Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
From: Vassilii Khachaturov <vassilii@tarunz.org>
Date: Mon, 23 Jul 2007 13:07:45 +0300 (IDT)
Message-id: <[🔎] Pine.LNX.4.44.0707231303570.23776-100000@stalker.iGuide.co.il>
In-reply-to: <20070722174328.GA4154@galadriel.inutil.org>

> CVE-2007-1282
>
>     It was discovered that an integer overflow in text/enhanced message
>     parsing allows the execution of arbitrary code.

Isn't text/enhanced long forgotten for good? It has never been formally
registered, btw, see http://www.iana.org/assignments/media-types/text . I
suggest the corresponding handler code should be removed (if the
maintainers can persuade their upstreams), to decrease
support burden, and the applications be thus falling back to text/plain .

VKh

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
Next by Date: BIND 9 security update
Previous by thread: Re: [SECURITY] [DSA 1336-1] New mozilla-firefox packages fix several vulnerabilities
Next by thread: BIND 9 security update
Index(es):
- Date
- Thread