path: root/security/vuxml/vuln-2011.xml

  <vuln vid="810df820-3664-11e1-8fe3-00215c6a37bb">
    <topic>WordPress -- cross site scripting vulnerability</topic>
    <affects>
      <package>
	<name>wordpress</name>
	<range><lt>3.3.1,1</lt></range>
      </package>
      <package>
	<name>de-wordpress</name>
	<name>zh-wordpress-zh_CN</name>
	<name>zh-wordpress-zh_TW</name>
	<range><lt>3.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>WordPress development team reports:</p>
	<blockquote cite="http://wordpress.org/news/2012/01/wordpress-3-3-1/">
	  <p>WordPress 3.3.1 is now available.  This maintenance release
	    fixes 15 issues with WordPress 3.3, as well as a fix for a
	    cross-site scripting vulnerability that affected version 3.3.
	    Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and
	    the Go Daddy security team for responsibly disclosing the bug
	    to our security team.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312</url>
    </references>
    <dates>
      <discovery>2012-01-03</discovery>
      <entry>2012-01-03</entry>
    </dates>
  </vuln>

  <vuln vid="048c77df-3211-11e1-9583-14dae938ec40">
    <topic>zabbix-frontend -- multiple XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>zabbix-frontend</name>
	<range><lt>1.8.10,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Martina Matari reports:</p>
	<blockquote cite="https://support.zabbix.com/browse/ZBX-4015">
	  <p>These URLs (hostgroups.php, usergrps.php) are vulnerable to
	     persistent XSS attacks due to improper sanitation of gname
	     variable when creating user and host groups.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://support.zabbix.com/browse/ZBX-4015</url>
    </references>
    <dates>
      <discovery>2011-08-04</discovery>
      <entry>2011-12-29</entry>
    </dates>
  </vuln>

  <vuln vid="c6521b04-314b-11e1-9cf4-5404a67eef98">
    <topic>lighttpd -- remote DoS in HTTP authentication</topic>
    <affects>
      <package>
	<name>lighttpd</name>
	<range><lt>1.4.30</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>US-CERT/NIST reports:</p>
	<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4362">
	  <p>Integer signedness error in the base64_decode function in the
	    HTTP authentication functionality (http_auth.c) in lighttpd 1.4
	    before 1.4.30 and 1.5 before SVN revision 2806 allows remote
	    attackers to cause a denial of service (segmentation fault)
	    via crafted base64 input that triggers an out-of-bounds read
	    with a negative index.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-4362</cvename>
    </references>
    <dates>
      <discovery>2011-11-29</discovery>
      <entry>2011-12-28</entry>
    </dates>
  </vuln>

  <vuln vid="4ddc78dc-300a-11e1-a2aa-0016ce01e285">
    <topic>krb5-appl -- telnetd code execution vulnerability</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>7.3</ge><lt>7.3_9</lt></range>
	<range><ge>7.4</ge><lt>7.4_5</lt></range>
	<range><ge>8.1</ge><lt>8.1_7</lt></range>
	<range><ge>8.2</ge><lt>8.2_5</lt></range>
      </package>
      <package>
	<name>krb5-appl</name>
	<range><lt>1.0.2_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MIT Kerberos Team reports:</p>
	<blockquote cite="http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc">
	  <p>When an encryption key is supplied via the TELNET protocol,
	    its length is not validated before the key is copied into a
	    fixed-size buffer. Also see MITKRB5-SA-2011-008.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdsa>SA-11:08.telnetd</freebsdsa>
      <cvename>CVE-2011-4862</cvename>
      <url>http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc</url>
      <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt</url>
    </references>
    <dates>
      <discovery>2011-12-23</discovery>
      <entry>2011-12-26</entry>
      <modified>2012-01-29</modified>
    </dates>
  </vuln>

  <vuln vid="022a4c77-2da4-11e1-b356-00215c6a37bb">
    <topic>proftpd -- arbitrary code execution vulnerability with chroot</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>7.3</ge><lt>7.3_9</lt></range>
	<range><ge>7.4</ge><lt>7.4_5</lt></range>
	<range><ge>8.1</ge><lt>8.1_6</lt></range>
	<range><ge>8.2</ge><lt>8.2_5</lt></range>
      </package>
      <package>
	<name>proftpd</name>
	<name>proftpd-mysql</name>
	<range><lt>1.3.3g_1</lt></range>
      </package>
      <package>
	<name>proftpd-devel</name>
	<range><lt>1.3.3.r4_3,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:</p>
	<blockquote cite="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc">
	  <p>If ftpd is configured to place a user in a chroot environment,
	    then an attacker who can log in as that user may be able to run
	    arbitrary code(...).</p>
	</blockquote>
	<p>Proftpd shares the same problem of a similar nature.</p>
      </body>
    </description>
    <references>
      <freebsdsa>SA-11:07.chroot</freebsdsa>
      <url>http://seclists.org/fulldisclosure/2011/Nov/452</url>
    </references>
    <dates>
      <discovery>2011-11-30</discovery>
      <entry>2011-12-23</entry>
      <modified>2012-01-29</modified>
    </dates>
  </vuln>

  <vuln vid="8c83145d-2c95-11e1-89b4-001ec9578670">
    <topic>phpMyAdmin -- Multiple XSS</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><gt>3.4</gt><lt>3.4.9.r1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php">
	  <p>Using crafted url parameters, it was possible to produce XSS on
	    the export panels in the server, database and table sections.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php">
	  <p>Crafted values entered in the setup interface can produce XSS;
	    also, if the config directory exists and is writeable, the XSS
	    payload can be saved to this directory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4780</cvename>
      <cvename>CVE-2011-4782</cvename>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php</url>
    </references>
    <dates>
      <discovery>2011-12-16</discovery>
      <entry>2011-12-22</entry>
    </dates>
  </vuln>

  <vuln vid="e3ff776b-2ba6-11e1-93c6-0011856a6e37">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>4.0,1</gt><lt>9.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>9.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.6</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>9.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.6</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><gt>4.0</gt><lt>9.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</p>
	  <p>MFSA 2011-54 Potentially exploitable crash in the YARR regular
	    expression library</p>
	  <p>MFSA 2011-55 nsSVGValue out-of-bounds access</p>
	  <p>MFSA 2011-56 Key detection without JavaScript via SVG
	    animation</p>
	  <p>MFSA 2011-58 Crash scaling video to extreme sizes</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-3658</cvename>
	<cvename>CVE-2011-3660</cvename>
	<cvename>CVE-2011-3661</cvename>
	<cvename>CVE-2011-3663</cvename>
	<cvename>CVE-2011-3665</cvename>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-53.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-54.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-55.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-56.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-58.html</url>
    </references>
    <dates>
      <discovery>2011-12-20</discovery>
      <entry>2011-12-21</entry>
      <modified>2011-12-21</modified>
    </dates>
  </vuln>

  <vuln vid="7ba65bfd-2a40-11e1-b96e-00215af774f0">
    <topic>unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><lt>1.4.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Unbound developer reports:</p>
	<blockquote cite="http://www.unbound.net/downloads/CVE-2011-4528.txt">
	  <p>Unbound crashes when confronted with a non-standard response
	    from a server for a domain.  This domain produces duplicate RRs
	    from a certain type and is DNSSEC signed.  Unbound also crashes
	    when confronted with a query that eventually, and under specific
	    circumstances, resolves to a domain that misses expected NSEC3
	    records.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4528</cvename>
      <url>http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt</url>
    </references>
    <dates>
      <discovery>2011-12-19</discovery>
      <entry>2011-12-19</entry>
    </dates>
  </vuln>

  <vuln vid="3c957a3e-2978-11e1-89b4-001ec9578670">
    <topic>typo3 -- Remote Code Execution</topic>
    <affects>
      <package>
	<name>typo3</name>
	<range><ge>4.6</ge><lt>4.6.2</lt></range>
	<range><lt>4.5.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The typo3 security team reports:</p>
	<blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/">
	  <p>A crafted request to a vulnerable TYPO3 installation will allow
	    an attacker to load PHP code from an external source and to
	    execute it on the TYPO3 installation.</p>
	  <p>This is caused by a PHP file, which is part of the workspaces
	    system extension, that does not validate passed arguments.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4614</cvename>
      <url>http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/</url>
    </references>
    <dates>
      <discovery>2011-12-16</discovery>
      <entry>2011-12-18</entry>
    </dates>
  </vuln>

  <vuln vid="6c7d9a35-2608-11e1-89b4-001ec9578670">
    <topic>krb5 -- KDC null pointer dereference in TGS handling</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><ge>1.9</ge><lt>1.9.2_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MIT Kerberos Team reports:</p>
	<blockquote cite="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt">
	  <p>In releases krb5-1.9 and later, the KDC can crash due to a NULL
	    pointer dereference in code that handles TGS (Ticket Granting
	    Service) requests.  The trigger condition is trivial to produce
	    using unmodified client software, but requires the ability to
	    authenticate as a principal in the KDC's realm.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1530</cvename>
      <url>http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt</url>
    </references>
    <dates>
      <discovery>2011-12-11</discovery>
      <entry>2011-12-14</entry>
    </dates>
  </vuln>

  <vuln vid="a4a809d8-25c8-11e1-b531-00215c6a37bb">
    <topic>opera -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>opera</name>
	<name>linux-opera</name>
	<range><lt>11.60</lt></range>
      </package>
      <package>
	<name>opera-devel</name>
	<range><lt>11.60,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Opera software reports:</p>
	<blockquote cite="http://www.opera.com/docs/changelogs/unix/1160/">
	  <ul>
	    <li>Fixed a moderately severe issue; details will be
	      disclosed at a later date</li>
	    <li>Fixed an issue that could allow pages to set cookies
	      or communicate cross-site for some top level domains;
	      see our <a href="http://www.opera.com/support/kb/view/1003/">advisory</a></li>
	    <li>Improved handling of certificate revocation corner
	      cases</li>
	    <li>Added a fix for a weakness in the SSL v3.0 and TLS 1.0
	      specifications, as reported by Thai Duong and Juliano Rizzo;
	      see our <a href="http://www.opera.com/support/kb/view/1004/">advisory</a></li>
	    <li>Fixed an issue where the JavaScript "in" operator
	      allowed leakage of cross-domain information, as reported
	      by David Bloom; see our <a href="http://www.opera.com/support/kb/view/1005/">advisory</a></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3389</cvename>
      <cvename>CVE-2011-4681</cvename>
      <cvename>CVE-2011-4682</cvename>
      <cvename>CVE-2011-4683</cvename>
      <url>http://www.opera.com/support/kb/view/1003/</url>
      <url>http://www.opera.com/support/kb/view/1004/</url>
      <url>http://www.opera.com/support/kb/view/1005/</url>
    </references>
    <dates>
      <discovery>2011-12-06</discovery>
      <entry>2011-12-13</entry>
    </dates>
  </vuln>

  <vuln vid="bbd5f486-24f1-11e1-95bc-080027ef73ec">
    <topic>PuTTY -- Password vulnerability</topic>
    <affects>
      <package>
	<name>putty</name>
	<range><ge>0.59</ge><lt>0.62</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Tatham reports:</p>
	<blockquote cite="http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html">
	  <p>PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61.
	    If you log in using SSH-2 keyboard-interactive authentication
	    (which is the usual method used by modern servers to request a
	    password), the password you type was accidentally kept in PuTTY's
	    memory for the rest of its run, where it could be retrieved by
	    other processes reading PuTTY's memory, or written out to swap
	    files or crash dumps.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4607</cvename>
      <mlist>http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html</mlist>
      <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html</url>
    </references>
    <dates>
      <discovery>2011-12-10</discovery>
      <entry>2011-12-12</entry>
      <modified>2013-08-07</modified>
    </dates>
  </vuln>

  <vuln vid="bb389137-21fb-11e1-89b4-001ec9578670">
    <topic>asterisk -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><lt>1.8.7.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><lt>1.6.2.21</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Asterisk project reports:</p>
	<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-013.html">
	  <p>It is possible to enumerate SIP usernames when the general and
	    user/peer NAT settings differ in whether to respond to the port
	    a request is sent from or the port listed for responses in the
	    Via header.</p>
	</blockquote>
	<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-014.html">
	  <p>When the "automon" feature is enabled in features.conf, it is
	    possible to send a sequence of SIP requests that cause Asterisk
	    to dereference a NULL pointer and crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4597</cvename>
      <cvename>CVE-2011-4598</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-013.html</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-014.html</url>
    </references>
    <dates>
      <discovery>2011-12-08</discovery>
      <entry>2011-12-09</entry>
    </dates>
  </vuln>

  <vuln vid="93be487e-211f-11e1-89b4-001ec9578670">
    <topic>isc-dhcp-server -- Remote DoS</topic>
    <affects>
      <package>
	<name>isc-dhcp42-server</name>
	<range><lt>4.2.3_1</lt></range>
      </package>
      <package>
	<name>isc-dhcp41-server</name>
	<range><lt>4.1.e_3,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-4539">
	  <p>A bug exists which allows an attacker who is able to send DHCP
	    Request packets, either directly or through a relay, to remotely
	    crash an ISC DHCP server if that server is configured to evaluate
	    expressions using a regular expression (i.e. uses the "~=" or
	    "~~" comparison operators).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4539</cvename>
    </references>
    <dates>
      <discovery>2011-12-07</discovery>
      <entry>2011-12-07</entry>
    </dates>
  </vuln>

  <vuln vid="ed536336-1c57-11e1-86f4-e0cb4e266481">
    <topic>phpMyAdmin -- Multiple XSS</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><gt>3.4</gt><lt>3.4.8.r1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php">
	  <p>Using crafted database names, it was possible to produce XSS
	    in the Database Synchronize and Database rename panels.  Using
	    an invalid and crafted SQL query, it was possible to produce
	    XSS when editing a query on a table overview panel or when
	    using the view creation dialog.  Using a crafted column type,
	    it was possible to produce XSS in the table search and create
	    index dialogs.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4634</cvename>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php</url>
    </references>
    <dates>
      <discovery>2011-11-24</discovery>
      <entry>2011-12-01</entry>
    </dates>
  </vuln>

