External check
CVE-2017-3080: RESERVED CVE-2017-3099: RESERVED CVE-2017-3100: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
DSA candidates
ansible -- batik -- catdoc -- glance -- imagemagick -- jbig2dec -- knot -- lame -- libdbd-mysql-perl -- libpodofo -- libraw -- libtorrent-rasterbar -- libxml2 -- lucene-solr -- openexr -- openjpeg2 -- php-horde-image -- poppler -- radare2 -- sqlite3 -- swftools -- thrift-compiler -- tiff -- vlc -- ffmpeg/stable -- hexchat/stable -- jetty9/stable -- libical/stable -- openvswitch/stable -- php7.0/stable -- ruby2.3/stable -- salt/stable -- undertow/stable -- botan1.10/oldstable -- dhcpcd5/oldstable -- gajim/oldstable -- gradle/oldstable -- jasper/oldstable -- jetty/oldstable -- jetty8/oldstable -- libapache2-mod-auth-mellon/oldstable -- libapache2-mod-auth-openidc/oldstable -- libav/oldstable -- libvpx/oldstable -- mcollective/oldstable -- miniupnpc/oldstable -- php-horde-crypt/oldstable -- phpldapadmin/oldstable -- pjproject/oldstable -- ruby-passenger/oldstable -- ruby2.1/oldstable -- smb4k/oldstable -- wordpress/oldstable -- xrdp/oldstable -- yodl/oldstable -- zabbix/oldstable -- zendframework/oldstable -- -- The above is a list of DSA candidates based on the tracker's information. One should evaluate the candidates and either add them to dsa-needed.txt or consider tagging them no-dsa.