Hi Emilio, thanks a lot for working on this.
On Tue, 7 Jul 2020, Emilio Pozuelo Monfort wrote:
CVE-2019-11187/gosa fixed in jessie and buster but no-dsa in stretch (Minor issue)
This seems to have been fixed via opu.
CVE-2019-3866/mistral fixed in jessie and buster but no-dsa in stretch (Minor issue; can be fixed via point release) CVE-2019-3866/python-oslo.utils fixed in jessie and buster but no-dsa in stretch (Minor issue; can be fixed via point release)
mistral in buster has been fixed via unstable, so should not be mentioned here, shouldn't it? python-oslo.utils is <not-affected> in jessie. Probably one CVE for two different packages resolved differently confused your script?
Thorsten
