Test ID:	1.3.6.1.4.1.25623.1.0.71341
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2464-1 (icedove)
Summary:	The remote host is missing an update to icedove announced via advisory DSA 2464-1.;; This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2464)' (OID: 1.3.6.1.4.1.25623.1.0.71343).
Description:	Summary: The remote host is missing an update to icedove announced via advisory DSA 2464-1. This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-2464)' (OID: 1.3.6.1.4.1.25623.1.0.71343). Vulnerability Insight: Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client. CVE-2012-0467 Bob Clary, Christian Holler, Brian Hackett, Bobby Holley, Gary Kwong, Hilary Hall, Honza Bambas, Jesse Ruderman, Julian Seward, and Olli Pettay discovered memory corruption bugs, which may lead to the execution of arbitrary code. CVE-2012-0470 Atte Kettunen discovered that a memory corruption bug in gfxImageSurface may lead to the execution of arbitrary code. CVE-2012-0471 Anne van Kesteren discovered that incorrect multibyte octet decoding may lead to cross-site scripting. CVE-2012-0477 Masato Kinugawa discovered that incorrect encoding of Korean and Chinese character sets may lead to cross-site scripting. CVE-2012-0479 Jeroen van der Gun discovered a spoofing vulnerability in the presentation of Atom and RSS feeds over HTTPS. For the stable distribution (squeeze), this problem has been fixed in version 3.0.11-1+squeeze9. For the unstable distribution (sid), this problem will be fixed soon. Solution: We recommend that you upgrade your icedove packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0467 BugTraq ID: 53223 http://www.securityfocus.com/bid/53223 Debian Security Information: DSA-2457 (Google Search) http://www.debian.org/security/2012/dsa-2457 Debian Security Information: DSA-2458 (Google Search) http://www.debian.org/security/2012/dsa-2458 Debian Security Information: DSA-2464 (Google Search) http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17074 http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 Common Vulnerability Exposure (CVE) ID: CVE-2012-0470 BugTraq ID: 53225 http://www.securityfocus.com/bid/53225 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16989 Common Vulnerability Exposure (CVE) ID: CVE-2012-0471 BugTraq ID: 53219 http://www.securityfocus.com/bid/53219 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961 Common Vulnerability Exposure (CVE) ID: CVE-2012-0477 BugTraq ID: 53229 http://www.securityfocus.com/bid/53229 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889 XForce ISS Database: firefox-iso2022kr-xss(75154) https://exchange.xforce.ibmcloud.com/vulnerabilities/75154 Common Vulnerability Exposure (CVE) ID: CVE-2012-0479 BugTraq ID: 53224 http://www.securityfocus.com/bid/53224 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17011 XForce ISS Database: firefox-rss-spoofing(75156) https://exchange.xforce.ibmcloud.com/vulnerabilities/75156
Copyright	Copyright (C) 2012 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.