Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz · Thorsten Alteholz
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -277,9 +277,11 @@ CVE-2019-14525
 	RESERVED
 CVE-2019-14524 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
 	- schism <unfixed> (bug #933808)
+	[jessie] - schism <no-dsa> (Minor issue)
 	NOTE: https://github.com/schismtracker/schismtracker/issues/201
 CVE-2019-14523 (An issue was discovered in Schism Tracker through 20190722. There is a ...)
 	- schism <unfixed> (bug #933809)
+	[jessie] - schism <no-dsa> (Minor issue)
 	NOTE: https://github.com/schismtracker/schismtracker/issues/202
 CVE-2019-14522
 	RESERVED
@@ -343,6 +345,7 @@ CVE-2019-14494 (An issue was discovered in Poppler through 0.78.0. There is a di
 	- poppler <unfixed> (bug #933812)
 	[buster] - poppler <no-dsa> (Minor issue)
 	[stretch] - poppler <no-dsa> (Minor issue)
+	[jessie] - poppler <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/issues/802
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/merge_requests/317
 CVE-2019-14493 (An issue was discovered in OpenCV before 4.1.1. There is a NULL pointe ...)
@@ -411,6 +414,7 @@ CVE-2019-14466
 	RESERVED
 CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-b ...)
 	- schism <unfixed> (bug #933807)
+	[jessie] - schism <no-dsa> (Minor issue)
 	NOTE: https://github.com/schismtracker/schismtracker/issues/198
 	NOTE: https://github.com/schismtracker/schismtracker/commit/b78e8d32883f8a865035436af4fa6d541b6ebb42
 CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a  ...)
@@ -7781,6 +7785,7 @@ CVE-2018-20839 (systemd 242 changes the VT1 mode upon a logout, which allows att
 	[stretch] - systemd <no-dsa> (Minor issue)
 	[jessie] - systemd <no-dsa> (Not reproducible without Ubuntu-style persistant VT1 greeter; too invasive to fix)
 	- xorg-server <unfixed>
+	[jessie] - xorg-server <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1803993
 	NOTE: https://github.com/systemd/systemd/commit/9725f1a10f80f5e0ae7d9b60547458622aeb322f
 	NOTE: https://github.com/systemd/systemd/pull/12378
@@ -25782,10 +25787,12 @@ CVE-2019-5461 [GitHub Integration SSRF]
 CVE-2019-5460 (Double Free in VLC versions &lt;= 3.0.6 leads to a crash. ...)
 	{DSA-4459-1}
 	- vlc 3.0.7-1
+	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://hackerone.com/reports/503208
 CVE-2019-5459 (An Integer underflow in VLC Media Player versions &lt; 3.0.7 leads to  ...)
 	{DSA-4459-1}
 	- vlc 3.0.7-1
+	[jessie] - vlc <end-of-life> (https://lists.debian.org/debian-security-announce/2018/msg00130.html)
 	NOTE: https://hackerone.com/reports/502816
 CVE-2019-5458 (Cross-site scripting (XSS) vulnerability in http-file-server (all vers ...)
 	TODO: check
@@ -26619,36 +26626,44 @@ CVE-2019-5060 (An exploitable code execution vulnerability exists in the XPM ima
 	- libsdl2-image 2.0.5+dfsg1-1
 	[buster] - libsdl2-image <no-dsa> (Minor issue)
 	[stretch] - libsdl2-image <no-dsa> (Minor issue)
+	[jessie] - libsdl2-image <no-dsa> (Minor issue)
 	- sdl-image1.2 <unfixed>
 	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
 	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0844
 	NOTE: https://hg.libsdl.org/SDL_image/rev/26061e601c81
 CVE-2019-5059 (An exploitable code execution vulnerability exists in the XPM image re ...)
 	- libsdl2-image 2.0.5+dfsg1-1
 	[buster] - libsdl2-image <no-dsa> (Minor issue)
 	[stretch] - libsdl2-image <no-dsa> (Minor issue)
+	[jessie] - libsdl2-image <no-dsa> (Minor issue)
 	- sdl-image1.2 <unfixed>
 	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
 	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0843
 	NOTE: https://hg.libsdl.org/SDL_image/rev/95fc7da55247
 CVE-2019-5058 (An exploitable code execution vulnerability exists in the XCF image re ...)
 	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
 	[buster] - libsdl2-image <no-dsa> (Minor issue)
 	[stretch] - libsdl2-image <no-dsa> (Minor issue)
+	[jessie] - libsdl2-image <no-dsa> (Minor issue)
 	- sdl-image1.2 <unfixed> (bug #932755)
 	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
 	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0842
 	NOTE: https://hg.libsdl.org/SDL_image/rev/b1a80aec2b10
 CVE-2019-5057 (An exploitable code execution vulnerability exists in the PCX image-re ...)
 	- libsdl2-image 2.0.5+dfsg1-1 (bug #932754)
 	[buster] - libsdl2-image <no-dsa> (Minor issue)
 	[stretch] - libsdl2-image <no-dsa> (Minor issue)
+	[jessie] - libsdl2-image <no-dsa> (Minor issue)
 	- sdl-image1.2 <unfixed> (bug #932755)
 	[buster] - sdl-image1.2 <no-dsa> (Minor issue)
 	[stretch] - sdl-image1.2 <no-dsa> (Minor issue)
+	[jessie] - sdl-image1.2 <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841
 	NOTE: https://hg.libsdl.org/SDL_image/rev/7453e79c8cdb
 CVE-2019-5056
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -9,6 +9,8 @@ To pick an issue, simply add your name behind it. To learn more about how
 this list is updated have a look at
 https://wiki.debian.org/LTS/Development#Triage_new_security_issues

+--
+dnsmasq
 --
 faad2 (Hugo Lefeuvre)
  NOTE: 20190519: I have a few patches pending for open issues. Will be PR-ed soon.
@@ -87,6 +89,9 @@ proftpd-dfsg (Markus Koschany)
  NOTE: Stable update was released today.
 --
 python2.7 (Thorsten Alteholz)
+  NOTE: 20190804: need to check fails with test suite unrelated to this patch
+--
+python3.4 (Thorsten Alteholz)
 --
 qemu
  NOTE: 20190528: An upload candidate is waiting for being tested on real hardware.
@@ -97,6 +102,7 @@ qemu
  NOTE: 20190529: More testing needed.
 --
 ruby-mini-magick (Thorsten Alteholz)
+  NOTE: 20190805: package does not build in Jessie
 --
 ruby-openid
  NOTE: 20190628: In discussion with upstream/rubygems maintainer regarding what the issue actually *is*. (lamby)
@@ -124,12 +130,16 @@ sqlite3
 subversion
  NOTE: 20190804: For (at least) CVE-2018-11782 the svn_err_trace that is in the diff has not been added yet. (lamby)
 --
+tika
+--
 tomcat8
  NOTE: 20190522: FTBFS
  NOTE: Test SSL certificate expired, see https://bz.apache.org/bugzilla/show_bug.cgi?id=57655
  NOTE: Attempt to solve this by using certificates from latest tomcat8 package failed (Brian).
  NOTE: 20190701: New CVE just piled up.
 --
+wireshark (Thorsten Alteholz)
+--
 wordpress
  NOTE: 20190614: No upstream fix yet. (apo)
 --
@@ -138,3 +148,5 @@ xen
 --
 xymon (Thorsten alteholz)
 --
+yara
+--