Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · c9c98c76
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -805,24 +805,29 @@ CVE-2019-10914 (pubRsaDecryptSignedElementExt in MatrixSSL, as used in Inside Se
 CVE-2019-10913
 	RESERVED
 	- symfony 3.4.22+dfsg-2
+	NOTE: https://symfony.com/blog/cve-2019-10913-reject-invalid-http-method-overrides
 CVE-2019-10912
 	RESERVED
 	- symfony 3.4.22+dfsg-2
+	NOTE: https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
 CVE-2019-10911
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10911-add-a-separator-in-the-remember-me-cookie-hash
 CVE-2019-10910
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10910-check-service-ids-are-valid
 CVE-2019-10909
 	RESERVED
 	- drupal7 <not-affected> (Drupal 7 core not affected)
 	- symfony 3.4.22+dfsg-2
 	NOTE: https://www.drupal.org/SA-CORE-2019-005
+	NOTE: https://symfony.com/blog/cve-2019-10909-escape-validation-messages-in-the-php-templating-engine
 CVE-2019-10908 (In Airsonic 10.2.1, RecoverController.java generates passwords via org ...)
 	NOT-FOR-US: Airsonic
 CVE-2019-10907 (Airsonic 10.2.1 uses Spring's default remember-me mechanism based on M ...)