  <vuln vid="eef56761-11eb-11e1-bb94-001c140104d4">
    <topic>hiawatha -- memory leak in PreventSQLi routine</topic>
    <affects>
      <package>
	<name>hiawatha</name>
	<range><ge>7.6</ge><lt>7.8.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hugo Leisink reports via private mail to maintainer:</p>
	<blockquote>
	  <p>The memory leak was introduced in version 7.6.  It is in the
	    routing that checks for SQL injections.  So, if you have set
	    PreventSQLi to 'no', there is no problem.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.hiawatha-webserver.org/changelog</url>
    </references>
    <dates>
      <discovery>2011-11-18</discovery>
      <entry>2011-11-18</entry>
    </dates>
  </vuln>

  <vuln vid="90cc1494-10ac-11e1-b3ec-0024e830109b">
    <topic>BIND -- Remote DOS</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>7.3</ge><lt>7.3_9</lt></range>
	<range><ge>7.4</ge><lt>7.4_5</lt></range>
	<range><ge>8.1</ge><lt>8.1_7</lt></range>
	<range><ge>8.2</ge><lt>8.2_5</lt></range>
      </package>
      <package>
	<name>bind96</name>
	<range><lt>9.6.3.1.ESV.R5.1</lt></range>
      </package>
      <package>
	<name>bind97</name>
	<range><lt>9.7.4.1</lt></range>
      </package>
      <package>
	<name>bind98</name>
	<range><lt>9.8.1.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Internet Systems Consortium reports:</p>
	<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-4313">
	  <p>Organizations across the Internet reported crashes interrupting
	    service on BIND 9 nameservers performing recursive queries.
	    Affected servers crashed after logging an error in query.c with
	    the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))"
	    Multiple versions were reported being affected, including all
	    currently supported release versions of ISC BIND 9.</p>
	  <p>Because it may be possible to trigger this bug even on networks
	    that do not allow untrusted users to access the recursive name
	    servers (perhaps via specially crafted e-mail messages, and/or
	    malicious web sites) it is recommended that ALL operators of
	    recursive name servers upgrade immediately.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<freebsdsa>SA-11:06.bind</freebsdsa>
	<cvename>CVE-2011-4313</cvename>
	<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313</url>
	<url>https://www.isc.org/software/bind/advisories/cve-2011-4313</url>
    </references>
    <dates>
      <discovery>2011-11-16</discovery>
      <entry>2011-11-16</entry>
      <modified>2012-01-29</modified>
    </dates>
  </vuln>

  <vuln vid="d8c901ff-0f0f-11e1-902b-20cf30e32f6d">
    <topic>Apache 1.3 -- mod_proxy reverse proxy exposure</topic>
    <affects>
      <package>
	<name>apache</name>
	<range><lt>1.3.43</lt></range>
      </package>
      <package>
	<name>apache+ssl</name>
	<range><lt>1.3.43.1.59_2</lt></range>
      </package>
      <package>
	<name>apache+ipv6</name>
	<range><lt>1.3.43</lt></range>
      </package>
      <package>
	<name>apache+mod_perl</name>
	<range><lt>1.3.43</lt></range>
      </package>
      <package>
	<name>apache+mod_ssl</name>
	<range><lt>1.3.41+2.8.31_4</lt></range>
      </package>
      <package>
	<name>apache+mod_ssl+ipv6</name>
	<range><lt>1.3.41+2.8.31_4</lt></range>
      </package>
      <package>
	<name>ru-apache-1.3</name>
	<range><lt>1.3.43+30.23_1</lt></range>
      </package>
      <package>
	<name>ru-apache+mod_ssl</name>
	<range><lt>1.3.43+30.23_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache HTTP server project reports:</p>
	<blockquote cite="http://httpd.apache.org/security/vulnerabilities_13.html">
	  <p>An exposure was found when using mod_proxy in reverse proxy mode.
	    In certain configurations using RewriteRule with proxy flag, a
	    remote attacker could cause the reverse proxy to connect to an
	    arbitrary server, possibly disclosing sensitive information from
	    internal web servers not directly accessible to attacker.  There
	    is no patch against this issue!</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-3368</cvename>
	<url>http://httpd.apache.org/security/vulnerabilities_13.html</url>
	<url>http://seclists.org/fulldisclosure/2011/Oct/232</url>
    </references>
    <dates>
      <discovery>2011-10-05</discovery>
      <entry>2011-11-14</entry>
    </dates>
  </vuln>

  <vuln vid="7fb9e739-0e6d-11e1-87cd-00235a5f2c9a">
    <topic>kdeutils4 -- Directory traversal vulnerability</topic>
    <affects>
      <package>
	<name>kdeutils</name>
	<range><ge>4.0.*</ge><lt>4.7.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Brown from Nth Dimention reports:</p>
	<blockquote cite="http://seclists.org/fulldisclosure/2011/Oct/351">
	  <p>I recently discovered that the Ark archiving tool is vulnerable
	    to directory traversal via malformed.  When attempts are made to
	    view files within the malformed Zip file in Ark's default view,
	    the wrong file may be displayed due to incorrect construction of
	    the temporary file name.  Whilst this does not allow the wrong
	    file to be overwritten, after closing the default view, Ark will
	    then attempt to delete the temporary file which could result in
	    the deletion of the incorrect file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2725</cvename>
      <url>http://seclists.org/fulldisclosure/2011/Oct/351</url>
    </references>
    <dates>
      <discovery>2011-10-19</discovery>
      <entry>2011-11-14</entry>
    </dates>
  </vuln>

  <vuln vid="38560d79-0e42-11e1-902b-20cf30e32f6d">
    <topic>Apache APR -- DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>apr0</name>
	<range><lt>0.9.20.0.9.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Portable Runtime Project reports:</p>
	<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-0.9">
	  <p>Reimplement apr_fnmatch() from scratch using a non-recursive
	    algorithm; now has improved compliance with the fnmatch()
	    spec.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0419</cvename>
      <url>http://www.apache.org/dist/apr/Announcement0.9.html</url>
    </references>
    <dates>
      <discovery>2011-05-19</discovery>
      <entry>2011-11-13</entry>
    </dates>
  </vuln>

  <vuln vid="1f6ee708-0d22-11e1-b5bd-14dae938ec40">
    <topic>phpmyadmin -- Local file inclusion</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><gt>3.4</gt><lt>3.4.7.1</lt></range>
	<range><lt>3.3.10.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jan Lieskovsky reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php">
	  <p>Importing a specially-crafted XML file which contains an XML
	    entity injection permits to retrieve a local file (limited by the
	    privileges of the user running the web server).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4107</cvename>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php</url>
    </references>
    <dates>
      <discovery>2011-11-10</discovery>
      <entry>2011-11-12</entry>
    </dates>
  </vuln>

  <vuln vid="0e8e1212-0ce5-11e1-849b-003067b2972c">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r183.11</lt></range>
	<range><gt>11</gt><lt>11.1r102.55</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-28.html">
	  <p>Critical vulnerabilities have been identified in Adobe Flash
	    Player 11.0.1.152 and earlier versions for Windows, Macintosh,
	    Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier
	    versions for Android.</p>
	</blockquote>
	<p>In addition a patch was released for users of flash10.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2445</cvename>
      <cvename>CVE-2011-2450</cvename>
      <cvename>CVE-2011-2451</cvename>
      <cvename>CVE-2011-2452</cvename>
      <cvename>CVE-2011-2453</cvename>
      <cvename>CVE-2011-2454</cvename>
      <cvename>CVE-2011-2455</cvename>
      <cvename>CVE-2011-2456</cvename>
      <cvename>CVE-2011-2457</cvename>
      <cvename>CVE-2011-2458</cvename>
      <cvename>CVE-2011-2459</cvename>
      <cvename>CVE-2011-2460</cvename>
      <url>https://www.adobe.com/support/security/bulletins/apsb11-28.html</url>
    </references>
    <dates>
      <discovery>2011-11-10</discovery>
      <entry>2011-11-11</entry>
    </dates>
  </vuln>

  <vuln vid="7be92050-a450-11e2-9898-001060e06fd4">
    <topic>libxml -- Integer overflow</topic>
    <affects>
      <package>
	<name>libxml</name>
	<range><lt>1.8.17_5</lt></range>
      </package>
      <package>
	<name>libxml2</name>
	<name>linux-f10-libxml2</name>
	<range><lt>2.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Integer overflow in xpath.c, allows context-dependent attackers
	  to to cause a denial of service (crash) and possibly execute
	  arbitrary code via a crafted XML file that triggers a heap-based
	  buffer overflow when adding a new namespace node, related to
	  handling of XPath expressions.</p>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-1944</cvename>
    </references>
    <dates>
      <discovery>2011-09-02</discovery>
      <entry>2011-11-10</entry>
      <modified>2011-11-12</modified>
    </dates>
  </vuln>

  <vuln vid="ce4b3af8-0b7c-11e1-846b-00235409fd3e">
    <topic>libxml -- Multiple use-after-free vulnerabilities</topic>
    <affects>
      <package>
	<name>libxml</name>
	<range><lt>1.8.17_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Multiple use-after-free vulnerabilities in libxml 1.8.17 that
	  allow context-dependent attackers to cause a denial of service
	  (application crash) via crafted (1) Notation or (2) Enumeration
	  attribute types in an XML file.</p>
      </body>
    </description>
    <references>
	<cvename>CVE-2009-2416</cvename>
    </references>
    <dates>
      <discovery>2009-08-03</discovery>
      <entry>2011-11-10</entry>
      <modified>2011-11-12</modified>
    </dates>
  </vuln>

  <vuln vid="5a7d4110-0b7a-11e1-846b-00235409fd3e">
    <topic>libxml -- Stack consumption vulnerability</topic>
    <affects>
      <package>
	<name>libxml</name>
	<range><lt>1.8.17_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Stack consumption vulnerability allows context-dependent
	  attackers to cause a denial of service (application crash) via
	  a large depth of element declarations in a DTD.</p>
      </body>
    </description>
    <references>
	<cvename>CVE-2009-2414</cvename>
    </references>
    <dates>
      <discovery>2009-08-03</discovery>
      <entry>2011-11-10</entry>
      <modified>2011-11-12</modified>
    </dates>
  </vuln>

  <vuln vid="bdec8dc2-0b3b-11e1-b722-001cc0476564">
    <topic>gnutls -- client session resumption vulnerability</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><lt>2.12.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The GnuTLS team reports:</p>
	<blockquote cite="http://www.gnu.org/software/gnutls/security.html">
	  <p>GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-4128</cvename>
	<url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596</url>
    </references>
    <dates>
      <discovery>2011-11-08</discovery>
      <entry>2011-11-10</entry>
    </dates>
  </vuln>

  <vuln vid="6c8ad3e8-0a30-11e1-9580-4061862b8c22">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>4.0,1</gt><lt>8.0,1</lt></range>
	<range><gt>3.6.*,1</gt><lt>3.6.24,1</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><gt>1.9.2.*</gt><lt>1.9.2.24</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>8.0,1</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>8.0</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><gt>4.0</gt><lt>8.0</lt></range>
	<range><lt>3.1.16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope
	    parameter (1.9.2 branch)</p>
	  <p>MFSA 2011-47 Potential XSS against sites using Shift-JIS</p>
	  <p>MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)</p>
	  <p>MFSA 2011-49 Memory corruption while profiling using Firebug</p>
	  <p>MFSA 2011-50 Cross-origin data theft using canvas and Windows
	    D2D</p>
	  <p>MFSA 2011-51 Cross-origin image theft on Mac with integrated
	    Intel GPU</p>
	  <p>MFSA 2011-52 Code execution via NoWaiverWrapper</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-3647</cvename>
	<cvename>CVE-2011-3648</cvename>
	<cvename>CVE-2011-3649</cvename>
	<cvename>CVE-2011-3650</cvename>
	<cvename>CVE-2011-3651</cvename>
	<cvename>CVE-2011-3652</cvename>
	<cvename>CVE-2011-3653</cvename>
	<cvename>CVE-2011-3654</cvename>
	<cvename>CVE-2011-3655</cvename>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-46.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-47.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-48.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-49.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-50.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-51.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-52.html</url>
    </references>
    <dates>
      <discovery>2011-11-08</discovery>
      <entry>2011-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="9dde9dac-08f4-11e1-af36-003067b2972c">
    <topic>caml-light -- insecure use of temporary files</topic>
    <affects>
      <package>
	<name>caml-light</name>
	<range><le>0.75</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>caml-light uses mktemp() insecurely, and also does
	  unsafe things in /tmp during make install.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4119</cvename>
      <mlist msgid="20111106200911.GC13652@netbsd.org">http://seclists.org/oss-sec/2011/q4/249</mlist>
    </references>
    <dates>
      <discovery>2011-11-02</discovery>
      <entry>2011-11-06</entry>
    </dates>
  </vuln>

  <vuln vid="54075e39-04ac-11e1-a94e-bcaec565249c">
    <topic>freetype -- Some type 1 fonts handling vulnerabilities</topic>
    <affects>
      <package>
	<name>freetype2</name>
	<range><lt>2.4.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The FreeType project reports:</p>
	<blockquote cite="http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view">
	  <p>A couple of vulnerabilities in handling Type 1 fonts.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3256</cvename>
      <url>http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view</url>
      <url>https://bugzilla.redhat.com/attachment.cgi?id=528829&amp;action=diff</url>
    </references>
    <dates>
      <discovery>2011-10-12</discovery>
      <entry>2011-11-01</entry>
    </dates>
  </vuln>

