libxls: Readd reference to CVE-2018-20450 and CVE-2018-20452

[Leonardo Taccari <leot%NetBSD.org@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Leonardo Taccari <leot%NetBSD.org@localhost>
Pushed By:	leot
Date:		Fri Jan 11 22:39:47 2019 +0100
Changeset:	e08e73c396283181b921a580638371bd0f3a85bc

Modified Files:
	libxls/TODO

Log Message:
libxls: Readd reference to CVE-2018-20450 and CVE-2018-20452

Issue #34 and #35 are respectively CVE-2018-20450 and CVE-2018-20452.

Add back a reference to the CVE IDs so it ease possible tracking of
them.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=e08e73c396283181b921a580638371bd0f3a85bc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libxls/TODO | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diffs:
diff --git a/libxls/TODO b/libxls/TODO
index d13d2da60f..128a8c48c5 100644
--- a/libxls/TODO
+++ b/libxls/TODO
@@ -7,6 +7,11 @@ CVE-2017-2919 https://github.com/evanmiller/libxls/issues/4
 CVE-2017-2897 https://github.com/evanmiller/libxls/issues/5
 CVE-2017-2896 https://github.com/evanmiller/libxls/issues/6
 
+Several known vulnerabilites, not fixed upstream:
+
+CVE-2018-20450 https://github.com/evanmiller/libxls/issues/34
+CVE-2018-20452 https://github.com/evanmiller/libxls/issues/35
+
 Additionally, these non-CVE issues are or may be security related (most
 fixed upstream):
 
@@ -15,8 +20,6 @@ https://github.com/evanmiller/libxls/issues/14
 https://github.com/evanmiller/libxls/issues/17
 https://github.com/evanmiller/libxls/issues/20
 https://github.com/evanmiller/libxls/issues/31
-https://github.com/evanmiller/libxls/issues/34
-https://github.com/evanmiller/libxls/issues/35
 https://github.com/evanmiller/libxls/issues/36
 https://github.com/evanmiller/libxls/issues/37