Moritz Muehlenhoff · Moritz Muehlenhoff · Moritz Muehlenhoff · 33848e11 · 33848e11
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2425,6 +2425,8 @@ CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
 	NOT-FOR-US: WPGlobus plugin for WordPress
 CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
 	- tiff <unfixed>
+	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
+	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
 	- tiff3 <removed>
 	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
@@ -3685,6 +3687,8 @@ CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site
 	NOT-FOR-US: QuickApps CMS
 CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...)
 	- miniupnpd <unfixed> (bug #887129)
+	[stretch] - miniupnpd <no-dsa> (Minor issue)
+	[jessie] - miniupnpd <no-dsa> (Minor issue)
 	- miniupnpc <unfixed> (unimportant)
 	NOTE: https://github.com/miniupnp/miniupnp/issues/268
 	NOTE: https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
@@ -25669,9 +25673,8 @@ CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl functi
 	NOTE: https://patchwork.kernel.org/patch/9929625/
 	NOTE: Non issue, only "exploitable" with root access
 CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
-	- ffmpeg <unfixed>
+	- ffmpeg <undetermined>
 	NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
-	TODO: check
 CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
 	{DSA-4031-1 DLA-1114-1}
 	- ruby2.3 2.3.5-1 (bug #875928)
@@ -26516,8 +26519,6 @@ CVE-2017-13727 (There is a reachable assertion abort in the function ...)
 CVE-2017-13726 (There is a reachable assertion abort in the function ...)
 	{DLA-1093-1}
 	- tiff 4.0.8-5 (bug #873880)
-	[stretch] - tiff <no-dsa> (Minor issue)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
@@ -41079,7 +41080,6 @@ CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0
 CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
 	{DLA-969-1}
 	- tiff 4.0.7-7 (low; bug #862929)
-	[jessie] - tiff <no-dsa> (Minor issue)
 	- tiff3 <removed>
 	[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
--- a/data/dsa-needed.txt
+++ b/data/dsa-needed.txt
@@ -35,6 +35,8 @@ libvpx/oldstable
 linux
  Wait until more issues have piled up
 --
+mailman
+--
 mercurial
 --
 openjdk-7/oldstable (jmm)