  <vuln vid="f08e2c15-ffc9-11e0-b0f3-bcaec565249c">
    <topic>cacti -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>cacti</name>
	<range><lt>0.8.7h</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cacti Group reports:</p>
	<blockquote cite="http://www.cacti.net/release_notes_0_8_7h.php">
	  <p>SQL injection issue with user login, and cross-site scripting
	    issues.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.cacti.net/release_notes_0_8_7h.php</url>
    </references>
    <dates>
      <discovery>2011-09-26</discovery>
      <entry>2011-10-26</entry>
    </dates>
  </vuln>

  <vuln vid="395e0faa-ffa7-11e0-8ac4-6c626dd55a41">
    <topic>phpmyfaq -- Remote PHP Code Injection Vulnerability</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>2.6.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyFAQ project reports:</p>
	<blockquote cite="http://www.phpmyfaq.de/advisory_2011-10-25.php">
	  <p>The phpMyFAQ Team has learned of a serious security issue that
	    has been discovered in our bundled ImageManager library we use
	    in phpMyFAQ 2.6 and 2.7.  The bundled ImageManager library
	    allows injection of arbitrary PHP code via POST requests.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyfaq.de/advisory_2011-10-25.php</url>
      <url>http://forum.phpmyfaq.de/viewtopic.php?f=3&amp;t=13402</url>
    </references>
    <dates>
      <discovery>2011-10-25</discovery>
      <entry>2011-10-26</entry>
    </dates>
  </vuln>

  <vuln vid="edf47177-fe3f-11e0-a207-0014a5e3cda6">
    <topic>phpLDAPadmin -- Remote PHP code injection vulnerability</topic>
    <affects>
      <package>
	<name>phpldapadmin</name>
	<range><ge>1.2.0</ge><lt>1.2.1.1_1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>EgiX (n0b0d13s at gmail dot com) reports:</p>
	<blockquote cite="http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt">
	  <p>The $sortby parameter passed to 'masort' function in file
	    lib/functions.php isn't properly sanitized before being used in
	    a call to create_function() at line 1080.  This can be exploited
	    to inject and execute arbitrary PHP code.  The only possible
	    attack vector is when handling the 'query_engine' command, in
	    which input passed through $_REQUEST['orderby'] is passed as
	    $sortby parameter to 'masort' function.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt</url>
      <url>http://sourceforge.net/tracker/?func=detail&amp;aid=3417184&amp;group_id=61828&amp;atid=498546</url>
    </references>
    <dates>
      <discovery>2011-10-23</discovery>
      <entry>2011-10-24</entry>
    </dates>
  </vuln>

  <vuln vid="6d21a287-fce0-11e0-a828-00235a5f2c9a">
    <topic>kdelibs4, rekonq -- input validation failure</topic>
    <affects>
      <package>
	<name>kdelibs</name>
	<range><ge>4.0.*</ge><lt>4.7.2</lt></range>
      </package>
      <package>
	<name>rekonq</name>
	<range><lt>0.8.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>KDE Security Advisory reports:</p>
	<blockquote cite="http://www.kde.org/info/security/advisory-20111003-1.txt">
	  <p>The default rendering type for a QLabel is QLabel::AutoText,
	    which uses heuristics to determine whether to render the given
	    content as plain text or rich text. KSSL and Rekonq did not
	    properly force its QLabels to use QLabel::PlainText.  As a result,
	    if given a certificate containing rich text in its fields, they
	    would render the rich text.  Specifically, a certificate
	    containing a common name (CN) that has a table element will cause
	    the second line of the table to be displayed.  This can allow
	    spoofing of the certificate's common name.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.kde.org/info/security/advisory-20111003-1.txt</url>
      <url>http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc</url>
      <cvename>CVE-2011-3365</cvename>
      <cvename>CVE-2011-3366</cvename>
    </references>
    <dates>
      <discovery>2011-10-03</discovery>
      <entry>2011-10-23</entry>
    </dates>
  </vuln>

  <vuln vid="411ecb79-f9bc-11e0-a7e6-6c626dd55a41">
    <topic>piwik -- unknown critical vulnerabilities</topic>
    <affects>
      <package>
	<name>piwik</name>
	<range><gt>1.1</gt><lt>1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/46461/">
	  <p>Multiple vulnerabilities with an unknown impact have been
	    reported in Piwik.  The vulnerabilities are caused due to
	    unspecified errors.  No further information is currently
	    available.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://secunia.com/advisories/46461/</url>
      <url>http://piwik.org/blog/2011/10/piwik-1-6/</url>
    </references>
    <dates>
      <discovery>2011-10-18</discovery>
      <entry>2011-10-20</entry>
    </dates>
  </vuln>

  <vuln vid="8441957c-f9b4-11e0-a78a-bcaec565249c">
    <topic>Xorg server -- two vulnerabilities in X server lock handling code</topic>
    <affects>
      <package>
	<name>xorg-server</name>
	<range><lt>1.7.7_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matthieu Herrb reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html">
	  <p>It is possible to deduce if a file exists or not by exploiting
	    the way that Xorg creates its lock files.  This is caused by the
	    fact that the X server is behaving differently if the lock file
	    already exists as a symbolic link pointing to an existing or
	    non-existing file.</p>
	  <p>It is possible for a non-root user to set the permissions for
	    all users on any file or directory to 444, giving unwanted read
	    access or causing denies of service (by removing execute
	    permission).  This is caused by a race between creating the lock
	    file and setting its access modes.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4028</cvename>
      <cvename>CVE-2011-4029</cvename>
    </references>
    <dates>
      <discovery>2011-10-18</discovery>
      <entry>2011-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="a95092a6-f8f1-11e0-a7ea-00215c6a37bb">
    <topic>asterisk -- remote crash vulnerability in SIP channel driver</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><gt>1.8.*</gt><lt>1.8.7.1</lt></range>
      </package>
      <package>
	<name>asterisk</name>
	<range><gt>10.0.0.*</gt><lt>10.0.0.r1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Asterisk project reports:</p>
	<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-012.html">
	  <p>A remote authenticated user can cause a crash with a malformed
	    request due to an unitialized variable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-4063</cvename>
    </references>
    <dates>
      <discovery>2011-10-17</discovery>
      <entry>2011-10-17</entry>
    </dates>
  </vuln>

  <vuln vid="e454ca2f-f88d-11e0-b566-00163e01a509">
    <topic>PivotX -- Remote File Inclusion Vulnerability of TimThumb</topic>
    <affects>
      <package>
	<name>pivotx</name>
	<range><lt>2.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PivotX team reports:</p>
	<blockquote cite="http://blog.pivotx.net/page/security">
	  <p>TimThumb domain name security bypass and insecure cache
	    handling. PivotX before 2.3.0 includes a vulnerable version
	    of TimThumb.</p>
	</blockquote>
	<blockquote cite="http://blog.pivotx.net/2011-10-14/timthumb-update-for-older-pivotx-installs">
	  <p>If you are still running PivotX 2.2.6, you might be vulnerable
	    to a security exploit, that was patched previously.  Version
	    2.3.0 doesn't have this issue, but any older version of PivotX
	    might be vulnerable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>48963</bid>
      <url>https://secunia.com/advisories/45416/</url>
    </references>
    <dates>
      <discovery>2011-08-03</discovery>
      <entry>2011-10-17</entry>
    </dates>
  </vuln>

  <vuln vid="9bad5ab1-f3f6-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Multiple buffer overflows in validation of external data</topic>
    <affects>
      <package>
	<name>openttd</name>
	<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenTTD Team reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343">
	  <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow local
	    users to cause a denial of service (daemon crash) or possibly
	    gain privileges via (1) a crafted BMP file with RLE compression
	    or (2) crafted dimensions in a BMP file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3343</cvename>
      <url>http://security.openttd.org/en/CVE-2011-3343</url>
    </references>
    <dates>
      <discovery>2011-08-25</discovery>
      <entry>2011-10-16</entry>
    </dates>
  </vuln>

  <vuln vid="78c25ed7-f3f9-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Buffer overflows in savegame loading</topic>
    <affects>
      <package>
	<name>openttd</name>
	<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenTTD Team reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342">
	  <p>Multiple buffer overflows in OpenTTD before 1.1.3 allow remote
	    attackers to cause a denial of service (daemon crash) or possibly
	    execute arbitrary code via vectors related to (1) NAME, (2) PLYR,
	    (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a
	    savegame.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3342</cvename>
      <url>http://security.openttd.org/en/CVE-2011-3342</url>
    </references>
    <dates>
      <discovery>2011-08-08</discovery>
      <entry>2011-10-16</entry>
    </dates>
  </vuln>

  <vuln vid="e77befb5-f3f9-11e0-8b5c-b482fe3f522d">
    <topic>OpenTTD -- Denial of service via improperly validated commands</topic>
    <affects>
      <package>
	<name>openttd</name>
	<range><ge>0.3.5</ge><lt>1.1.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenTTD Team reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341">
	  <p>Multiple off-by-one errors in order_cmd.cpp in OpenTTD before
	    1.1.3 allow remote attackers to cause a denial of service (daemon
	    crash) or possibly execute arbitrary code via a crafted
	    CMD_INSERT_ORDER command.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3341</cvename>
      <url>http://security.openttd.org/en/CVE-2011-3341</url>
    </references>
    <dates>
      <discovery>2011-08-25</discovery>
      <entry>2011-10-16</entry>
    </dates>
  </vuln>

  <vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">
    <topic>quagga -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>quagga</name>
	<range><lt>0.99.19</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CERT-FI reports:</p>
	<blockquote cite="https://www.cert.fi/en/reports/2011/vulnerability539178.html">
	  <p>Five vulnerabilities have been found in the BGP, OSPF, and
	    OSPFv3 components of Quagga.  The vulnerabilities allow an
	    attacker to cause a denial of service or potentially to
	    execute his own code by sending a specially modified packets
	    to an affected server.  Routing messages are typically accepted
	    from the routing peers.  Exploiting these vulnerabilities may
	    require an established routing session (BGP peering or
	    OSPF/OSPFv3 adjacency) to the router.</p>
	  <p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327">CVE-2011-3327</a>
	    is related to the extended communities handling in BGP
	    messages.  Receiving a malformed BGP update can result
	    in a buffer overflow and disruption of IPv4 routing.</p>
	  <p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326">CVE-2011-3326</a>
	    results from the handling of LSA (Link State Advertisement)
	    states in the OSPF service.  Receiving a modified Link State
	    Update message with malicious state information can result in
	    denial of service in IPv4 routing.</p>
	  <p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325">CVE-2011-3325</a>
	    is a denial of service vulnerability related to Hello message
	    handling by the OSPF service.  As Hello messages are used to
	    initiate adjacencies, exploiting the vulnerability may be
	    feasible from the same broadcast domain without an established
	    adjacency.  A malformed packet may result in denial of service
	    in IPv4 routing.</p>
	  <p>The vulnerabilities <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324">CVE-2011-3324</a>
	    and <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323">CVE-2011-3323</a>
	    are related to the IPv6 routing protocol (OSPFv3) implemented
	    in ospf6d daemon.  Receiving modified Database Description and
	    Link State Update messages, respectively, can result in denial
	    of service in IPv6 routing.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3323</cvename>
      <cvename>CVE-2011-3324</cvename>
      <cvename>CVE-2011-3325</cvename>
      <cvename>CVE-2011-3326</cvename>
      <cvename>CVE-2011-3327</cvename>
    </references>
    <dates>
      <discovery>2011-09-26</discovery>
      <entry>2011-10-05</entry>
    </dates>
  </vuln>

  <vuln vid="1fade8a3-e9e8-11e0-9580-4061862b8c22">
    <topic>Mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>4.0,1</gt><lt>7.0,1</lt></range>
	<range><gt>3.6.*,1</gt><lt>3.6.23,1</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><gt>1.9.2.*</gt><lt>1.9.2.23</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>7.0,1</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.4</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>7.0</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.4</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><gt>4.0</gt><lt>7.0</lt></range>
	<range><lt>3.1.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 /
	    rv:1.9.2.23)</p>
	  <p>MFSA 2011-37 Integer underflow when using JavaScript RegExp</p>
	  <p>MFSA 2011-38 XSS via plugins and shadowed window.location
	    object</p>
	  <p>MFSA 2011-39 Defense against multiple Location headers due to
	    CRLF Injection</p>
	  <p>MFSA 2011-40 Code installation through holding down Enter</p>
	  <p>MFSA 2011-41 Potentially exploitable WebGL crashes</p>
	  <p>MFSA 2011-42 Potentially exploitable crash in the YARR regular
	    expression library</p>
	  <p>MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope
	    parameter</p>
	  <p>MFSA 2011-44 Use after free reading OGG headers</p>
	  <p>MFSA 2011-45 Inferring Keystrokes from motion data</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-2372</cvename>
	<cvename>CVE-2011-2995</cvename>
	<cvename>CVE-2011-2996</cvename>
	<cvename>CVE-2011-2997</cvename>
	<cvename>CVE-2011-2999</cvename>
	<cvename>CVE-2011-3000</cvename>
	<cvename>CVE-2011-3001</cvename>
	<cvename>CVE-2011-3002</cvename>
	<cvename>CVE-2011-3003</cvename>
	<cvename>CVE-2011-3004</cvename>
	<cvename>CVE-2011-3005</cvename>
	<cvename>CVE-2011-3232</cvename>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-36.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-37.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-38.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-39.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-40.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-41.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-42.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-43.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-44.html</url>
	<url>http://www.mozilla.org/security/announce/2011/mfsa2011-45.html</url>
    </references>
    <dates>
      <discovery>2011-09-27</discovery>
      <entry>2011-09-28</entry>
    </dates>
  </vuln>

