Author: jmm-guest Date: 2005-09-21 09:16:01 +0000 (Wed, 21 Sep 2005) New Revision: 2069 Modified: data/CAN/list Log: firefox not directly affected due to wrapper script Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-21 08:53:12 UTC (rev 2068) +++ data/CAN/list 2005-09-21 09:16:01 UTC (rev 2069) @@ -1,5 +1,7 @@ CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell] - - mozilla-firefox (unfixed; high) + - mozilla-firefox (unfixed; unimportant) + NOTE: Can only be exploited if one executes /usr/lib/mozilla-firefox/firefox-bin + NOTE: instead of the wrapper; fix included in 1.0.7 CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby] - ruby1.6 1.6.8-13 (unknown) - ruby1.8 1.8.3-1 (unknown)