[Secure-testing-commits] r1419 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sun Jul 17 09:54:22 UTC 2005
Author: joeyh
Date: 2005-07-17 09:54:19 +0000 (Sun, 17 Jul 2005)
New Revision: 1419
Modified:
data/CAN/list
Log:
various mozilla updates: thunderbird also affected by CAN-2005-2261
presumably these new set of holes cover the XXXX ones
javascript crasher only reproducible with mozilla in unstable
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-07-17 09:46:07 UTC (rev 1418)
+++ data/CAN/list 2005-07-17 09:54:19 UTC (rev 1419)
@@ -35,7 +35,7 @@
- mozilla-firefox 1.0.5-1 (medium)
CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, and Mozilla before ...)
- mozilla-firefox 1.0.5-1 (medium)
- TODO: mozilla
+ TODO: mozilla, thunderbird
CAN-2005-2260 (The browser user interface in Firefox before 1.0.5 and Mozilla before ...)
- mozilla-firefox 1.0.5-1 (medium)
TODO: mozilla
@@ -395,10 +395,6 @@
- netpanzer (unfixed; bug #318329; medium)
CAN-2005-XXXX [Missing input sanitising in affix's btsrv/btobex services]
- affix 2.1.2-2 (medium)
-CAN-2000-XXXX [Multiple unfixed security issues in Mozillae]
- - mozilla-firefox 1.0.5-1 (high)
- - mozilla (unfixed; high)
- - mozilla-thunderbird (unfixed; low)
CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
NOTE: not-for-us (USANet)
CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
@@ -827,8 +823,9 @@
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
NOTE: not-for-us (Soldier of Fortune)
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
- - mozilla-firefox (unfixed; low)
- - mozilla (unfixed; low)
+ NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
+ NOTE: did work for mozilla
+ - mozilla-browser (unfixed; bug filed; low)
CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
- wordpress 1.5.1.3-1
CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
More information about the Secure-testing-commits
mailing list