  <vuln vid="53e531a7-e559-11e0-b481-001b2134ef46">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r183.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-26.html">
	  <p>Critical vulnerabilities have been identified in Adobe Flash
	    Player 10.3.183.7 and earlier versions for Windows, Macintosh,
	    Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier
	    versions for Android.  These vulnerabilities could cause a crash
	    and potentially allow an attacker to take control of the
	    affected system.</p>
	  <p>There are reports that one of these vulnerabilities
	    (CVE-2011-2444) is being exploited in the wild in active
	    targeted attacks designed to trick the user into clicking on
	    a malicious link delivered in an email message.  This universal
	    cross-site scripting issue could be used to take actions on a
	    user's behalf on any website or webmail provider if the user
	    visits a malicious website.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.adobe.com/support/security/bulletins/apsb11-26.html</url>
      <cvename>CVE-2011-2426</cvename>
      <cvename>CVE-2011-2427</cvename>
      <cvename>CVE-2011-2428</cvename>
      <cvename>CVE-2011-2429</cvename>
      <cvename>CVE-2011-2430</cvename>
      <cvename>CVE-2011-2444</cvename>
    </references>
    <dates>
      <discovery>2011-06-06</discovery>
      <entry>2011-09-22</entry>
    </dates>
  </vuln>

  <vuln vid="e44fe906-df27-11e0-a333-001cc0a36e12">
    <topic>phpMyAdmin -- multiple XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><lt>3.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php">
	  <p>Firstly, if a row contains javascript code, after inline
	    editing this row and saving, the code is executed.  Secondly,
	    missing sanitization on the db, table and column names leads
	    to XSS vulnerabilities.</p>
	  <p>Versions 3.4.0 to 3.4.4 were found vulnerable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php</url>
    </references>
    <dates>
      <discovery>2011-09-11</discovery>
      <entry>2011-09-14</entry>
    </dates>
  </vuln>

  <vuln vid="d01d10c7-de2d-11e0-b215-00215c6a37bb">
    <topic>django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py23-django</name>
	<name>py24-django</name>
	<name>py25-django</name>
	<name>py26-django</name>
	<name>py27-django</name>
	<name>py30-django</name>
	<name>py31-django</name>
	<range><ge>1.3</ge><lt>1.3.1</lt></range>
	<range><ge>1.2</ge><lt>1.2.7</lt></range>
      </package>
      <package>
	<name>py23-django-devel</name>
	<name>py24-django-devel</name>
	<name>py25-django-devel</name>
	<name>py26-django-devel</name>
	<name>py27-django-devel</name>
	<name>py30-django-devel</name>
	<name>py31-django-devel</name>
	<range><lt>16758,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Django project reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">
	  <p>Please reference CVE/URL list for details</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/</url>
    </references>
    <dates>
      <discovery>2011-09-09</discovery>
      <entry>2011-09-13</entry>
      <modified>2011-11-01</modified>
    </dates>
  </vuln>

  <vuln vid="4ae68e7c-dda4-11e0-a906-00215c6a37bb">
    <topic>roundcube -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>roundcube</name>
	<range><lt>0.5.4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>RoundCube development Team reports:</p>
	<blockquote cite="http://sourceforge.net/news/?group_id=139281&amp;id=302769">
	  <p>We just published a new release which fixes a recently
	    reported XSS vulnerability as an update to the stable 0.5
	    branch.  Please update your installations with this new
	    version or patch them with the fix which is also published
	    in the downloads section or our sourceforge.net page.</p>
	</blockquote>
	<p>and:</p>
	<blockquote cite="http://trac.roundcube.net/ticket/1488030">
	  <p>During one of pen-tests I found that _mbox parameter is not
	    properly sanitized and reflected XSS attack is possible.</p>
	</blockquote>
      </body>
    </description>
    <references>
       <cvename>CVE-2011-2937</cvename>
    </references>
    <dates>
      <discovery>2011-08-09</discovery>
      <entry>2011-09-13</entry>
    </dates>
  </vuln>

  <vuln vid="b9f3ffa3-dd6c-11e0-b7fc-000a5e1e33c6">
    <topic>libsndfile -- PAF file processing integer overflow</topic>
    <affects>
      <package>
	<name>libsndfile</name>
	<range><lt>1.0.25</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/45125/">
	  <p>Hossein Lotfi has discovered a vulnerability in libsndfile,
	    which can be exploited by malicious people to potentially
	    compromise an application using the library.  The vulnerability
	    is caused due to an integer overflow error in the "paf24_init()"
	    function (src/paf.c) when processing Paris Audio (PAF) files.
	    This can be exploited to cause a heap-based buffer overflow via
	    a specially crafted file.  Successful exploitation may allow
	    execution of arbitrary code.  The vulnerability is confirmed in
	    version 1.0.24.  Other versions may also be affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2696</cvename>
      <url>http://secunia.com/advisories/45125/</url>
    </references>
    <dates>
      <discovery>2011-07-12</discovery>
      <entry>2011-09-12</entry>
    </dates>
  </vuln>

  <vuln vid="2ecb7b20-d97e-11e0-b2e2-00215c6a37bb">
    <topic>OpenSSL -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><ge>1.0.0</ge><lt>1.0.0_6</lt></range>
	<range><ge>0.9.8</ge><lt>1.0.0</lt></range>
      </package>
      <package>
	<name>linux-f10-openssl</name>
	<range><ge>0.9.8</ge><lt>0.9.8r</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSSL Team reports:</p>
	<blockquote cite="http://openssl.org/news/secadv_20110906.txt">
	  <p>Two security flaws have been fixed in OpenSSL 1.0.0e</p>
	  <p>Under certain circumstances OpenSSL's internal certificate
	    verification routines can incorrectly accept a CRL whose
	    nextUpdate field is in the past.  (CVE-2011-3207)</p>
	  <p>OpenSSL server code for ephemeral ECDH ciphersuites is not
	    thread-safe, and furthermore can crash if a client violates
	    the protocol by sending handshake messages in incorrect
	    order.  (CVE-2011-3210)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3207</cvename>
      <cvename>CVE-2011-3210</cvename>
      <url>http://www.openssl.org/news/secadv_20110906.txt</url>
    </references>
    <dates>
      <discovery>2011-09-06</discovery>
      <entry>2011-09-07</entry>
      <modified>2014-04-10</modified>
    </dates>
  </vuln>

  <vuln vid="a83f25df-d775-11e0-8bf1-003067b2972c">
    <topic>XSS issue in MantisBT</topic>
    <affects>
      <package>
	<name>mantis</name>
	<range><ge>1.2.0</ge><lt>1.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<blockquote cite="http://www.mantisbt.org/blog/?p=142">
	  <p>Net.Edit0r from BlACK Hat Group reported an XSS issue in
	    search.php.  All MantisBT users (including anonymous users that
	    are not logged in to public bug trackers) could be impacted by
	    this vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/160368</freebsdpr>
      <cvename>CVE-2011-2938</cvename>
    </references>
    <dates>
      <discovery>2011-08-18</discovery>
      <entry>2011-09-05</entry>
    </dates>
  </vuln>

  <vuln vid="e55f948f-d729-11e0-abd1-0017f22d6707">
    <topic>security/cfs -- buffer overflow</topic>
    <affects>
      <package>
	<name>cfs</name>
	<range><le>1.4.1_6</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian reports:</p>
	<blockquote cite="http://www.debian.org/security/2002/dsa-116">
	  <p>Zorgon found several buffer overflows in cfsd, a daemon that
	    pushes encryption services into the Unix(tm) file system.
	    We are not yet sure if these overflows can successfully be
	    exploited to gain root access to the machine running the CFS
	    daemon.  However, since cfsd can easily be forced to die, a
	    malicious user can easily perform a denial of service attack
	    to it.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2002-0351</cvename>
      <url>http://www.debian.org/security/2002/dsa-116</url>
    </references>
    <dates>
      <discovery>2002-03-02</discovery>
      <entry>2011-09-04</entry>
    </dates>
  </vuln>

  <vuln vid="1b27af46-d6f6-11e0-89a6-080027ef73ec">
    <topic>ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle</topic>
    <affects>
      <package>
	<name>ca_root_nss</name>
	<range><lt>3.12.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matthias Andree reports that the ca-bundle.pl used in older
	  versions of the ca_root_nss FreeBSD port before 3.12.11 did not
	  take the Mozilla/NSS/CKBI untrusted markers into account and
	  would add certificates to the trust bundle that were marked
	  unsafe by Mozilla.</p>
      </body>
    </description>
    <references>
      <freebsdpr>ports/160455</freebsdpr>
    </references>
    <dates>
      <discovery>2011-09-04</discovery>
      <entry>2011-09-04</entry>
    </dates>
  </vuln>

  <vuln vid="aa5bc971-d635-11e0-b3cf-080027ef73ec">
    <topic>nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl</topic>
    <affects>
      <package>
	<name>nss</name>
	<range><lt>3.12.11</lt></range>
	<!-- this builds on the assumption that 3.12.11 in ports actually
	     contains the CKBI 1.87 update to the built-in certificates
	     as commited by kwm@ on September 3rd, 2011 -->
      </package>
      <package>
	<name>ca_root_nss</name>
	<range><lt>3.12.11</lt></range>
	<!-- this builds on the assumption that 3.12.11 in ports actually
	     contains the CKBI 1.87 update to the built-in certificates
	     as commited by mandree@ on September 4th, 2011 -->
      </package>
      <package>
	<name>firefox</name>
	<range><gt>3.6.*,1</gt><lt>3.6.22,1</lt></range>
	<range><gt>4.0.*,1</gt><lt>6.0.2,1</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.3.2</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.22,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><gt>3.1.*</gt><lt>3.1.14</lt></range>
	<range><gt>5.0.*</gt><lt>6.0.2</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>3.1.14</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><lt>2.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Heather Adkins, Google's Information Security Manager, reported that
	Google received</p>
	<blockquote cite="http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html">
	  <p>[...] reports of attempted SSL man-in-the-middle (MITM)
	    attacks against Google users, whereby someone tried to get between
	    them and encrypted Google services.  The people affected were
	    primarily located in Iran.  The attacker used a fraudulent SSL
	    certificate issued by DigiNotar, a root certificate authority that
	    should not issue certificates for Google (and has since revoked
	    it). [...]</p>
	</blockquote>
	<p>VASCO Data Security International Inc., owner of DigiNotar, issued a
	  press statement confirming this incident:</p>
	<blockquote cite="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx">
	  <p>On July 19th 2011, DigiNotar detected an intrusion
	    into its Certificate Authority (CA) infrastructure, which resulted
	    in the fraudulent issuance of public key certificate requests for
	    a number of domains, including Google.com.  [...] an external
	    security audit concluded that all fraudulently issued certificates
	    were
	    revoked.  Recently, it was discovered that at least one fraudulent
	    certificate had not been revoked at the time. [...]</p>
	</blockquote>
	<p>Mozilla, maintainer of the NSS package, from which FreeBSD derived
	  ca_root_nss, stated that they:</p>
	<blockquote cite="https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/">
	  <p>revoked our trust in the DigiNotar certificate authority from
	    all Mozilla software.  This is not a temporary suspension, it is
	    a complete removal from our trusted root program.  Complete
	    revocation of trust is a decision we treat with careful
	    consideration, and employ as a last resort.
	  </p><p>Three central issues informed our decision:</p>
	  <ol><li>Failure to notify. [...]</li>
	    <li>The scope of the breach remains unknown. [...]</li>
	    <li>The attack is not theoretical.</li></ol>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-34.html</url>
      <url>http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html</url>
    </references>
    <dates>
      <discovery>2011-07-19</discovery>
      <entry>2011-09-03</entry>
      <modified>2011-09-06</modified>
    </dates>
  </vuln>

  <vuln vid="7f6108d2-cea8-11e0-9d58-0800279895ea">
    <topic>apache -- Range header DoS vulnerability</topic>
    <affects>
      <package>
	<name>apache</name>
	<name>apache-event</name>
	<name>apache-itk</name>
	<name>apache-peruser</name>
	<name>apache-worker</name>
	<range><gt>2.*</gt><lt>2.2.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache HTTP server project reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">
	  <p>A denial of service vulnerability has been found in the way
	    the multiple overlapping ranges are handled by Apache HTTPD
	    server.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-3192</cvename>
	<url>https://people.apache.org/~dirkx/CVE-2011-3192.txt</url>
	<url>https://svn.apache.org/viewvc?view=revision&amp;revision=1161534</url>
	<url>https://svn.apache.org/viewvc?view=revision&amp;revision=1162874</url>
    </references>
    <dates>
      <discovery>2011-08-24</discovery>
      <entry>2011-08-30</entry>
      <modified>2011-09-01</modified>
    </dates>
  </vuln>

  <vuln vid="cdeb34e6-d00d-11e0-987e-00215c6a37bb">
    <topic>stunnel -- heap corruption vulnerability</topic>
    <affects>
      <package>
	<name>stunnel</name>
	<range><ge>4.40</ge><lt>4.42</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Michal Trojnara reports:</p>
	<blockquote cite="http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.html">
	  <p>Version 4.42, 2011.08.18, urgency: HIGH:</p>
	  <p>Fixed a heap corruption vulnerability in versions 4.40 and 4.41.
	    It may possibly be leveraged to perform DoS or remote code
	    execution attacks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>49254</bid>
      <cvename>CVE-2011-2940</cvename>
    </references>
    <dates>
      <discovery>2011-08-25</discovery>
      <entry>2011-08-26</entry>
    </dates>
  </vuln>

  <vuln vid="75e26236-ce9e-11e0-b26a-00215c6a37bb">
    <topic>phpMyAdmin -- multiple XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><lt>3.4.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php">
	  <p>Multiple XSS in the Tracking feature.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-3181</cvename>
    </references>
    <dates>
      <discovery>2011-08-24</discovery>
      <entry>2011-08-24</entry>
    </dates>
  </vuln>

