[Secure-testing-commits] r1751 - in data/DTSA: . advs

Wed Aug 31 19:03:01 UTC 2005

Author: joeyh
Date: 2005-08-31 19:03:01 +0000 (Wed, 31 Aug 2005)
New Revision: 1751

Added:
   data/DTSA/advs/9-bluez-utils.adv
Removed:
   data/DTSA/advs/9-mozilla-thunderbird.adv
Modified:
   data/DTSA/DTSA-9-1
   data/DTSA/list
Log:
gave up on thunderbird build for now, reclaimed advisory 9 for bluez


Modified: data/DTSA/DTSA-9-1
===================================================================

--- data/DTSA/DTSA-9-1	2005-08-31 16:53:15 UTC (rev 1750)
+++ data/DTSA/DTSA-9-1	2005-08-31 19:03:01 UTC (rev 1751)
@@ -1,72 +1,31 @@
 ------------------------------------------------------------------------------
 Debian Testing Security Advisory DTSA-9-1     http://secure-testing.debian.net
 secure-testing-team at lists.alioth.debian.org                          Joey Hess
-August 28th, 2005
+August 31st, 2005
 ------------------------------------------------------------------------------
 
-Package        : mozilla-thunderbird
-Vulnerability  : several vulnerabilities
+Package        : bluez-utils
+Vulnerability  : bad device name escaping
 Problem-Scope  : remote
 Debian-specific: No
-CVE ID         : CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270 
+CVE ID         : CAN-2005-2547 
 
-Several problems have been discovered in Mozilla Thunderbird, the standalone
-mail client of the Mozilla suite. The Common Vulnerabilities and Exposures
-project identifies the following problems:
+A bug in bluez-utils allows remote attackers to execute arbitrary commands
+via shell metacharacters in the Bluetooth device name when invoking the PIN
+helper.
 
-CAN-2005-0989
-
-Remote attackers could read portions of heap memory into a Javascript string
-via the lambda replace method.
-
-CAN-2005-1159
-
-The Javascript interpreter could be tricked to continue execution at the
-wrong memory address, which may allow attackers to cause a denial of service
-(application crash) and possibly execute arbitrary code.
-
-CAN-2005-1160
-
-Remote attackers could override certain properties or methods of DOM nodes
-and gain privileges.
-
-CAN-2005-1532
-
-Remote attackers could override certain properties or methods due to missing
-proper limitation of Javascript eval and Script objects and gain privileges.
-
-CAN-2005-2261
-
-XML scripts ran even when Javascript was disabled.
-
-CAN-2005-2265
-
-Missing input sanitising of InstallVersion.compareTo() can cause the
-application to crash.
-
-CAN-2005-2266
-
-Remote attackers could steal sensitive information such as cookies and
-passwords from web sites by accessing data in alien frames.
-
-CAN-2005-2269
-
-Remote attackers could modify certain tag properties of DOM nodes that could
-lead to the execution of arbitrary script or code.
-
-CAN-2005-2270
-
-The Mozilla browser family does not properly clone base objects, which allows
-remote attackers to execute arbitrary code.
-
 For the testing distribution (etch) this is fixed in version
-1.0.2-3etch1
+2.19-0.1etch1
 
 For the unstable distribution (sid) this is fixed in version
-1.0.6-3
+2.19-1
 
-This upgrade is recommended if you use mozilla-thunderbird.
+This upgrade is recommended if you use bluez-utils.
 
+The Debian testing security team does not track security issues for then
+stable (sarge) and oldstable (woody) distributions. If stable is vulnerable,
+the Debian security team will make an announcement once a fix is ready.
+
 Upgrade Instructions
 --------------------
 
@@ -81,7 +40,7 @@
 
 To install the update, run this command as root:
 
-apt-get update && apt-get install mozilla-thunderbird
+apt-get update && apt-get install bluez-utils
 
 For further information about the Debian testing security team, please refer
 to http://secure-testing.debian.net/

Copied: data/DTSA/advs/9-bluez-utils.adv (from rev 1745, data/DTSA/advs/9-mozilla-thunderbird.adv)
===================================================================
--- data/DTSA/advs/9-mozilla-thunderbird.adv	2005-08-31 11:04:13 UTC (rev 1745)
+++ data/DTSA/advs/9-bluez-utils.adv	2005-08-31 19:03:01 UTC (rev 1751)
@@ -0,0 +1,14 @@
+dtsa: DTSA-9-1
+source: bluez-utils
+date: August 31st, 2005
+author: Joey Hess
+vuln-type: bad device name escaping
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-2547
+testing-fix: 2.19-0.1etch1
+sid-fix: 2.19-1
+
+A bug in bluez-utils allows remote attackers to execute arbitrary commands
+via shell metacharacters in the Bluetooth device name when invoking the PIN
+helper.

