[Secure-testing-commits] r2069 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Sep 21 09:16:04 UTC 2005
Author: jmm-guest
Date: 2005-09-21 09:16:01 +0000 (Wed, 21 Sep 2005)
New Revision: 2069
Modified:
data/CAN/list
Log:
firefox not directly affected due to wrapper script
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-21 08:53:12 UTC (rev 2068)
+++ data/CAN/list 2005-09-21 09:16:01 UTC (rev 2069)
@@ -1,5 +1,7 @@
CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
- - mozilla-firefox (unfixed; high)
+ - mozilla-firefox (unfixed; unimportant)
+ NOTE: Can only be exploited if one executes /usr/lib/mozilla-firefox/firefox-bin
+ NOTE: instead of the wrapper; fix included in 1.0.7
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (unknown)
- ruby1.8 1.8.3-1 (unknown)
More information about the Secure-testing-commits
mailing list