  <vuln vid="3f1df2f9-cd22-11e0-9bb2-00215c6a37bb">
    <topic>PHP -- crypt() returns only the salt for MD5</topic>
    <affects>
      <package>
	<name>php5</name>
	<range><ge>5.3.7</ge><lt>5.3.7_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PHP development team reports:</p>
	<blockquote cite="https://bugs.php.net/bug.php?id=55439">
	  <p>If crypt() is executed with MD5 salts, the return value
	    consists of the salt only.  DES and BLOWFISH salts work as
	    expected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugs.php.net/bug.php?id=55439</url>
    </references>
    <dates>
      <discovery>2011-08-17</discovery>
      <entry>2011-08-23</entry>
      <modified>2011-08-30</modified>
    </dates>
  </vuln>

  <vuln vid="057bf770-cac4-11e0-aea3-00215c6a37bb">
    <topic>php -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php5</name>
	<name>php5-sockets</name>
	<range><lt>5.3.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PHP development team reports:</p>
	<blockquote cite="http://www.php.net/ChangeLog-5.php#5.3.7">
	  <p>Security Enhancements and Fixes in PHP 5.3.7:</p>
	  <ul>
	    <li>Updated crypt_blowfish to 1.2.  (CVE-2011-2483)</li>
	    <li>Fixed crash in error_log().  Reported by Mateusz
	      Kocielski</li>
	    <li>Fixed buffer overflow on overlog salt in crypt().</li>
	    <li>Fixed bug #54939 (File path injection vulnerability
	      in RFC1867 File upload filename).  Reported by Krzysztof
	      Kotowicz.  (CVE-2011-2202)</li>
	    <li>Fixed stack buffer overflow in socket_connect().
	      (CVE-2011-1938)</li>
	    <li>Fixed bug #54238 (use-after-free in substr_replace()).
	      (CVE-2011-1148)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>49241</bid>
      <cvename>CVE-2011-2483</cvename>
      <cvename>CVE-2011-2202</cvename>
      <cvename>CVE-2011-1938</cvename>
      <cvename>CVE-2011-1148</cvename>
    </references>
    <dates>
      <discovery>2011-08-18</discovery>
      <entry>2011-08-20</entry>
    </dates>
  </vuln>

  <vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb">
    <topic>rubygem-rails -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-rails</name>
	<range><lt>3.0.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SecurityFocus reports:</p>
	<blockquote cite="http://www.securityfocus.com/bid/49179/discuss">
	  <p>Ruby on Rails is prone to multiple vulnerabilities
	    including SQL-injection, information-disclosure,
	    HTTP-header-injection, security-bypass and cross-site
	    scripting issues.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>49179</bid>
      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>
      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>
      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>
      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>
      <url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>
    </references>
    <dates>
      <discovery>2011-08-16</discovery>
      <entry>2011-08-19</entry>
    </dates>
  </vuln>

  <vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb">
    <topic>dovecot -- denial of service vulnerability</topic>
    <affects>
      <package>
	<name>dovecot</name>
	<range><lt>1.2.17</lt></range>
	<range><gt>2.0</gt><lt>2.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Timo Sirainen reports:</p>
	<blockquote cite="http://dovecot.org/pipermail/dovecot/2011-May/059086.html">
	  <p> Fixed potential crashes and other problems when parsing header
	    names that contained NUL characters.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>47930</bid>
      <cvename>CVE-2011-1929</cvename>
    </references>
    <dates>
      <discovery>2011-05-25</discovery>
      <entry>2011-08-19</entry>
    </dates>
  </vuln>

  <vuln vid="86baa0d4-c997-11e0-8a8e-00151735203a">
    <topic>OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><gt>2.1.*</gt><lt>3.0.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OTRS Security Advisory reports:</p>
	<blockquote cite="http://otrs.org/advisory/OSA-2011-03-en/">
	  <ul>
	    <li>An attacker with valid session and admin permissions could
	      get read access to any file on the servers local operating
	      system.  For this it would be needed minimum one installed
	      OTRS package.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2746</cvename>
      <url>http://otrs.org/advisory/OSA-2011-03-en/</url>
    </references>
    <dates>
      <discovery>2011-08-16</discovery>
      <entry>2011-08-18</entry>
    </dates>
  </vuln>

  <vuln vid="834591a9-c82f-11e0-897d-6c626dd55a41">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>3.6.*,1</gt><lt>3.6.20,1</lt></range>
	<range><gt>5.0.*,1</gt><lt>6.0,1</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><lt>2.3</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.20,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>3.1.12</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>3.1.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-29 Security issues addressed in Firefox 6</p>
	  <p>MFSA 2011-28 Security issues addressed in Firefox 3.6.20</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-29.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-30.html</url>
      <cvename>CVE-2011-2982</cvename>
      <cvename>CVE-2011-0084</cvename>
      <cvename>CVE-2011-2981</cvename>
      <cvename>CVE-2011-2378</cvename>
      <cvename>CVE-2011-2984</cvename>
      <cvename>CVE-2011-2980</cvename>
      <cvename>CVE-2011-2983</cvename>
      <cvename>CVE-2011-2989</cvename>
      <cvename>CVE-2011-2991</cvename>
      <cvename>CVE-2011-2992</cvename>
      <cvename>CVE-2011-2985</cvename>
      <cvename>CVE-2011-2993</cvename>
      <cvename>CVE-2011-2988</cvename>
      <cvename>CVE-2011-2987</cvename>
      <cvename>CVE-2011-0084</cvename>
      <cvename>CVE-2011-2990</cvename>
      <cvename>CVE-2011-2986</cvename>
    </references>
    <dates>
      <discovery>2011-08-16</discovery>
      <entry>2011-08-16</entry>
    </dates>
  </vuln>

  <vuln vid="56f4b3a6-c82c-11e0-a498-00215c6a37bb">
    <topic>Samba -- cross site scripting and request forgery vulnerabilities</topic>
    <affects>
      <package>
	<name>samba34</name>
	<range><gt>3.4.*</gt><lt>3.4.14</lt></range>
      </package>
      <package>
	<name>samba35</name>
	<range><gt>3.5.*</gt><lt>3.5.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Samba security advisory reports:</p>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2011-2522">
	  <p>All current released versions of Samba are vulnerable to a
	    cross-site request forgery in the Samba Web Administration Tool
	    (SWAT).  By tricking a user who is authenticated with SWAT into
	    clicking a manipulated URL on a different web page, it is
	    possible to manipulate SWAT.</p>
	</blockquote>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2011-2694">
	  <p>All current released versions of Samba are vulnerable to a
	    cross-site scripting issue in the Samba Web Administration Tool
	    (SWAT). On the "Change Password" field, it is possible to insert
	    arbitrary content into the "user" field.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>48901</bid>
      <bid>48899</bid>
      <cvename>CVE-2011-2522</cvename>
      <cvename>CVE-2011-2694</cvename>
    </references>
    <dates>
      <discovery>2011-07-27</discovery>
      <entry>2011-08-16</entry>
    </dates>
  </vuln>

  <vuln vid="510b630e-c43b-11e0-916c-00e0815b8da8">
    <topic>isc-dhcp-server -- server halt upon processing certain packets</topic>
    <affects>
      <package>
	<name>isc-dhcp31-server</name>
	<range><lt>3.1.ESV_1,1</lt></range>
      </package>
      <package>
	<name>isc-dhcp41-server</name>
	<range><lt>4.1.e_2,2</lt></range>
      </package>
      <package>
	<name>isc-dhcp42-server</name>
	<range><lt>4.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-2748">
	  <p>A pair of defects cause the server to halt upon processing
	    certain packets.  The patch is to properly discard or process
	    those packets.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2748</cvename>
      <cvename>CVE-2011-2749</cvename>
    </references>
    <dates>
      <discovery>2011-08-10</discovery>
      <entry>2011-08-13</entry>
    </dates>
  </vuln>

  <vuln vid="dc8741b9-c5d5-11e0-8a8e-00151735203a">
    <topic>bugzilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>bugzilla</name>
	<range><ge>2.4.*</ge><lt>3.6.6</lt></range>
	<range><ge>4.0.*</ge><lt>4.0.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A Bugzilla Security Advisory reports:</p>
	<blockquote cite="http://www.bugzilla.org/security/3.4.11/">
	  <p>The following security issues have been discovered in Bugzilla:</p>
	  <ul>
	    <li>Internet Explorer 8 and older, and Safari before 5.0.6 do
	      content sniffing when viewing a patch in "Raw Unified" mode,
	      which could trigger a cross-site scripting attack due to
	      the execution of malicious code in the attachment.</li>
	    <li>It is possible to determine whether or not certain group
	      names exist while creating or updating bugs.</li>
	    <li>Attachment descriptions with a newline in them could lead
	      to the injection of crafted headers in email notifications sent
	      to the requestee or the requester when editing an attachment
	      flag.</li>
	    <li>If an attacker has access to a user's session, he can modify
	      that user's email address without that user being notified
	      of the change.</li>
	    <li>Temporary files for uploaded attachments are not deleted
	      on Windows, which could let a user with local access to
	      the server read them.</li>
	    <li>Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised,
	      it can be used to inject HTML code when viewing a bug report,
	      leading to a cross-site scripting attack.</li>
	  </ul>
	  <p>All affected installations are encouraged to upgrade as soon as
	    possible.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2379</cvename>
      <cvename>CVE-2011-2380</cvename>
      <cvename>CVE-2011-2979</cvename>
      <cvename>CVE-2011-2381</cvename>
      <cvename>CVE-2011-2978</cvename>
      <cvename>CVE-2011-2977</cvename>
      <cvename>CVE-2011-2976</cvename>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=637981</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=653477</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=674497</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=657158</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=670868</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=660502</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=660053</url>
    </references>
    <dates>
      <discovery>2011-08-04</discovery>
      <entry>2011-08-13</entry>
    </dates>
  </vuln>

  <vuln vid="879b0242-c5b6-11e0-abd1-0017f22d6707">
    <topic>dtc -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>dtc</name>
	<range><lt>0.32.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ansgar Burchardt reports:</p>
	<blockquote cite="http://www.debian.org/security/2011/dsa-2179">
	  <p>Ansgar Burchardt discovered several vulnerabilities in DTC, a
	    web control panel for admin and accounting hosting services:
	    The bw_per_moth.php graph contains an SQL injection
	    vulnerability; insufficient checks in bw_per_month.php can lead
	    to bandwidth usage information disclosure; after a registration,
	    passwords are sent in cleartext email messages and Authenticated
	    users could delete accounts using an obsolete interface which
	    was incorrectly included in the package.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0434</cvename>
      <cvename>CVE-2011-0435</cvename>
      <cvename>CVE-2011-0436</cvename>
      <cvename>CVE-2011-0437</cvename>
      <url>http://www.debian.org/security/2011/dsa-2179</url>
    </references>
    <dates>
      <discovery>2011-03-02</discovery>
      <entry>2011-08-13</entry>
    </dates>
  </vuln>

  <vuln vid="304409c3-c3ef-11e0-8aa5-485d60cb5385">
    <topic>libXfont -- possible local privilege escalation</topic>
    <affects>
      <package>
	<name>libXfont</name>
	<range><lt>1.4.4_1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tomas Hoger reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=725760">
	  <p>The compress/ LZW decompress implentation does not correctly
	    handle compressed streams that contain code words that were not
	    yet added to the decompression table.  This may lead to
	    arbitrary memory corruption.  Successfull exploitation may
	    possible lead to a local privilege escalation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2895</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=725760</url>
    </references>
    <dates>
      <discovery>2011-07-26</discovery>
      <entry>2011-08-11</entry>
      <modified>2012-03-13</modified>
    </dates>
  </vuln>

  <vuln vid="5d374b01-c3ee-11e0-8aa5-485d60cb5385">
    <topic>freetype2 -- execute arbitrary code or cause denial of service</topic>
    <affects>
      <package>
	<name>freetype2</name>
	<range><lt>2.4.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Vincent Danen reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226">
	  <p>Due to an error within the t1_decoder_parse_charstrings()
	    function (src/psaux/t1decode.c) and can be exploited to corrupt
	    memory by tricking a user into processing a specially-crafted
	    postscript Type1 font in an application that uses the freetype
	    library.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0226</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226</url>
    </references>
    <dates>
      <discovery>2011-07-19</discovery>
      <entry>2011-08-11</entry>
    </dates>
  </vuln>

  <vuln vid="2c12ae0c-c38d-11e0-8eb7-001b2134ef46">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r183.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-21.html">
	  <p>Critical vulnerabilities have been identified in Adobe Flash
	    Player 10.3.181.36 and earlier versions for Windows, Macintosh,
	    Linux and Solaris, and Adobe Flash Player 10.3.185.25 and
	    earlier versions for Android.  These vulnerabilities could
	    cause a crash and potentially allow an attacker to take control
	    of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2130</cvename>
      <cvename>CVE-2011-2134</cvename>
      <cvename>CVE-2011-2135</cvename>
      <cvename>CVE-2011-2136</cvename>
      <cvename>CVE-2011-2137</cvename>
      <cvename>CVE-2011-2138</cvename>
      <cvename>CVE-2011-2139</cvename>
      <cvename>CVE-2011-2140</cvename>
      <cvename>CVE-2011-2414</cvename>
      <cvename>CVE-2011-2415</cvename>
      <cvename>CVE-2011-2416</cvename>
      <cvename>CVE-2011-2417</cvename>
      <cvename>CVE-2011-2425</cvename>
      <url>https://www.adobe.com/support/security/bulletins/apsb11-21.html</url>
    </references>
    <dates>
      <discovery>2011-05-13</discovery>
      <entry>2011-08-10</entry>
      <modified>2012-11-05</modified>
    </dates>
  </vuln>

