Author: jmm-guest Date: 2005-09-21 09:31:54 +0000 (Wed, 21 Sep 2005) New Revision: 2070 Modified: data/CAN/list Log: firefox not-affected Modified: data/CAN/list ==================================================================--- data/CAN/list 2005-09-21 09:16:01 UTC (rev 2069) +++ data/CAN/list 2005-09-21 09:31:54 UTC (rev 2070) @@ -1,7 +1,5 @@ CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell] - - mozilla-firefox (unfixed; unimportant) - NOTE: Can only be exploited if one executes /usr/lib/mozilla-firefox/firefox-bin - NOTE: instead of the wrapper; fix included in 1.0.7 + - mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script) CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby] - ruby1.6 1.6.8-13 (unknown) - ruby1.8 1.8.3-1 (unknown)