From 79cbbe4d5e5992ab27fa0c75f6b720807046afa4 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@debian.org>
Date: Sat, 6 Jun 2009 08:39:34 +0000
Subject: bugzilla bug references

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12056 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 data/CVE/list             | 12 ++++++------
 data/problematic-packages |  5 +++++
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 3209e8e8dc..77af2d2e62 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2247,7 +2247,7 @@ CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file
 	- screen 4.0.3-13 (unimportant; bug #521123)
 	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
 CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 	NOTE: should this really be considered minor?  see fedora bug and FSA:
@@ -5045,23 +5045,23 @@ CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, ca
 	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...)
-	- bugzilla <unfixed> (low)
+	- bugzilla <unfixed> (low; bug #514143)
 	[etch] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...)
diff --git a/data/problematic-packages b/data/problematic-packages
index 46d52bc06c..fea4ea58c1 100644
--- a/data/problematic-packages
+++ b/data/problematic-packages
@@ -6,6 +6,11 @@ they find a new maintainer or get removed from the archive:
 
 ----
 
+bugzilla: (June 2009)
+No reply to security bugs #514143 in unstable in 4 months.
+
+----
+
 jasper (June 2009)
 A security fix was dropped in a later upload, no followup on
 the respective bug for three weeks as of 2009-06-02.
-- 
cgit v1.2.3