Secure testing commits - Mar 2005 - r693 - sarge-checks/CAN

Author: jmm-guest
Date: 2005-03-31 00:05:24 +0000 (Thu, 31 Mar 2005)
New Revision: 693

Modified:
   sarge-checks/CAN/list
Log:
Some of the Mozilla vulns affect Thunderbird as well.
Some not-for-us.


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-03-30 21:14:19 UTC (rev 692)
+++ sarge-checks/CAN/list	2005-03-31 00:05:24 UTC (rev 693)
@@ -28,9 +28,10 @@
 CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec
Norton ...)
 	TODO: check
 CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec
Norton ...)
+	NOTE: not-for-us (Lotus)
 	TODO: check
 CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows
local ...)
-	TODO: check
+	NOTE: not-for-us (Lotus)
 CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1
allow ...)
 	TODO: check
 CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to
inject ...)
@@ -1034,10 +1035,12 @@
 CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for
...)
 	- mozilla-firefox 1.0.1
 	- mozilla 2:1.7.6-1
+	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1)
security ...)
 	- mozilla-firefox 1.0.1
 CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1,
...)
 	- mozilla-firefox 1.0.1
+	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote
attackers ...)
 	- mozilla-firefox 1.0.1
 CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict
...)
@@ -1987,13 +1990,15 @@
 	- mozilla-firefox 1.0.2-1
 CAN-2005-0401 [Drag and drop loading of privileged XUL in Firefox]
 	- mozilla-firefox 1.0.2-1
+	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0400 [ext2 mkdir() directory entry random kernel memory leak]
 	NOTE: reserved
 	- kernel-source-2.4.27 (unfixed)
 	- kernel-source-2.6.8 2.6.8-16
 	NOTE: according to changelog, "Fix information leak in ext2."
-CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Firefox]
+CAN-2005-0399 [GIF heap overflow parsing Netscape extension 2 in Mozilla]
 	- mozilla-firefox 1.0.2-1
+	- mozilla-thunderbird 1.0.2-1
 CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote
...)
 	- racoon 1:0.5-5
 CAN-2005-0397 (Format string vulnerability in ImageMagick before 6.0.2.5 allows
...)