Sylvain Beucler · Sylvain Beucler · 26a2d714 · 26a2d714
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -18819,8 +18819,9 @@ CVE-2019-10871 (An issue was discovered in Poppler 0.74.0. There is a heap-based
 	- poppler <unfixed> (low; bug #926529)
 	[buster] - poppler <postponed> (Revisit when fixed upstream)
 	[stretch] - poppler <postponed> (Revisit when fixed upstream)
-	[jessie] - poppler <postponed> (Revisit when fixed upstream)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/751
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/266 (rejected in favor of always enabling SPLASH_CMYK)
+	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/341 (always enable SPLASH_CMYK)
 CVE-2019-10870
 	RESERVED
 CVE-2019-10869 (Path Traversal and Unrestricted File Upload exists in the Ninja Forms  ...)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -120,6 +120,8 @@ pam-python
 --
 polarssl
 --
+poppler
+--
 radare2
  NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
  NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch.