Markus Koschany · Markus Koschany · Markus Koschany · Markus Koschany · 8ae8f862 · 8ae8f862
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -308,6 +308,7 @@ CVE-2018-20594 (An issue was discovered in hsweb 3.0.4. It is a reflected XSS ..
 	NOT-FOR-US: hsweb
 CVE-2018-20593 (In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in ...)
 	- mxml <unfixed>
+	[jessie] - mxml <no-dsa> (Minor issue, only affects the mxmldoc tool)
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output)
 	NOTE: https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
@@ -4873,8 +4874,8 @@ CVE-2018-20005 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...
 CVE-2018-20004 (An issue has been found in Mini-XML (aka mxml) 2.12. It is a ...)
 	- mxml <unfixed> (low)
 	[stretch] - mxml <no-dsa> (Minor issue)
-	[jessie] - mxml <ignored> (Minor issue)
 	NOTE: https://github.com/michaelrsweet/mxml/issues/233
+	NOTE: Fixed by https://github.com/michaelrsweet/mxml/commit/4f5577dd4672d228e4180f06bdbd66f343ea45e0
 CVE-2018-20003
 	RESERVED
 CVE-2018-20002 (The _bfd_generic_read_minisymbols function in syms.c in the Binary File ...)
@@ -131138,14 +131139,14 @@ CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local us
 	NOT-FOR-US: Samsung Android component
 CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly ...)
 	- mxml 2.9-1 (bug #825855)
-	[jessie] - mxml <no-dsa> (Minor issue)
 	[wheezy] - mxml <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+	NOTE: https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c
 CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and ...)
 	- mxml 2.9-2 (bug #825855)
-	[jessie] - mxml <no-dsa> (Minor issue)
 	[wheezy] - mxml <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
+	NOTE: https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb
 CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles ...)
 	- linux 4.5.3-1
 	[jessie] - linux <not-affected> (Issue introduced later)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -88,6 +88,8 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
+mxml
+--
 nettle
 --
 nss (Roberto C. Sánchez)