From 98f146be45839b3b897b79544f48b8f6f97bc24f Mon Sep 17 00:00:00 2001
From: Abhijith PA <abhijith@disroot.org>
Date: Sun, 2 Aug 2020 10:15:57 +0530
Subject: stretch triage

---
 data/CVE/list       | 4 ++++
 data/dla-needed.txt | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/data/CVE/list b/data/CVE/list
index 66eb630fee..4a392c009a 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -739,6 +739,7 @@ CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were
 	NOT-FOR-US: Mida eFramework
 CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation  ...)
 	- claws-mail 3.17.6-1
+	[stretch] - claws-mail <no-dsa> (low priority issue)
 	NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5
 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...)
 	NOT-FOR-US: Tenda devices
@@ -4657,6 +4658,7 @@ CVE-2020-14348
 CVE-2020-14347 [X Server Pixel Data Uninitialized Memory Information Disclosure]
 	RESERVED
 	- xorg-server <unfixed>
+	[stretch] - xorg-server <postponed> (Minor issue, can be fixed along in next release)
 	NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html
 	NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816
 CVE-2020-14346
@@ -14034,6 +14036,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
 	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and  ...)
 	- bareos <unfixed> (bug #965985)
+	[stretch] - bareos <no-dsa> (minor issue, low priority)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4
 CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...)
 	- glpi <removed> (unimportant)
@@ -31638,6 +31641,7 @@ CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserial
 	NOT-FOR-US: phpMussel
 CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to  ...)
 	- bareos <unfixed> (bug #965985)
+	[stretch] - bareos <no-dsa> (minor issue, low priority)
 	NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752
 CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...)
 	NOT-FOR-US: Bolt CMS
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 287f57764f..f46b04a4af 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -52,6 +52,8 @@ condor (Roberto C. Sánchez)
   NOTE: 20200712: Requested input on path forward from debian-lts@l.d.o (roberto)
   NOTE: 20200727: Waiting on maintainer feedback: https://lists.debian.org/debian-lts/2020/07/msg00108.html (roberto)
 --
+evolution-data-server
+--
 firefox-esr (Emilio)
   NOTE: 20200720: working on ESR 78 backport. (Emilio)
 --
@@ -73,6 +75,8 @@ jruby (Adrian Bunk)
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --
+libx11
+--
 linux (Ben Hutchings)
 --
 linux-4.9 (Ben Hutchings)
-- 
cgit v1.2.3