[Secure-testing-commits] r2070 - data/CAN
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Sep 21 09:31:57 UTC 2005
Author: jmm-guest
Date: 2005-09-21 09:31:54 +0000 (Wed, 21 Sep 2005)
New Revision: 2070
Modified:
data/CAN/list
Log:
firefox not-affected
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-21 09:16:01 UTC (rev 2069)
+++ data/CAN/list 2005-09-21 09:31:54 UTC (rev 2070)
@@ -1,7 +1,5 @@
CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
- - mozilla-firefox (unfixed; unimportant)
- NOTE: Can only be exploited if one executes /usr/lib/mozilla-firefox/firefox-bin
- NOTE: instead of the wrapper; fix included in 1.0.7
+ - mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (unknown)
- ruby1.8 1.8.3-1 (unknown)
More information about the Secure-testing-commits
mailing list