8 @@ freerdp (Mike Gabriel)
  NOTE: 20181205: patches needed for producing a secured and functional stretch-security and jessie-security
  NOTE: 20181205: upload package.
 --
+ghostscript
+--
 jasper
 --
 libapache-mod-jk (Roberto C. Sánchez)
@@ -94,6 +96,9 @@ pdns-recursor (Abhijith PA)
 --
 php5 (Roberto C. Sánchez)
 --
+polarssl
+  NOTE: 20121207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
+--
 policykit-1 (Santiago)
  NOTE: 20181202: probably maintainer wants to upload this (Thorsten)
  NOTE: 20181207: fixed in stretch by secteam