[Secure-testing-commits] r427 - sarge-checks/CAN
Micah Anderson
micah@costa.debian.org
Thu, 17 Feb 2005 19:44:46 +0100
Author: micah
Date: 2005-02-17 19:44:44 +0100 (Thu, 17 Feb 2005)
New Revision: 427
Modified:
sarge-checks/CAN/list
Log:
Resolved two CAN TODOs, took another set
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-02-17 17:54:20 UTC (rev 426)
+++ sarge-checks/CAN/list 2005-02-17 18:44:44 UTC (rev 427)
@@ -724,13 +724,15 @@
- mozilla-firefox 1.0+dfsg.1-6
CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
- mozilla-firefox 1.0+dfsg.1-6
-begin claimed by micah
CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
- TODO: check
+ NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
+ NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
+ NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
+ NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
+ NOTE: not-for-us (Firefox on Windows)
CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
- TODO: check
-end claimed by micah
+ NOTE: not-for-us (CitrusDB)
CAN-2005-0228
NOTE: rejected
NOTE: apparently dup of CAN-2004-1388
@@ -825,10 +827,12 @@
NOTE: not-for-us (mod_dosevasive module for apache)
CAN-2005-0181
NOTE: reserved
+begin claimed by micah
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
TODO: check with kernel team
CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
TODO: check with kernel team
+end claimed by micah
CAN-2005-0178
NOTE: reserved
NOTE: see USN-82-1