Roberto C. Sánchez · Roberto C. Sánchez · a68cea00 · a68cea00
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11062,6 +11062,7 @@ CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commo
 	- libcommons-compress-java <unfixed> (low)
 	[buster] - libcommons-compress-java <no-dsa> (Minor issue)
 	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
+	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
 	NOTE: Fixed in upstream commit: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commitdiff;h=4ad5d80a6272e007f64a6ac66829ca189a8093b9;hp=16a0c84e84b93cc8c107b7ff3080bd11317ab581
 CVE-2019-12401
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -70,9 +70,6 @@ libav (Mike Gabriel)
  NOTE: 20190831: might fix the issue. Furthermore, most libav bugs have PoCs,
  NOTE: 20190831: so there is something one can test with and see if the fix worked.
 --
-libcommons-compress-java (Roberto C. Sánchez)
-  NOTE: 20190830: no patch reference found (sunweaver)
--
 libcrypto++
 --
 libgcrypt20 (Mike Gabriel)