Sylvain Beucler · Sylvain Beucler · 47f2af78 · 47f2af78
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -627,6 +627,7 @@ CVE-2019-16867 (HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the fi
 CVE-2019-16866 (Unbound before 1.9.4 accesses uninitialized memory, which allows remot ...)
 	- unbound <unfixed> (bug #941692)
 	[stretch] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
+	[jessie] - unbound <not-affected> (Vulnerable code introduced in 1.7.1)
 	NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
 	NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
 CVE-2015-9449 (The microblog-poster plugin before 1.6.2 for WordPress has SQL Injecti ...)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -78,6 +78,8 @@ libmatio (Adrian Bunk)
  NOTE: 20190428: older changes seem to also be required for them
  NOTE: 20190929: work is ongoing
 --
+libpcap
+--
 libqb
  NOTE: 20190616: Upstream patch does not apply at all, but it appears that
  NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
@@ -142,6 +144,9 @@ slurm-llnl
 --
 spip (Thorsten Alteholz)
 --
+tcpdump
+  NOTE: 20191004: same version in wheezy->buster, security-only upstream release (24 CVEs), probably best to backport 4.9.3 when it hits testing (Beuc)
+--
 thunderbird
  NOTE: 20191001: CVE-2019-11755: bug is private, not sure whether to backport to 60esr or wait for 68esr (Beuc)
  NOTE: 20191001: CVE-2019-11755: https://bugzilla.mozilla.org/show_bug.cgi?id=1240290