Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · 732e76b5 · 732e76b5
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -82958,7 +82958,6 @@ CVE-2018-10394
 CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-b ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
 	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
@@ -82966,11 +82965,9 @@ CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a s
 CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not va ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <ignored> (Minor issue)
 	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
-	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
-	NOTE: Same patch as for CVE-2017-14160
+	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
 CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
 	NOT-FOR-US: WUZHI CMS
 CVE-2018-10390
@@ -122108,7 +122105,6 @@ CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.
 CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5  ...)
 	- libvorbis 1.3.6-2 (bug #876780)
 	[stretch] - libvorbis <no-dsa> (Minor issue)
-	[jessie] - libvorbis <no-dsa> (Minor issue)
 	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
 	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
--- a/data/DLA/list
+++ b/data/DLA/list
+[27 Nov 2019] DLA-2013-1 libvorbis - security update
+	{CVE-2017-14160 CVE-2018-10392 CVE-2018-10393}
+	[jessie] - libvorbis 1.3.4-2+deb8u2
 [26 Nov 2019] DLA-2012-1 libvpx - security update
 	{CVE-2019-9232 CVE-2019-9433}
 	[jessie] - libvpx 1.3.0-3+deb8u2