[Git][security-tracker-team/security-tracker][master] Associate some ancient CVEs with spice-xpi

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
19f26ed6 by Salvatore Bonaccorso at 2019-02-16T09:04:49Z
Associate some ancient CVEs with spice-xpi

The package was removed from unstable already and pending for to be
removed as well in the 9.8 stretch point release.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -256119,7 +256119,7 @@ CVE-2011-1180 (Multiple stack-based buffer overflows in the ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4
 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
-	NOT-FOR-US: SPICE Firefox plug-in
+	- spice-xpi <removed>
 CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
 	- gimp 2.6.10-1
 	NOTE: Likely fixed earlier, but only the squeeze version was checked
@@ -260100,7 +260100,7 @@ CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML .
 	- tomcat6 6.0.28-10 (bug #612257)
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
-	NOT-FOR-US: SPICE Firefox plug-in
+	- spice-xpi <removed>
 CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password ...)
 	{DSA-2230-1}
 	- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
@@ -264830,11 +264830,11 @@ CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack .
 	NOTE: Only supported behind an authenticated HTTP zone
 	- moodle 1.9.9.dfsg2-2 (bug #601384)
 CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...)
-	NOT-FOR-US: SPICE plugin for Firefox
+	- spice-xpi <removed>
 CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet ...)
 	NOT-FOR-US: SPICE plugin for Internet Explorer
 CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...)
-	NOT-FOR-US: SPICE plugin for Firefox
+	- spice-xpi <removed>
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)
 	- apache2 2.2.9-10 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19f26ed605402160dd367d1edc9af6b7f0f3fd2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/19f26ed605402160dd367d1edc9af6b7f0f3fd2c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190216/59856111/attachment.html>