[Git][security-tracker-team/security-tracker][master] Triage spice-xpi for Jessie.

Sun, 03 Mar 2019 12:49:56 -0800 

Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7f7eeaaf by Markus Koschany at 2019-03-03T20:48:40Z
Triage spice-xpi for Jessie.

This Firefox plugin does not work anymore with recent versions of Firefox. Not
used by any sponsor hence mark it as end-of-life.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -259011,6 +259011,7 @@ CVE-2011-1180 (Multiple stack-based buffer overflows 
in the ...)
        - linux-2.6 2.6.38-4
 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and 
possibly ...)
        - spice-xpi <removed>
+       [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2011-1178 (Multiple integer overflows in the load_image function in 
file-pcx.c in ...)
        - gimp 2.6.10-1
        NOTE: Likely fixed earlier, but only the squeeze version was checked
@@ -262992,6 +262993,7 @@ CVE-2011-0013 (Multiple cross-site scripting (XSS) 
vulnerabilities in the HTML .
        [lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and 
possibly ...)
        - spice-xpi <removed>
+       [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the 
password ...)
        {DSA-2230-1}
        - qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
@@ -267722,10 +267724,12 @@ CVE-2010-2795 (phpCAS before 1.1.2 allows remote 
authenticated users to hijack .
        - moodle 1.9.9.dfsg2-2 (bug #601384)
 CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local 
users ...)
        - spice-xpi <removed>
+       [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for 
Internet ...)
        NOT-FOR-US: SPICE plugin for Internet Explorer
 CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for 
Firefox ...)
        - spice-xpi <removed>
+       [jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on 
Unix, ...)
        - apache2 2.2.9-10 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the 
formatQuery ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f7eeaaf0f4f6f2bde168a3d515582ae6a716701

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f7eeaaf0f4f6f2bde168a3d515582ae6a716701
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to