diff --git a/2019/12xxx/CVE-2019-12817.json b/2019/12xxx/CVE-2019-12817.json
index b947400d2ee..4b4633256b9 100644
--- a/2019/12xxx/CVE-2019-12817.json
+++ b/2019/12xxx/CVE-2019-12817.json
@@ -76,6 +76,11 @@
                 "refsource": "BID",
                 "name": "108884",
                 "url": "http://www.securityfocus.com/bid/108884"
+            },
+            {
+                "refsource": "FEDORA",
+                "name": "FEDORA-2019-6817686c4d",
+                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSKLL2374YGFQR6LSVCFGTTCRGBTLAWZ/"
             }
         ]
     }
diff --git a/2019/9xxx/CVE-2019-9212.json b/2019/9xxx/CVE-2019-9212.json
index 70b24bd2f11..7890a836196 100644
--- a/2019/9xxx/CVE-2019-9212.json
+++ b/2019/9xxx/CVE-2019-9212.json
@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget."
+                "value": "** DISPUTED ** SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn\u2019t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated."
             }
         ]
     },