data/CVE/list

@@ -769,12 +769,14 @@ CVE-2019-16396 (GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_na
 	[buster] - gnucobol <no-dsa> (Minor issue)
 	- open-cobol <removed>
 	[stretch] - open-cobol <no-dsa> (Minor issue)
+	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/587/
 CVE-2019-16395 (GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() functi ...)
 	- gnucobol <unfixed> (bug #940949)
 	[buster] - gnucobol <no-dsa> (Minor issue)
 	- open-cobol <removed>
 	[stretch] - open-cobol <no-dsa> (Minor issue)
+	[jessie] - open-cobol <no-dsa> (Minor issue)
 	NOTE: https://sourceforge.net/p/open-cobol/bugs/586/
 CVE-2019-16390
 	RESERVED
@@ -1797,7 +1799,9 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0
 	- pam-p11 <unfixed> (bug #939664)
 	[buster] - pam-p11 <no-dsa> (Minor issue)
 	[stretch] - pam-p11 <no-dsa> (Minor issue)
+	[jessie] - pam-p11 <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenSC/pam_p11/commit/d150b60e1e14c261b113f55681419ad1dfa8a76c
+	NOTE: PKCS11_sign() is used in Jessie and Stretch and has a similar problem as EVP_SignFinal() everywhere else
 CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
 	NOT-FOR-US: D-Link
 CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)