Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
19f26ed6 by Salvatore Bonaccorso at 2019-02-16T09:04:49Z
Associate some ancient CVEs with spice-xpi
The package was removed from unstable already and pending for to be
removed as well in the 9.8 stretch point release.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -256119,7 +256119,7 @@ CVE-2011-1180 (Multiple stack-based buffer overflows
in the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and
possibly ...)
- NOT-FOR-US: SPICE Firefox plug-in
+ - spice-xpi <removed>
CVE-2011-1178 (Multiple integer overflows in the load_image function in
file-pcx.c in ...)
- gimp 2.6.10-1
NOTE: Likely fixed earlier, but only the squeeze version was checked
@@ -260100,7 +260100,7 @@ CVE-2011-0013 (Multiple cross-site scripting (XSS)
vulnerabilities in the HTML .
- tomcat6 6.0.28-10 (bug #612257)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and
possibly ...)
- NOT-FOR-US: SPICE Firefox plug-in
+ - spice-xpi <removed>
CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the
password ...)
{DSA-2230-1}
- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
@@ -264830,11 +264830,11 @@ CVE-2010-2795 (phpCAS before 1.1.2 allows remote
authenticated users to hijack .
NOTE: Only supported behind an authenticated HTTP zone
- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local
users ...)
- NOT-FOR-US: SPICE plugin for Firefox
+ - spice-xpi <removed>
CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for
Internet ...)
NOT-FOR-US: SPICE plugin for Internet Explorer
CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for
Firefox ...)
- NOT-FOR-US: SPICE plugin for Firefox
+ - spice-xpi <removed>
CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on
Unix, ...)
- apache2 2.2.9-10 (low)
CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the
formatQuery ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19f26ed605402160dd367d1edc9af6b7f0f3fd2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/19f26ed605402160dd367d1edc9af6b7f0f3fd2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
