Author: micah Date: 2005-02-17 19:44:44 +0100 (Thu, 17 Feb 2005) New Revision: 427 Modified: sarge-checks/CAN/list Log: Resolved two CAN TODOs, took another set Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-02-17 17:54:20 UTC (rev 426) +++ sarge-checks/CAN/list 2005-02-17 18:44:44 UTC (rev 427) @@ -724,13 +724,15 @@ - mozilla-firefox 1.0+dfsg.1-6 CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...) - mozilla-firefox 1.0+dfsg.1-6 -begin claimed by micah CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...) NOTE: I don''t know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link - TODO: check + NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers + NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser + NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF + NOTE: < vorlon> hacim: it''s specific to Windows, home to the dumbest interpreter on the planet. + NOTE: not-for-us (Firefox on Windows) CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...) - TODO: check -end claimed by micah + NOTE: not-for-us (CitrusDB) CAN-2005-0228 NOTE: rejected NOTE: apparently dup of CAN-2004-1388 @@ -825,10 +827,12 @@ NOTE: not-for-us (mod_dosevasive module for apache) CAN-2005-0181 NOTE: reserved +begin claimed by micah CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...) TODO: check with kernel team CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...) TODO: check with kernel team +end claimed by micah CAN-2005-0178 NOTE: reserved NOTE: see USN-82-1