[Secure-testing-commits] r693 - sarge-checks/CAN
Moritz Muehlenhoff
jmm-guest@costa.debian.org
Thu, 31 Mar 2005 00:05:27 +0000
Author: jmm-guest
Date: 2005-03-31 00:05:24 +0000 (Thu, 31 Mar 2005)
New Revision: 693
Modified:
sarge-checks/CAN/list
Log:
Some of the Mozilla vulns affect Thunderbird as well.
Some not-for-us.
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2005-03-30 21:14:19 UTC (rev 692)
+++ sarge-checks/CAN/list 2005-03-31 00:05:24 UTC (rev 693)
@@ -28,9 +28,10 @@
CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
TODO: check
CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
+ NOTE: not-for-us (Lotus)
TODO: check
CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
- TODO: check
+ NOTE: not-for-us (Lotus)
CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
TODO: check
CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
@@ -1034,10 +1035,12 @@
CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
- mozilla-firefox 1.0.1
- mozilla 2:1.7.6-1
+ - mozilla-thunderbird 1.0.2-1
CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
- mozilla-firefox 1.0.1
CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
- mozilla-firefox 1.0.1
+ - mozilla-thunderbird 1.0.2-1
CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
- mozilla-firefox 1.0.1
CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
@@ -1987,13 +1990,15 @@
- mozilla-firefox 1.0.2-1
CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
- mozilla-firefox 1.0.2-1
+ - mozilla-thunderbird 1.0.2-1
CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
NOTE: reserved
- kernel-source-2.4.27 (unfixed)
- kernel-source-2.6.8 2.6.8-16
NOTE: according to changelog, "Fix information leak in ext2."
-CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox]
+CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla]
- mozilla-firefox 1.0.2-1
+ - mozilla-thunderbird 1.0.2-1
CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
- racoon 1:0.5-5
CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows ...)