Secure testing commits - Sep 2005 - r2112 - data/CAN

Author: jmm-guest
Date: 2005-09-22 22:27:15 +0000 (Thu, 22 Sep 2005)
New Revision: 2112

Modified:
   data/CAN/list
Log:
lots of really ugly firefox vulnerabilities


Modified: data/CAN/list
==================================================================---
data/CAN/list	2005-09-22 21:54:46 UTC (rev 2111)
+++ data/CAN/list	2005-09-22 22:27:15 UTC (rev 2112)
@@ -108,9 +108,6 @@
 CAN-2005-2992 [Another arc tempfile issue]
 	NOTE: reserved
 	- arc 5.21m-1 (low)
-CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the
shell]
-	- mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
-	- mozilla-thunderbird (unfixed; bug #329667; high)
 CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
 	- ruby1.6 1.6.8-13 (medium)
 	- ruby1.8 1.8.3-1 (medium)
@@ -162,7 +159,9 @@
 CAN-2005-2969
 	NOTE: reserved
 CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute
arbitrary ...)
-	TODO: check
+	- mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
+	- mozilla not-affected (Debian ships a non-vulnerable wrapper script)
+	- mozilla-thunderbird (unfixed; bug #329667; high)
 CAN-2005-2967
 	NOTE: reserved
 CAN-2005-2966
@@ -712,20 +711,27 @@
 	NOTE: reserved
 CAN-2005-2708
 	NOTE: reserved
-CAN-2005-2707
+CAN-2005-2707 [Firefox: Spoofing through clever construction of windows/tabs]
 	NOTE: reserved
-CAN-2005-2706
+	- mozilla-firefox (unfixed; bug filed; medium)
+CAN-2005-2706 [Firefox: Javascript execution with chrome privileges through
about: subcommand]
 	NOTE: reserved
-CAN-2005-2705
+	- mozilla-firefox (unfixed; bug filed; high)
+CAN-2005-2705 [Firefox: Integer overflow in Javascript engine]
 	NOTE: reserved
-CAN-2005-2704
+	- mozilla-firefox (unfixed; bug filed; high)
+CAN-2005-2704 [Firefox: Incorrect chrome/javascript permission handling]
 	NOTE: reserved
-CAN-2005-2703
+	- mozilla-firefox (unfixed; bug filed; medium)
+CAN-2005-2703 [Firefox: Incorrect passing of XMLHttp requests]
 	NOTE: reserved
-CAN-2005-2702
+	- mozilla-firefox (unfixed; bug filed; medium)
+CAN-2005-2702 [Firefox: Arbitrary code execution through crafted Unicode
sequences]
 	NOTE: reserved
-CAN-2005-2701
+	- mozilla-firefox (unfixed; bug filed; high)
+CAN-2005-2701 [Firefox: Arbitrary code execution through crafted XBM through
unspecified vuln]
 	NOTE: reserved
+	- mozilla-firefox (unfixed; bug filed; medium)
 CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
 	{DSA-807-1 DSA-805-1}
 	- libapache-mod-ssl 2.8.24-1 (medium)