[Secure-testing-commits] r1419 - data/CAN

Sun, 17 Jul 2005 02:54:50 -0700 

Author: joeyh
Date: 2005-07-17 09:54:19 +0000 (Sun, 17 Jul 2005)
New Revision: 1419

Modified:
   data/CAN/list
Log:
various mozilla updates: thunderbird also affected by CAN-2005-2261
presumably these new set of holes cover the XXXX ones
javascript crasher only reproducible with mozilla in unstable


Modified: data/CAN/list
===================================================================
--- data/CAN/list       2005-07-17 09:46:07 UTC (rev 1418)
+++ data/CAN/list       2005-07-17 09:54:19 UTC (rev 1419)
@@ -35,7 +35,7 @@
        - mozilla-firefox 1.0.5-1 (medium)
 CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, and Mozilla 
before ...)
        - mozilla-firefox 1.0.5-1 (medium)
-       TODO: mozilla
+       TODO: mozilla, thunderbird
 CAN-2005-2260 (The browser user interface in Firefox before 1.0.5 and Mozilla 
before ...)
        - mozilla-firefox 1.0.5-1 (medium)
        TODO: mozilla
@@ -395,10 +395,6 @@
        - netpanzer (unfixed; bug #318329; medium)
 CAN-2005-XXXX [Missing input sanitising in affix's btsrv/btobex services]
        - affix 2.1.2-2 (medium)
-CAN-2000-XXXX [Multiple unfixed security issues in Mozillae]
-       - mozilla-firefox 1.0.5-1 (high)
-       - mozilla (unfixed; high)
-       - mozilla-thunderbird (unfixed; low)
 CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple 
USANet ...)
        NOTE: not-for-us (USANet)
 CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in 
Squito ...)
@@ -827,8 +823,9 @@
 CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to 
cause ...)
        NOTE: not-for-us (Soldier of Fortune)
 CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and 
...)
-       - mozilla-firefox (unfixed; low)
-       - mozilla (unfixed; low)
+       NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
+       NOTE: did work for mozilla
+       - mozilla-browser (unfixed; bug filed; low)
 CAN-2005-XXXX [XSS, SQL injection and other issues in Wordpress]
        - wordpress 1.5.1.3-1
 CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the 
XMLRPC ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to