Antoine Beaupré · Antoine Beaupré · Antoine Beaupré · 2b571c9f · 2b571c9f
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -156,9 +156,10 @@ CVE-2018-7423
 CVE-2017-18195
 	RESERVED
 CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
-	- elinks <unfixed> (bug #694658)
-	- links2 2.7-1+deb7u1
+	- elinks <unfixed> (bug #891575)
+	- links2 2.7-1 (bug #694658)
 	NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
+	NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
 CVE-2018-7422
 	RESERVED
 CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector ...)
@@ -81487,6 +81488,7 @@ CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in ...)
 	- php7.0 7.0.9-1 (unimportant)
 	- php5 5.6.24+dfsg-1 (unimportant)
 	[jessie] - php5 5.6.24+dfsg-0+deb8u1
+	[wheezy] - php5 <not-affected> (Vulnerable code not present)
 	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -17,6 +17,9 @@ dovecot (Thorsten Alteholz)
 --
 drupal7 (Markus Koschany)
 --
+elinks
+  NOTE: maintainer is on the security team (jmm), no notice sent
+--
 gcc-4.6 (Roberto C. Sánchez)
  NOTE: Backport the retpoline support for spectre mitigation.
  NOTE: Coordinate with jmm who started the work for gcc-4.9 in jessie.
@@ -75,10 +78,16 @@ opencv (Thorsten Alteholz)
 --
 openjdk-7 (Emilio Pozuelo)
 --
+php5
+  NOTE: consider reviewing the backlog of "unimportant" issues fixed in jessie to see if it is worth fixing a few DOS in the backlog
+--
 ruby1.9.1 (Emilio Pozuelo)
 --
 rubygems (Emilio Pozuelo)
 --
+tiff
+  NOTE: incomplete fix of CVE-2017-18013
+--
 wireshark (Thorsten Alteholz)
 --
 wordpress