data/CVE/list

@@ -505,6 +505,7 @@ CVE-2019-11006 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-base
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/598/
 CVE-2019-11005 (In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buf ...)
 	- graphicsmagick <unfixed>
+	[jessie] - graphicsmagick <not-affected> (The vulnerable code is not present)
 	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d
 	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/600/
 CVE-2019-11004 (In Materialize through 1.0.0, XSS is possible via the Toast feature. ...)
@@ -103119,7 +103120,6 @@ CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/ma
 CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata indica ...)
 	{DSA-4321-1 DLA-1045-1}
 	- graphicsmagick 1.3.26-1 (bug #867077)
-	[jessie] - graphicsmagick <no-dsa> (Minor issue)
 	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62
 CVE-2017-10798 (In ObjectPlanet Opinio before 7.6.4, there is XSS. ...)
 	NOT-FOR-US: ObjectPlanet Opinio

data/DLA/list

+[13 Apr 2019] DLA-1755-1 graphicsmagick - security update
+	{CVE-2017-10799 CVE-2019-11006 CVE-2019-11007 CVE-2019-11008 CVE-2019-11009 CVE-2019-11010}
+	[jessie] - graphicsmagick 1.3.20-3+deb8u6
 [13 Apr 2019] DLA-1628-2 jasper - regression update
 	[jessie] - jasper 1.900.1-debian1-2.4+deb8u6
 [09 Apr 2019] DLA-1754-1 samba - security update

data/dla-needed.txt

@@ -47,8 +47,6 @@ gradle
   NOTE: 20190412: unless you believe http->https would cause significant breakage;
   NOTE: 20190412: ajax.googleapis.com's SSL cert appears well supported in jessie
 --
-graphicsmagick (Markus Koschany)
---
 hdf5 (Hugo Lefeuvre)
   NOTE: requires some prior triage, almost all cves undetermined.
   NOTE: contacted hdf5 upstream, received information, currently updating the tracker.