[Secure-testing-commits] r2173 - data/DTSA/advs
Micah Anderson
micah at costa.debian.org
Sun Sep 25 01:28:54 UTC 2005
Author: micah
Date: 2005-09-25 01:28:53 +0000 (Sun, 25 Sep 2005)
New Revision: 2173
Added:
data/DTSA/advs/18-thunderbird.adv
Log:
Preparing DTSA-18 for thunderbird
Added: data/DTSA/advs/18-thunderbird.adv
===================================================================
--- data/DTSA/advs/18-thunderbird.adv 2005-09-25 01:26:27 UTC (rev 2172)
+++ data/DTSA/advs/18-thunderbird.adv 2005-09-25 01:28:53 UTC (rev 2173)
@@ -0,0 +1,23 @@
+source: xxx
+date: Bloptember 99th, 1990
+author: xxx
+vuln-type: multiple
+problem-scope: remote/local
+debian-specifc: yes/no
+cve: CAN-2005-0989, CAN-2005-1159
+vendor-advisory:
+testing-fix: xxx
+sid-fix: xxx
+upgrade: apt-get install xxx
+
+xxx multiline description here
+
+CAN-2005-0989
+ The find_replen function in the Javascript engine allows remote
+ attackers to read portions of heap memory in a Javascript string via
+ the lambda replace method.
+
+CAN-2005-1159
+ Native function implementations are not verified, causing Javascript
+ execution at improper memory addresses allowing denial of service and
+ potentially arbitrary code execution
More information about the Secure-testing-commits
mailing list