Deleted: data/DTSA/advs/9-mozilla-thunderbird.adv
===================================================================
--- data/DTSA/advs/9-mozilla-thunderbird.adv	2005-08-31 16:53:15 UTC (rev 1750)
+++ data/DTSA/advs/9-mozilla-thunderbird.adv	2005-08-31 19:03:01 UTC (rev 1751)
@@ -1,59 +0,0 @@
-dtsa: DTSA-9-1
-source: mozilla-thunderbird
-date: August 28th, 2005
-author: Joey Hess
-vuln-type: several vulnerabilities
-problem-scope: remote
-debian-specific: no
-cve: CAN-2005-0989 CAN-2005-1159 CAN-2005-1160 CAN-2005-1532 CAN-2005-2261 CAN-2005-2265 CAN-2005-2266 CAN-2005-2269 CAN-2005-2270
-testing-fix: 1.0.2-3etch1
-sid-fix: 1.0.6-3
-
-Several problems have been discovered in Mozilla Thunderbird, the standalone
-mail client of the Mozilla suite. The Common Vulnerabilities and Exposures
-project identifies the following problems:
-
-CAN-2005-0989
-
-  Remote attackers could read portions of heap memory into a Javascript string
-  via the lambda replace method.
-
-CAN-2005-1159
-
-  The Javascript interpreter could be tricked to continue execution at the
-  wrong memory address, which may allow attackers to cause a denial of service
-  (application crash) and possibly execute arbitrary code.
-
-CAN-2005-1160
-
-  Remote attackers could override certain properties or methods of DOM nodes
-  and gain privileges.
-
-CAN-2005-1532
-
-  Remote attackers could override certain properties or methods due to missing
-  proper limitation of Javascript eval and Script objects and gain privileges.
-
-CAN-2005-2261
-
-  XML scripts ran even when Javascript was disabled.
-
-CAN-2005-2265
-
-  Missing input sanitising of InstallVersion.compareTo() can cause the
-  application to crash.
-
-CAN-2005-2266
-
-  Remote attackers could steal sensitive information such as cookies and
-  passwords from web sites by accessing data in alien frames.
-
-CAN-2005-2269
-
-  Remote attackers could modify certain tag properties of DOM nodes that could
-  lead to the execution of arbitrary script or code.
-
-CAN-2005-2270
-
-  The Mozilla browser family does not properly clone base objects, which allows
-  remote attackers to execute arbitrary code.

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2005-08-31 16:53:15 UTC (rev 1750)
+++ data/DTSA/list	2005-08-31 19:03:01 UTC (rev 1751)
@@ -1,13 +1,11 @@
 [29 Aug 2005] DTSA-11-1 maildrop - local privilege escalation
 	{CAN-2005-2655}
 	- maildrop 1.5.3-1.1etch1 (high)
-[01 Jan 1969] DTSA-10-1 pcre3 - buffer overflow
+[31 Aug 2005] DTSA-10-1 pcre3 - buffer overflow
 	- pcre3 6.3-0.1etch1 (high)
-[28 Aug 2005] DTSA-9-1 mozilla-thunderbird - several vulnerabilities
-	- mozilla-thunderbird 1.0.2-3etch1 (high)
-	NOTE: joeyh working on it
-	NOTE: stalled by build failure
-	TODO: complete, or recycle this advisory number
+[31 Aug 2005] DTSA-9-1 bluez-utils - bad device name escaping
+	- bluez-utils 2.19-0.1etch1
+	TODO: unreleased
 [28 Aug 2005] DTSA-8-1 mozilla-firefox - several vulnerabilities
 	- mozilla-firefox 1.0.4-2sarge2 (high)
 [28 Aug 2005] DTSA-7-1 mozilla - frame injection spoofing