  <vuln vid="30cb4522-b94d-11e0-8182-485d60cb5385">
    <topic>libsoup -- unintentionally allow access to entire local filesystem</topic>
    <affects>
      <package>
	<name>libsoup</name>
	<range><lt>2.32.2_3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dan Winship reports:</p>
	<blockquote cite="http://mail.gnome.org/archives/ftp-release-list/2011-July/msg00176.html">
	  <p>Fixed a security hole that caused some SoupServer users to
	    unintentionally allow accessing the entire local filesystem when
	    they thought they were only providing access to a single
	    directory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2054</cvename>
      <url>http://mail.gnome.org/archives/ftp-release-list/2011-July/msg00176.html</url>
      <url>https://bugzilla.gnome.org/show_bug.cgi?id=653258</url>
    </references>
    <dates>
      <discovery>2011-06-23</discovery>
      <entry>2011-07-28</entry>
    </dates>
  </vuln>

  <vuln vid="d79fc873-b5f9-11e0-89b4-001ec9578670">
    <topic>phpmyadmin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><lt>3.4.3.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php">
	  <p>XSS in table Print view.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php">
	  <p>Via a crafted MIME-type transformation parameter, an attacker can
	    perform a local file inclusion.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php">
	  <p>In the 'relational schema' code a parameter was not sanitized before
	    being used to concatenate a class name.</p>
	  <p>The end result is a local file inclusion vulnerability and code
	    execution.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php">
	  <p>It was possible to manipulate the PHP session superglobal using
	    some of the Swekey authentication code.</p>
	  <p>This is very similar to PMASA-2011-5, documented in
	    7e4e5c53-a56c-11e0-b180-00216aa06fc2</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-2642</cvename>
	<cvename>CVE-2011-2643</cvename>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php</url>
    </references>
    <dates>
      <discovery>2011-07-23</discovery>
      <entry>2011-07-24</entry>
      <modified>2011-07-28</modified>
    </dates>
  </vuln>

  <vuln vid="9f14cb36-b6fc-11e0-a044-445c73746d79">
    <topic>opensaml2 -- unauthenticated login</topic>
    <affects>
      <package>
	<name>opensaml2</name>
	<range><gt>0</gt><lt>2.4.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenSAML developer reports:</p>
	<blockquote cite="http://shibboleth.internet2.edu/secadv/secadv_20110725.txt">
	  <p>The Shibboleth software relies on the OpenSAML libraries to
	    perform verification of signed XML messages such as attribute
	    queries or SAML assertions.  Both the Java and C++ versions are
	    vulnerable to a so-called "wrapping attack" that allows a remote,
	    unauthenticated attacker to craft specially formed messages that
	    can be successfully verified, but contain arbitrary content.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1411</cvename>
      <mlist msgid="CA530061.113D6%cantor.2@osu.edu">https://groups.google.com/a/shibboleth.net/group/announce/browse_thread/thread/cf3e0d76afbb57d9</mlist>
    </references>
    <dates>
      <discovery>2011-07-25</discovery>
      <entry>2011-07-25</entry>
    </dates>
  </vuln>

  <vuln vid="9a777c23-b310-11e0-832d-00215c6a37bb">
    <topic>rsync -- incremental recursion memory corruption vulnerability</topic>
    <affects>
      <package>
	<name>rsync</name>
	<range><gt>3.0</gt><lt>3.0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>rsync development team reports:</p>
	<blockquote cite="http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS">
	  <p>Fixed a data-corruption issue when preserving hard-links
	    without preserving file ownership, and doing deletions either
	    before or during the transfer (CVE-2011-1097).  This
	    fixes some assert errors in the hard-linking code, and some
	    potential failed checksums (via -c) that should have matched.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1097</cvename>
      <url>https://bugzilla.samba.org/show_bug.cgi?id=7936</url>
    </references>
    <dates>
      <discovery>2011-04-08</discovery>
      <entry>2011-07-20</entry>
    </dates>
  </vuln>

  <vuln vid="fd64188d-a71d-11e0-89b4-001ec9578670">
   <topic>BIND -- Remote DoS against authoritative and recursive servers</topic>
   <affects>
     <package>
	<name>bind96</name>
	<range><lt>9.6.3.1.ESV.R4.3</lt></range>
      </package>
      <package>
	<name>bind97</name>
	<range><lt>9.7.3.3</lt></range>
      </package>
      <package>
	<name>bind98</name>
	<range><lt>9.8.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-2464">
	  <p>A defect in the affected BIND 9 versions allows an attacker to
	    remotely cause the "named" process to exit using a specially
	    crafted packet.</p>
	  <p>This defect affects both recursive and authoritative servers.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2464</cvename>
      <url>https://www.isc.org/software/bind/advisories/cve-2011-2464</url>
    </references>
    <dates>
      <discovery>2011-07-05</discovery>
      <entry>2011-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="4ccee784-a721-11e0-89b4-001ec9578670">
    <topic>BIND -- Remote DoS with certain RPZ configurations</topic>
    <affects>
      <package>
	<name>bind98</name>
	<range><lt>9.8.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-2465">
	  <p>Two defects were discovered in ISC's BIND 9.8 code.  These
	    defects only affect BIND 9.8 servers which have recursion
	    enabled and which use a specific feature of the software known
	    as Response Policy Zones (RPZ) and where the RPZ zone contains
	    a specific rule/action pattern.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2465</cvename>
      <url>https://www.isc.org/software/bind/advisories/cve-2011-2465</url>
    </references>
    <dates>
      <discovery>2011-07-05</discovery>
      <entry>2011-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="7e4e5c53-a56c-11e0-b180-00216aa06fc2">
    <topic>phpmyadmin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><lt>3.4.3.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The phpMyAdmin development team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php">
	  <p>It was possible to manipulate the PHP session superglobal using
	    some of the Swekey authentication code.  This could open a path
	    for other attacks.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php">
	  <p>An unsanitized key from the Servers array is written in a comment
	    of the generated config.  An attacker can modify this key by
	    modifying the SESSION superglobal array.  This allows the attacker
	    to close the comment and inject code.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php">
	  <p>Through a possible bug in PHP running on Windows systems a NULL
	    byte can truncate the pattern string allowing an attacker to
	    inject the /e modifier causing the preg_replace function to
	    execute its second argument as PHP code.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php">
	  <p>Fixed filtering of a file path in the MIME-type transformation
	    code, which allowed for directory traversal.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<cvename>CVE-2011-2505</cvename>
	<cvename>CVE-2011-2506</cvename>
	<cvename>CVE-2011-2507</cvename>
	<cvename>CVE-2011-2508</cvename>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php</url>
	<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php</url>
    </references>
    <dates>
      <discovery>2011-07-02</discovery>
      <entry>2011-07-03</entry>
      <modified>2011-07-28</modified>
    </dates>
  </vuln>

  <vuln vid="40544e8c-9f7b-11e0-9bec-6c626dd55a41">
    <topic>Asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk14</name>
	<range><gt>1.4.*</gt><lt>1.4.41.2</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><gt>1.6.*</gt><lt>1.6.2.18.2</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><gt>1.8.*</gt><lt>1.8.4.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://www.asterisk.org/node/51650">
	  <p>AST-2011-008: If a remote user sends a SIP packet containing a
	    NULL, Asterisk assumes available data extends past the null to
	    the end of the packet when the buffer is actually truncated when
	    copied.  This causes SIP header parsing to modify data past the
	    end of the buffer altering unrelated memory structures.  This
	    vulnerability does not affect TCP/TLS connections.</p>
	  <p>AST-2011-009: A remote user sending a SIP packet containing a
	    Contact header with a missing left angle bracket causes Asterisk
	    to access a null pointer.</p>
	  <p>AST-2011-010: A memory address was inadvertently transmitted
	    over the network via IAX2 via an option control frame and the
	    remote party would try to access it.</p>
	  <p>Possible enumeration of SIP users due to differing
	    authentication responses.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2529</cvename>
      <cvename>CVE-2011-2535</cvename>
      <cvename>CVE-2011-2536</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-008.html</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-009.html</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-010.html</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-011.html</url>
    </references>
    <dates>
      <discovery>2011-06-24</discovery>
      <entry>2011-06-25</entry>
      <modified>2011-06-29</modified>
    </dates>
  </vuln>

  <vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6">
    <topic>ejabberd -- remote denial of service vulnerability</topic>
    <affects>
      <package>
	<name>ejabberd</name>
	<range><lt>2.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>It's reported in CVE advisory that:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753">
	  <p>expat_erl.c in ejabberd before 2.1.7 and 3.x before
	    3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect
	    recursion during entity expansion, which allows remote attackers
	    to cause a denial of service (memory and CPU consumption) via a
	    crafted XML document containing a large number of nested entity
	    references, a similar issue to CVE-2003-1564.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1753</cvename>
      <url>http://www.ejabberd.im/ejabberd-2.1.7</url>
    </references>
    <dates>
      <discovery>2011-04-27</discovery>
      <entry>2011-06-24</entry>
    </dates>
  </vuln>

  <vuln vid="dfe40cff-9c3f-11e0-9bec-6c626dd55a41">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>3.5.*,1</gt><lt>3.5.20,1</lt></range>
	<range><gt>3.6.*,1</gt><lt>3.6.18,1</lt></range>
	<range><gt>4.0.*,1</gt><lt>5.0,1</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.18,1</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>3.1.11</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><lt>3.1.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-19 Miscellaneous memory safety hazards
	    (rv:3.0/1.9.2.18)</p>
	  <p>MFSA 2011-20 Use-after-free vulnerability when viewing XUL
	    document with script disabled</p>
	  <p>MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace
	    images</p>
	  <p>MFSA 2011-22 Integer overflow and arbitrary code execution in
	    Array.reduceRight()</p>
	  <p>MFSA 2011-23 Multiple dangling pointer vulnerabilities</p>
	  <p>MFSA 2011-24 Cookie isolation error</p>
	  <p>MFSA 2011-25 Stealing of cross-domain images using WebGL
	    textures</p>
	  <p>MFSA 2011-26 Multiple WebGL crashes</p>
	  <p>MFSA 2011-27 XSS encoding hazard with inline SVG</p>
	  <p>MFSA 2011-28 Non-whitelisted site can trigger xpinstall</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-19.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-20.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-21.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-22.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-23.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-24.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-25.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-26.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-27.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-28.html</url>
    </references>
    <dates>
      <discovery>2011-06-21</discovery>
      <entry>2011-06-21</entry>
      <modified>2011-06-23</modified>
    </dates>
  </vuln>

  <vuln vid="bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41">
    <topic>Samba -- Denial of service - memory corruption</topic>
    <affects>
      <package>
	<name>samba34</name>
	<range><gt>3.4.*</gt><lt>3.4.12</lt></range>
      </package>
      <package>
	<name>samba35</name>
	<range><gt>3.5.*</gt><lt>3.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba team reports:</p>
	<blockquote cite="http://www.samba.org/samba/security/CVE-2011-0719.html">
	  <p>Samba is vulnerable to a denial of service, caused by a memory
	    corruption error related to missing range checks on file
	    descriptors being used in the "FD_SET" macro.  By performing a
	    select on a bad file descriptor set, a remote attacker could
	    exploit this vulnerability to cause the application to crash or
	    possibly execute arbitrary code on the system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0719</cvename>
      <url>http://www.samba.org/samba/security/CVE-2011-0719.html</url>
      <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719</url>
    </references>
    <dates>
      <discovery>2011-02-28</discovery>
      <entry>2011-06-21</entry>
    </dates>
  </vuln>

  <vuln vid="23c8423e-9bff-11e0-8ea2-0019d18c446a">
    <topic>Piwik -- remote command execution vulnerability</topic>
    <affects>
      <package>
	<name>piwik</name>
	<range><ge>1.2</ge><lt>1.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Piwik security advisory reports:</p>
	<blockquote cite="http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/">
	  <p>The Piwik 1.5 release addresses a critical security
	    vulnerability, which affect all Piwik users that have let
	    granted some access to the "anonymous" user.</p>
	  <p>Piwik contains a remotely exploitable vulnerability that could
	    allow a remote attacker to execute arbitrary code.  Only
	    installations that have granted untrusted view access to their
	    stats (ie. grant "view" access to a website to anonymous) are
	    at risk.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/158084</freebsdpr>
      <url>http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/</url>
    </references>
    <dates>
      <discovery>2011-06-21</discovery>
      <entry>2011-06-21</entry>
    </dates>
  </vuln>

  <vuln vid="0b535cd0-9b90-11e0-800a-00215c6a37bb">
    <topic>Dokuwiki -- cross site scripting vulnerability</topic>
    <affects>
      <package>
	<name>dokuwiki</name>
	<range><lt>20110525a</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dokuwiki reports:</p>
	<blockquote cite="http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind">
	  <p>We just released a Hotfix Release "2011-05-25a Rincewind".
	    It contains the following changes:</p>
	  <p>Security fix for a Cross Site Scripting vulnerability.
	    Malicious users could abuse DokuWiki's RSS embedding mechanism
	    to create links containing arbitrary JavaScript.  Note: this
	    security problem is present in at least Anteater and Rincewind
	    but probably in older releases as well.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind</url>
    </references>
    <dates>
      <discovery>2011-06-14</discovery>
      <entry>2011-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="55a528e8-9787-11e0-b24a-001b2134ef46">
    <topic>linux-flashplugin -- remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r181.26</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-18.html">
	  <p>A critical vulnerability has been identified in Adobe Flash
	    Player 10.3.181.23 and earlier versions for Windows, Macintosh,
	    Linux and Solaris, and Adobe Flash Player 10.3.185.23 and
	    earlier versions for Android.  This memory corruption
	    vulnerability (CVE-2011-2110) could cause a crash and
	    potentially allow an attacker to take control of the affected
	    system.  There are reports that this vulnerability is being
	    exploited in the wild in targeted attacks via malicious Web
	    pages.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2110</cvename>
      <url>http://www.adobe.com/support/security/bulletins/apsb11-18.html</url>
    </references>
    <dates>
      <discovery>2011-05-13</discovery>
      <entry>2011-06-15</entry>
    </dates>
  </vuln>

