Ola Lundqvist · Ola Lundqvist · 5051c52b · 5051c52b
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -7878,11 +7878,13 @@ CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() func
 	- lout <unfixed> (bug #947113)
 	[buster] - lout <no-dsa> (Minor issue)
 	[stretch] - lout <no-dsa> (Minor issue)
+	[jessie] - lout <ignored> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html
 CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in  ...)
 	- lout <unfixed> (bug #947113)
 	[buster] - lout <no-dsa> (Minor issue)
 	[stretch] - lout <no-dsa> (Minor issue)
+	[jessie] - lout <ignored> (Minor issue)
 	NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00002.html
 CVE-2020-3939
 	RESERVED
@@ -29598,7 +29600,10 @@ CVE-2019-14869 (A flaw was found in all versions of ghostscript 9.x before 9.50,
 CVE-2019-14868 [environment variables on startup are interpreted as arithmetic expression leading to code injection]
 	RESERVED
 	- ksh 2020.0.0-2.1 (bug #948989)
+	[jessie] - ksh <ignored> (Minor issue)
 	NOTE: https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
+	NOTE: It is possible to execute arbitrary arithmetic expression but not arbitrary expression. Jessie
+	NOTE: and buster tested so far. (opal) Due to this marked as minor issue for jessie.
 CVE-2019-14867 (A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x ve ...)
 	- freeipa 4.8.3-1
 	[buster] - freeipa <no-dsa> (Minor issue; can be fixed via point release)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -40,10 +40,6 @@ ibus
 jackson-databind
  NOTE: 20200105: Can be postponed again. (apo)
 --
-ksh
-  NOTE: 20200118: Upstream patch doesn't apply at all, but not clear if
-  NOTE: 20200118: or not. Thus, deeper triaging required. (sunweaver)
--
 libexif (Hugo Lefeuvre)
  NOTE: 20191111: Contacted upstream for relevant commits of CVE-2019-9278. (utkarsh2102)
  NOTE: 20191114: Pinged upstream; just have the Android patch yet. (utkarsh2102)
@@ -75,15 +71,6 @@ linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
 --
-lout
-  NOTE: 20191221: Package is orphaned and has similar version in unstable.
-  NOTE: 20191221: Upstream maintenance may have ceased to exist, too.
-  NOTE: 20191221: If we fix it in jessie LTS, we should als NMU those fixes
-  NOTE: 20191221: to unstable. (sunweaver)
-  NOTE: 20191221: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00005.html
-  NOTE: 20191221: (-> at least someone is still active on lout, providing some
-  NOTE: 20191221: patches, not related to the open CVEs, though)
--
 nss (Markus Koschany)
 --
 opendmarc (Thorsten Alteholz)