[Git][security-tracker-team/security-tracker][master] Triage spice-xpi for Jessie.

[Markus Koschany]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f7eeaaf by Markus Koschany at 2019-03-03T20:48:40Z
Triage spice-xpi for Jessie.

This Firefox plugin does not work anymore with recent versions of Firefox. Not
used by any sponsor hence mark it as end-of-life.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -259011,6 +259011,7 @@ CVE-2011-1180 (Multiple stack-based buffer overflows in the ...)
 	- linux-2.6 2.6.38-4
 CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
 	- spice-xpi <removed>
+	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
 	- gimp 2.6.10-1
 	NOTE: Likely fixed earlier, but only the squeeze version was checked
@@ -262992,6 +262993,7 @@ CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML .
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
 	- spice-xpi <removed>
+	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password ...)
 	{DSA-2230-1}
 	- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
@@ -267722,10 +267724,12 @@ CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack .
 	- moodle 1.9.9.dfsg2-2 (bug #601384)
 CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...)
 	- spice-xpi <removed>
+	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet ...)
 	NOT-FOR-US: SPICE plugin for Internet Explorer
 CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...)
 	- spice-xpi <removed>
+	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)
 	- apache2 2.2.9-10 (low)
 CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f7eeaaf0f4f6f2bde168a3d515582ae6a716701

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7f7eeaaf0f4f6f2bde168a3d515582ae6a716701
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190303/0b737e19/attachment.html>