  <vuln vid="3145faf1-974c-11e0-869e-000c29249b2e">
    <topic>ikiwiki -- tty hijacking via ikiwiki-mass-rebuild</topic>
    <affects>
      <package>
	<name>ikiwiki</name>
	<range><lt>3.20110608</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The IkiWiki development team reports:</p>
	<blockquote cite="http://ikiwiki.info/security/#index40h2">
	  <p>Ludwig Nussel discovered a way for users to hijack root's tty
	    when ikiwiki-mass-rebuild was run.  Additionally, there was
	    some potential for information disclosure via symlinks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1408</cvename>
      <url>http://ikiwiki.info/security/#index40h2</url>
    </references>
    <dates>
      <discovery>2011-06-08</discovery>
      <entry>2011-06-15</entry>
    </dates>
  </vuln>

  <vuln vid="57573136-920e-11e0-bdc9-001b2134ef46">
    <topic>linux-flashplugin -- cross-site scripting vulnerability</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r181.22</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-13.html">
	  <p>An important vulnerability has been identified in Adobe
	    Flash Player 10.3.181.16 and earlier versions for Windows,
	    Macintosh, Linux and Solaris, and Adobe Flash Player
	    10.3.185.22 and earlier versions for Android.  This universal
	    cross-site scripting vulnerability (CVE-2011-2107) could be
	    used to take actions on a user's behalf on any website or
	    webmail provider, if the user visits a malicious website.
	    There are reports that this vulnerability is being exploited
	    in the wild in active targeted attacks designed to trick
	    the user into clicking on a malicious link delivered in an
	    email message.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2107</cvename>
      <url>http://www.adobe.com/support/security/bulletins/apsb11-13.html</url>
    </references>
    <dates>
      <discovery>2011-05-13</discovery>
      <entry>2011-06-08</entry>
    </dates>
  </vuln>

  <vuln vid="1e1421f0-8d6f-11e0-89b4-001ec9578670">
    <topic>BIND -- Large RRSIG RRsets and Negative Caching DoS</topic>
    <affects>
      <package>
	<name>bind9-sdb-ldap</name>
	<name>bind9-sdb-postgresql</name>
	<range><lt>9.4.3.4</lt></range>
      </package>
      <package>
	<name>bind96</name>
	<range><lt>9.6.3.1.ESV.R4.1</lt></range>
      </package>
      <package>
	<name>bind97</name>
	<range><lt>9.7.3.1</lt></range>
      </package>
      <package>
	<name>bind98</name>
	<range><lt>9.8.0.2</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>7.3</ge><lt>7.3_6</lt></range>
	<range><ge>7.4</ge><lt>7.4_2</lt></range>
	<range><ge>8.1</ge><lt>8.1_4</lt></range>
	<range><ge>8.2</ge><lt>8.2_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="http://www.isc.org/software/bind/advisories/cve-2011-1910">
	  <p>A BIND 9 DNS server set up to be a caching resolver is
	    vulnerable to a user querying a domain with very large resource
	    record sets (RRSets) when trying to negatively cache a response.
	    This can cause the BIND 9 DNS server (named process) to crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1910</cvename>
      <freebsdsa>SA-11:02.bind</freebsdsa>
      <url>http://www.isc.org/software/bind/advisories/cve-2011-1910</url>
    </references>
    <dates>
      <discovery>2011-05-26</discovery>
      <entry>2011-06-04</entry>
      <modified>2016-08-09</modified>
    </dates>
  </vuln>

  <vuln vid="f7d838f2-9039-11e0-a051-080027ef73ec">
    <topic>fetchmail -- STARTTLS denial of service</topic>
    <affects>
      <package>
	<name>fetchmail</name>
	<range><lt>6.3.20</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matthias Andree reports:</p>
	<blockquote cite="http://www.fetchmail.info/fetchmail-SA-2011-01.txt">
	  <p>Fetchmail version 5.9.9 introduced STLS support for POP3,
	    version 6.0.0 added STARTTLS for IMAP.  However, the actual
	    S(TART)TLS-initiated in-band SSL/TLS negotiation was not guarded
	    by a timeout.</p>
	  <p>Depending on the operating system defaults as to TCP stream
	    keepalive mode, fetchmail hangs in excess of one week after
	    sending STARTTLS were observed if the connection failed without
	    notifying the operating system, for instance, through network
	    outages or hard server crashes.</p>
	  <p>A malicious server that does not respond, at the network level,
	    after acknowledging fetchmail's STARTTLS or STLS request, can
	    hold fetchmail in this protocol state, and thus render fetchmail
	    unable to complete the poll, or proceed to the next server,
	    effecting a denial of service.</p>
	  <p>SSL-wrapped mode on dedicated ports was unaffected by this
	    problem, so can be used as a workaround.</p>
	</blockquote>
      </body>
    </description>
    <references>
    <cvename>CVE-2011-1947</cvename>
    <url>http://www.fetchmail.info/fetchmail-SA-2011-01.txt</url>
    <url>https://gitorious.org/fetchmail/fetchmail/commit/7dc67b8cf06f74aa57525279940e180c99701314</url>
    </references>
    <dates>
      <discovery>2011-04-28</discovery>
      <entry>2011-06-06</entry>
    </dates>
  </vuln>

  <vuln vid="34ce5817-8d56-11e0-b5a2-6c626dd55a41">
    <topic>asterisk -- Remote crash vulnerability</topic>
    <affects>
      <package>
	<name>asterisk18</name>
	<range><gt>1.8.*</gt><lt>1.8.4.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-June/000325.html">
	  <p>If a remote user initiates a SIP call and the recipient picks
	    up, the remote user can reply with a malformed Contact header
	    that Asterisk will improperly handle and cause a crash due to a
	    segmentation fault.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-2216</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-007.pdf</url>
    </references>
    <dates>
      <discovery>2011-06-02</discovery>
      <entry>2011-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="e27a1af3-8d21-11e0-a45d-001e8c75030d">
    <topic>Subversion -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>subversion</name>
	<range><lt>1.6.17</lt></range>
      </package>
      <package>
	<name>subversion-freebsd</name>
	<range><lt>1.6.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion team reports:</p>
	<blockquote cite="http://subversion.apache.org/security/CVE-2011-1752-advisory.txt">
	  <p>Subversion's mod_dav_svn Apache HTTPD server module will
	    dereference a NULL pointer if asked to deliver baselined WebDAV
	    resources.</p>
	  <p>This can lead to a DoS.  An exploit has been tested, and tools
	    or users have been observed triggering this problem in the
	    wild.</p>
	</blockquote>
	<blockquote cite="http://subversion.apache.org/security/CVE-2011-1783-advisory.txt">
	  <p>Subversion's mod_dav_svn Apache HTTPD server module may in
	    certain scenarios enter a logic loop which does not exit and
	    which allocates memory in each iteration, ultimately exhausting
	    all the available memory on the server.</p>
	  <p>This can lead to a DoS.  There are no known instances of this
	    problem being observed in the wild, but an exploit has been
	    tested.</p>
	</blockquote>
	<blockquote cite="http://subversion.apache.org/security/CVE-2011-1921-advisory.txt">
	  <p>Subversion's mod_dav_svn Apache HTTPD server module may leak to
	    remote users the file contents of files configured to be
	    unreadable by those users.</p>
	  <p>There are no known instances of this problem being observed in
	    the wild, but an exploit has been tested.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1752</cvename>
      <cvename>CVE-2011-1783</cvename>
      <cvename>CVE-2011-1921</cvename>
    </references>
    <dates>
      <discovery>2011-05-28</discovery>
      <entry>2011-06-02</entry>
    </dates>
  </vuln>

  <vuln vid="1acf9ec5-877d-11e0-b937-001372fd0af2">
    <topic>drupal6 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>drupal6</name>
	<range><lt>6.22</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Drupal Team reports:</p>
	<blockquote cite="http://drupal.org/node/1168756">
	  <p>A reflected cross site scripting vulnerability was discovered
	    in Drupal's error handler.  Drupal displays PHP errors in the
	    messages area, and a specially crafted URL can cause malicious
	    scripts to be injected into the message.  The issue can be
	    mitigated by disabling on-screen error display at admin /
	    settings / error-reporting.  This is the recommended setting
	    for production sites.</p>
	  <p>When using re-colorable themes, color inputs are not sanitized.
	    Malicious color values can be used to insert arbitrary CSS and
	    script code.  Successful exploitation requires the "Administer
	    themes" permission.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://drupal.org/node/1168756</url>
    </references>
    <dates>
      <discovery>2011-05-25</discovery>
      <entry>2011-05-26</entry>
    </dates>
  </vuln>

  <vuln vid="e4833927-86e5-11e0-a6b4-000a5e1e33c6">
    <topic>Erlang -- ssh library uses a weak random number generator</topic>
    <affects>
      <package>
	<name>erlang</name>
	<range><lt>r14b03</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>US-CERT reports:</p>
	<blockquote cite="http://www.kb.cert.org/vuls/id/178990">
	  <p>The Erlang/OTP ssh library implements a number of
	    cryptographic operations that depend on cryptographically
	    strong random numbers.  Unfortunately the RNG used by the
	    library is not cryptographically strong, and is further
	    weakened by the use of predictable seed material.  The RNG
	    (Wichman-Hill) is not mixed with an entropy source.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0766</cvename>
      <url>http://www.erlang.org/download/otp_src_R14B03.readme</url>
      <url>https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5</url>
    </references>
    <dates>
      <discovery>2011-05-25</discovery>
      <entry>2011-05-25</entry>
    </dates>
  </vuln>

  <vuln vid="dc96ac1f-86b1-11e0-9e85-00215af774f0">
    <topic>Unbound -- an empty error packet handling assertion failure</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><lt>1.4.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Unbound developer reports:</p>
	<blockquote cite="http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt">
	  <p>NLnet Labs was notified of an error in Unbound's code-path
	    for error replies which is triggered under special conditions.
	    The error causes the program to abort.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1922</cvename>
      <url>http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt</url>
    </references>
    <dates>
      <discovery>2011-05-25</discovery>
      <entry>2011-05-25</entry>
    </dates>
  </vuln>

