Hi, * Hideki Yamane <[email protected]> [2010-08-11 17:04]: > http://security-tracker.debian.org/tracker/CVE-2009-2408 > > >icedove (PTS) > > squeeze 3.0.5-1 vulnerable > > sid 3.0.6-1 vulnerable > > experimental 3.1-1 vulnerable > > However, this vulnerability are in "Mozilla Network Security Services > (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, > and SeaMonkey before 1.1.18 " > > It does not match above versions.
You can't trust these versions by mitre, usually those are only known versions to be affected but that doesn't necessary exclude other versions. Sometimes the versions are also incorrect. To sum up, check the code :) Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpuFGF8Qj0G0.pgp
Description: PGP signature
