filed some bugs

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14347 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 11 insertions, 7 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 598dfee9c1..14c8cb4003 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1395,7 +1395,7 @@ CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (fle
 CVE-2010-0629
 	RESERVED
 CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
-	- krb5 <unfixed>
+	- krb5 <unfixed> (bug #575740)
 	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
 CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
 	- couchdb <unfixed> (bug #570013)
@@ -2365,7 +2365,7 @@ CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (
 CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...)
 	{DSA-1991-1}
 	- squid 2.7.STABLE8-1
-	- squid3 <unfixed>
+	- squid3 <unfixed> (bug #575747)
 CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
@@ -2467,7 +2467,7 @@ CVE-2010-0282
 CVE-2010-0281
 	RESERVED
 CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...)
-	- lib3ds <unfixed> (low)
+	- lib3ds <unfixed> (low; bug #575741)
 	[lenny] - lib3ds <no-dsa> (Minor issue)
 	[etch] - lib3ds <no-dsa> (Minor issue)
 	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
@@ -3103,7 +3103,7 @@ CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in
 CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
 	- zabbix 1:1.8-1 (bug #562613)
 CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
-	- lxr-cvs <unfixed>
+	- lxr-cvs <unfixed> (bug #575745)
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
 	- boa <unfixed> (unimportant)
@@ -4676,10 +4676,10 @@ CVE-2009-3998
 CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
 	NOT-FOR-US: winamp
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
-	- libmikmod <unfixed>
+	- libmikmod <unfixed> (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
-	- libmikmod <unfixed>
+	- libmikmod <unfixed> (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
 	- devil 1.7.8-6 (low; bug #560080)
@@ -6475,7 +6475,7 @@ CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as u
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
 CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
-	- liboggplay <unfixed>
+	- liboggplay <unfixed> (bug #575743)
 	- xulrunner 1.9.1.6-1
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
diff --git a/data/problematic-packages b/data/problematic-packages
index dd8acb5ac8..d858d75c21 100644
--- a/data/problematic-packages
+++ b/data/problematic-packages
@@ -46,3 +46,7 @@ Removed from squeeze, no maintainer response in more than three months.
 polipo (Dec 2009)
 maintainer seems inactive
 
+---
+
+libmikmod (Mar 2010)
+maintainer seems MIA, latest upload in 2004