Antoine Beaupré · Antoine Beaupré · Antoine Beaupré · b81021c7 · b81021c7
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -11,6 +11,7 @@ CVE-2018-XXXX [XSA-252: DoS via non-preemptable L3/L4 pagetable freeing]
 CVE-2018-XXXX [SSPSA 201802-01]
 	- simplesamlphp 1.15.3-1
 	NOTE: https://simplesamlphp.org/security/201802-01
+	NOTE: upstream fix is just to bump the simplesamlphp/saml2 dependency, so patch is probably really: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
 CVE-2018-7537
 	RESERVED
 CVE-2018-7536
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -18,7 +18,7 @@ dovecot (Thorsten Alteholz)
 drupal7 (Markus Koschany)
 --
 elinks
-  NOTE: maintainer is on the security team (jmm), no notice sent
+  NOTE: 20180226: maintainer is on the security team (jmm), no notice sent (anarcat)
 --
 gcc-4.6 (Roberto C. Sánchez)
  NOTE: Backport the retpoline support for spectre mitigation.
@@ -79,12 +79,18 @@ opencv (Thorsten Alteholz)
 openjdk-7 (Emilio Pozuelo)
 --
 php5
-  NOTE: consider reviewing the backlog of "unimportant" issues fixed in jessie to see if it is worth fixing a few DOS in the backlog
+  NOTE: 20180226: consider reviewing the backlog of issues fixed in jessie to see if it is worth fixing a few DOS in the backlog (anarcat)
+--
+postgresql-9.1
+  NOTE: 20180227: confirm jessie's diagnostic (N/A) and see if it applies to wheezy. maintainer not contacted yet.
 --
 ruby1.9.1 (Emilio Pozuelo)
 --
 rubygems (Emilio Pozuelo)
 --
+simplesamlphp
+  NOTE: 20180227: details under embargo (anarcat)
+--
 tiff
  NOTE: incomplete fix of CVE-2017-18013
 --
@@ -94,3 +100,4 @@ wordpress
  NOTE: 20180217: Upstream unsure how to fix at the moment (lamby)
  NOTE: 20180221: Upstream still unsure how to fix (lamby)
 --
+xen