Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · Hugo Lefeuvre · a4ccc7dc · a4ccc7dc
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23697,6 +23697,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
+	NOTE: https://sourceforge.net/p/freeimage/svn/1825/
 CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize  ...)
 	- freeimage <unfixed> (bug #929597)
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -23707,6 +23708,7 @@ CVE-2019-12211 (When FreeImage 3.18.0 reads a tiff file, it will be handed to th
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[stretch] - freeimage <postponed> (Revisit when upstream fixes are available)
 	NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
+	NOTE: https://sourceforge.net/p/freeimage/svn/1825/
 CVE-2019-12210 (In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug ...)
 	- pam-u2f 1.0.8-1 (low; bug #930023)
 	[buster] - pam-u2f 1.0.7-1+deb10u1
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -24,10 +24,8 @@ bind9 (Thorsten Alteholz)
  NOTE: no point release in Jessie, so fix it here
 --
 freeimage (hle)
-  NOTE: Maintainer will take care of the update.
-  NOTE: https://lists.debian.org/debian-lts/2019/05/msg00079.html
-  NOTE: 20190707: maintainer is waiting for upstream https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929597
  NOTE: 20191028: submitted a patch for CVE-2019-12211, see Debian bug report
+  NOTE: 20191123: upstream appears to have merged a modified version of my patch
 --
 ibus
  NOTE: 20191020: Fix for regression in KDE apps still not available (apo)