  <vuln vid="115a1389-858e-11e0-a76c-000743057ca2">
    <topic>Pubcookie Login Server -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>pubcookie-login-server</name>
	<range><lt>3.3.2d</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nathan Dors, Pubcookie Project reports:</p>
	<blockquote cite="http://pubcookie.org/news/20070606-login-secadv.html">
	  <p>A  new non-persistent XSS vulnerability was found in the
	    Pubcookie login server's compiled binary "index.cgi" CGI
	    program.  The CGI program mishandles untrusted data when
	    printing responses to the browser.  This makes the program
	    vulnerable to carefully crafted requests containing script
	    or HTML.  If an attacker can lure an unsuspecting user to
	    visit carefully staged content, the attacker can use it to
	    redirect the user to his or her local Pubcookie login page
	    and attempt to exploit the XSS vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://pubcookie.org/news/20070606-login-secadv.html</url>
    </references>
    <dates>
      <discovery>2007-05-25</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="1ca8228f-858d-11e0-a76c-000743057ca2">
    <topic>mod_pubcookie -- Empty Authentication Security Advisory</topic>
    <affects>
      <package>
	<name>ap20-mod_pubcookie</name>
	<range><ge>3.1.0</ge><lt>3.3.2b</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nathan Dors, Pubcookie Project reports:</p>
	<blockquote cite="http://pubcookie.org/news/20061106-empty-auth-secadv.html">
	  <p>An Abuse of Functionality vulnerability in the Pubcookie
	    authentication process was found. This vulnerability allows an
	    attacker to appear as if he or she were authenticated using an
	    empty userid when such a userid isn't expected.  Unauthorized
	    access to web content and applications may result where access
	    is restricted to users who can authenticate successfully but
	    where no additional authorization is performed after
	    authentication.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://pubcookie.org/news/20061106-empty-auth-secadv.html</url>
    </references>
    <dates>
      <discovery>2006-10-04</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="7af2fb85-8584-11e0-96b7-00300582f9fc">
    <topic>ViewVC -- user-reachable override of cvsdb row limit</topic>
    <affects>
      <package>
	<name>viewvc</name>
	<range><lt>1.1.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ViewVC.org reports:</p>
	<blockquote cite="http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2536&amp;r2=2574">
	  <p>Security fix: remove user-reachable override of cvsdb row limit.</p>
	</blockquote>
      </body>
    </description>
    <references>
    <url>http://viewvc.tigris.org/source/browse/*checkout*/viewvc/branches/1.1.x/CHANGES</url>
    </references>
    <dates>
      <discovery>2011-05-17</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="99a5590c-857e-11e0-96b7-00300582f9fc">
    <topic>Apache APR -- DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>apr1</name>
	<range><lt>1.4.5.1.3.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Portable Runtime Project reports:</p>
	<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-1.4">
	  <p>A flaw was discovered in the apr_fnmatch() function in the
	    Apache Portable Runtime (APR) library 1.4.4 (or any backported
	    versions that contained the upstream fix for CVE-2011-0419).
	    This could cause httpd workers to enter a hung state (100% CPU
	    utilization).</p>
	  <p>apr-util 1.3.11 could cause crashes with httpd's
	    mod_authnz_ldap in some situations.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>47929</bid>
      <cvename>CVE-2011-1928</cvename>
      <cvename>CVE-2011-0419</cvename>
      <url>http://www.apache.org/dist/apr/Announcement1.x.html</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1928</url>
    </references>
    <dates>
      <discovery>2011-05-19</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="d226626c-857f-11e0-95cc-001b2134ef46">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.3r181.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-12.html">
	  <p>Critical vulnerabilities have been identified in Adobe Flash
	    Player 10.2.159.1 and earlier versions (Adobe Flash Player
	    10.2.154.28 and earlier for Chrome users) for Windows,
	    Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51
	    and earlier versions for Android.  These vulnerabilities could
	    cause the application to crash and could potentially allow an
	    attacker to take control of the affected system.  There are
	    reports of malware attempting to exploit one of the
	    vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf)
	    file embedded in a Microsoft Word (.doc) or Microsoft Excel
	    (.xls) file delivered as an email attachment targeting the
	    Windows platform.  However, to date, Adobe has not obtained a
	    sample that successfully completes an attack.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0579</cvename>
      <cvename>CVE-2011-0618</cvename>
      <cvename>CVE-2011-0619</cvename>
      <cvename>CVE-2011-0620</cvename>
      <cvename>CVE-2011-0621</cvename>
      <cvename>CVE-2011-0622</cvename>
      <cvename>CVE-2011-0623</cvename>
      <cvename>CVE-2011-0624</cvename>
      <cvename>CVE-2011-0625</cvename>
      <cvename>CVE-2011-0626</cvename>
      <cvename>CVE-2011-0627</cvename>
      <url>http://www.adobe.com/support/security/bulletins/apsb11-12.html</url>
    </references>
    <dates>
      <discovery>2011-01-20</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="e666498a-852a-11e0-8f78-080027ef73ec">
    <topic>Opera -- code injection vulnerability through broken frameset handling</topic>
    <affects>
      <package><name>opera</name><range><lt>11.11</lt></range></package>
      <package><name>opera-devel</name><range><lt>11.11</lt></range></package>
      <package><name>linux-opera</name><range><lt>11.11</lt></range></package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Opera Software ASA reports:</p>
	<blockquote cite="http://www.opera.com/docs/changelogs/unix/1111/">
	  <p>Fixed an issue with framesets that could allow execution of
	    arbitrary code, as reported by an anonymous contributor working
	    with the SecuriTeam Secure Disclosure program.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.opera.com/docs/changelogs/unix/1111/</url>
      <url>http://www.opera.com/support/kb/view/992/</url>
    </references>
    <dates>
      <discovery>2011-05-18</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="1495f931-8522-11e0-a1c1-00215c6a37bb">
    <topic>pureftpd -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>pure-ftpd</name>
	<range><lt>1.0.32</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Pure-FTPd development team reports:</p>
	<blockquote cite="http://www.pureftpd.org/project/pure-ftpd/news">
	  <p>Support for braces expansion in directory listings has been
	    disabled -- Cf. CVE-2011-0418.</p>
	  <p>Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411.
	    If you're using TLS, upgrading is recommended.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>46767</bid>
      <cvename>CVE-2011-0418</cvename>
      <cvename>CVE-2011-1575</cvename>
    </references>
    <dates>
      <discovery>2011-04-01</discovery>
      <entry>2011-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="36594c54-7be7-11e0-9838-0022156e8794">
    <topic>Exim -- remote code execution and information disclosure</topic>
    <affects>
      <package>
	<name>exim</name>
	<range><ge>4.70</ge><lt>4.76</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Release notes for Exim 4.76 says:</p>
	<blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.76">
	  <p>Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to
	    a format-string attack -- SECURITY: remote arbitrary code
	    execution.</p>
	  <p>DKIM signature header parsing was double-expanded, second
	    time unintentionally subject to list matching rules, letting
	    the header cause arbitrary Exim lookups (of items which can
	    occur in lists, *not* arbitrary string expansion).  This
	    allowed for information disclosure.</p>
	</blockquote>
	<p>Also, impact assessment was redone shortly after the original
	  announcement:</p>
	<blockquote cite="https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html">
	  <p>Further analysis revealed that the second security was
	    more severe than I realised at the time that I wrote the
	    announcement.  The second security issue has been assigned
	    CVE-2011-1407 and is also a remote code execution flaw.
	    For clarity: both issues were introduced with 4.70.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1764</cvename>
      <cvename>CVE-2011-1407</cvename>
      <mlist msgid="20110512102909.GA58484@redoubt.spodhuis.org">https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html</mlist>
      <url>http://bugs.exim.org/show_bug.cgi?id=1106</url>
    </references>
    <dates>
      <discovery>2011-05-10</discovery>
      <entry>2011-05-14</entry>
    </dates>
  </vuln>

  <vuln vid="00b296b6-7db1-11e0-96b7-00300582f9fc">
    <topic>Apache APR -- DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>apr1</name>
	<range><lt>1.4.4.1.3.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache Portable Runtime Project reports:</p>
	<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-1.4">
	  <p>Note especially a security fix to APR 1.4.4, excessive CPU
	    consumption was possible due to an unconstrained, recursive
	    invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
	    Reimplement apr_fnmatch() from scratch using a non-recursive
	    algorithm now has improved compliance with the fnmatch() spec.
	    (William Rowe)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0419</cvename>
      <url>http://www.apache.org/dist/apr/Announcement1.x.html</url>
    </references>
    <dates>
      <discovery>2011-05-10</discovery>
      <entry>2011-05-12</entry>
    </dates>
  </vuln>

  <vuln vid="34e8ccf5-7d71-11e0-9d83-000c29cc39d3">
    <topic>Zend Framework -- potential SQL injection when using PDO_MySql</topic>
    <affects>
      <package>
	<name>ZendFramework</name>
	<range><lt>1.11.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Zend Framework team reports:</p>
	<blockquote cite="http://framework.zend.com/security/advisory/ZF2011-02">
	  <p>Developers using non-ASCII-compatible encodings in conjunction
	    with the MySQL PDO driver of PHP may be vulnerable to SQL
	    injection attacks.  Developers using ASCII-compatible encodings
	    like UTF8 or latin1 are not affected by this PHP issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://framework.zend.com/security/advisory/ZF2011-02</url>
      <url>http://zend-framework-community.634137.n4.nabble.com/Zend-Framework-1-11-6-and-1-10-9-released-td3503741.html</url>
    </references>
    <dates>
      <discovery>2011-05-06</discovery>
      <entry>2011-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="3fadb7c6-7b0a-11e0-89b4-001ec9578670">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki</name>
	<range><lt>1.16.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html">
	  <p>(Bug 28534) XSS vulnerability for IE 6 clients.  This is the
	    third attempt at fixing bug 28235.</p>
	  <p>(Bug 28639) Potential privilege escalation when
	    $wgBlockDisablesLogin is enabled.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugzilla.wikimedia.org/show_bug.cgi?id=28534</url>
      <url>https://bugzilla.wikimedia.org/show_bug.cgi?id=28639</url>
      <url>http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html</url>
      <url>http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES</url>
    </references>
    <dates>
      <discovery>2011-04-14</discovery>
      <entry>2011-05-12</entry>
    </dates>
  </vuln>

  <vuln vid="3eb2c100-738b-11e0-89f4-001e90d46635">
    <topic>Postfix -- memory corruption vulnerability</topic>
    <affects>
      <package>
	<name>postfix</name>
	<name>postfix-base</name>
	<range><ge>2.8.*,1</ge><lt>2.8.3,1</lt></range>
	<range><ge>2.7.*,1</ge><lt>2.7.4,1</lt></range>
	<range><ge>2.6.*,1</ge><lt>2.6.10,1</lt></range>
	<range><ge>2.5.*,2</ge><lt>2.5.13,2</lt></range>
	<range><le>2.4.16,1</le></range>
      </package>
      <package>
	<name>postfix-current</name>
	<name>postfix-current-base</name>
	<range><lt>2.9.20110501,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Postfix SMTP server has a memory corruption error, when the
	  Cyrus SASL library is used with authentication mechanisms other
	  than PLAIN and LOGIN (ANONYMOUS is not affected, but should not
	  be used for other reasons).  This memory corruption is known to
	  result in a program crash (SIGSEV).</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1720</cvename>
      <url>http://www.postfix.org/CVE-2011-1720.html</url>
    </references>
    <dates>
      <discovery>2011-05-09</discovery>
      <entry>2011-05-09</entry>
    </dates>
  </vuln>

  <vuln vid="04b7d46c-7226-11e0-813a-6c626dd55a41">
    <topic>Mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>3.6.*,1</gt><lt>3.6.17,1</lt></range>
	<range><gt>3.5.*,1</gt><lt>3.5.19,1</lt></range>
	<range><gt>4.0.*,1</gt><lt>4.0.1,1</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><gt>1.9.2.*</gt><lt>1.9.2.17</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.17,1</lt></range>
      </package>
      <package>
	<name>linux-firefox-devel</name>
	<range><lt>3.5.19</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.14</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-12 Miscellaneous memory safety hazards</p>
	  <p>MFSA 2011-13 Multiple dangling pointer vulnerabilities</p>
	  <p>MFSA 2011-14 Information stealing via form history</p>
	  <p>MFSA 2011-15 Escalation of privilege through Java Embedding Plugin</p>
	  <p>MFSA 2011-16 Directory traversal in resource: protocol</p>
	  <p>MFSA 2011-17 WebGLES vulnerabilities</p>
	  <p>MFSA 2011-18 XSLT generate-id() function heap address leak</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-12.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-13.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-14.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-15.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-16.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-17.html</url>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-18.html</url>
    </references>
    <dates>
      <discovery>2011-04-28</discovery>
      <entry>2011-04-29</entry>
    </dates>
  </vuln>

  <vuln vid="3c7d565a-6c64-11e0-813a-6c626dd55a41">
    <topic>Asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk14</name>
	<range><gt>1.4.*</gt><lt>1.4.40.1</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><gt>1.6.*</gt><lt>1.6.2.17.3</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><gt>1.8.*</gt><lt>1.8.3.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-April/000316.html">
	  <p>It is possible for a user of the Asterisk Manager Interface to
	    bypass a security check and execute shell commands when they
	    should not have that ability.  Sending the "Async" header with
	    the "Application" header during an Originate action, allows
	    authenticated manager users to execute shell commands.  Only
	    users with the "system" privilege should be able to do this.</p>
	  <p>On systems that have the Asterisk Manager Interface, Skinny, SIP
	    over TCP, or the built in HTTP server enabled, it is possible for
	    an attacker to open as many connections to asterisk as he wishes.
	    This will cause Asterisk to run out of available file descriptors
	    and stop processing any new calls.  Additionally, disk space can
	    be exhausted as Asterisk logs failures to open new file
	    descriptors.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1507</cvename>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-005.pdf</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-006.pdf</url>
    </references>
    <dates>
      <discovery>2011-04-21</discovery>
      <entry>2011-04-21</entry>
    </dates>
  </vuln>

  <vuln vid="6a4bfe75-692a-11e0-bce7-001eecdd401a">
    <topic>VLC -- Heap corruption in MP4 demultiplexer</topic>
    <affects>
      <package>
	<name>vlc</name>
	<range><ge>1.0.0</ge><lt>1.1.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>VideoLAN project reports:</p>
	<blockquote cite="http://www.videolan.org/security/sa1103.html">
	  <p>When parsing some MP4 (MPEG-4 Part 14) files, insufficient
	    buffer size might lead to corruption of the heap.</p>
	</blockquote>
      </body>
    </description>
    <references>
       <url>http://www.videolan.org/security/sa1103.html</url>
    </references>
    <dates>
      <discovery>2011-04-07</discovery>
      <entry>2011-04-17</entry>
    </dates>
  </vuln>

  <vuln vid="32b05547-6913-11e0-bdc4-001b2134ef46">
    <topic>linux-flashplugin -- remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.2r159.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/advisories/apsa11-02.html">
	  <p>A critical vulnerability exists in Flash Player 10.2.153.1
	    and earlier versions (Adobe Flash Player 10.2.154.25 and
	    earlier for Chrome users) for Windows, Macintosh, Linux
	    and Solaris, Adobe Flash Player 10.2.156.12 and earlier
	    versions for Android, and the Authplay.dll component that
	    ships with Adobe Reader and Acrobat X (10.0.2) and earlier
	    10.x and 9.x versions for Windows and Macintosh operating
	    systems.</p>
	  <p>This vulnerability (CVE-2011-0611) could cause a crash
	    and potentially allow an attacker to take control of the
	    affected system. There are reports that this vulnerability
	    is being exploited in the wild in targeted attacks via a
	    malicious Web page or a Flash (.swf) file embedded in a
	    Microsoft Word (.doc) or Microsoft Excel (.xls) file
	    delivered as an email attachment, targeting the Windows
	    platform. At this time, Adobe is not aware of any attacks
	    via PDF targeting Adobe Reader and Acrobat. Adobe Reader
	    X Protected Mode mitigations would prevent an exploit of
	    this kind from executing.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0611</cvename>
      <url>http://www.adobe.com/support/security/advisories/apsa11-02.html</url>
    </references>
    <dates>
      <discovery>2011-01-20</discovery>
      <entry>2011-04-17</entry>
    </dates>
  </vuln>

  <vuln vid="bf171509-68dd-11e0-afe6-0003ba02bf30">
    <topic>rt -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>rt36</name>
	<range><lt>3.6.11</lt></range>
      </package>
      <package>
	<name>rt38</name>
	<range><lt>3.8.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Best Practical reports:</p>
	<blockquote cite="http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html">
	  <p>In the process of preparing the release of RT 4.0.0, we performed
	    an extensive security audit of RT's source code.  During this
	    audit, several vulnerabilities were found which affect earlier
	    releases of RT.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1685</cvename>
      <cvename>CVE-2011-1686</cvename>
      <cvename>CVE-2011-1687</cvename>
      <cvename>CVE-2011-1688</cvename>
      <cvename>CVE-2011-1689</cvename>
      <cvename>CVE-2011-1690</cvename>
      <url>http://secunia.com/advisories/44189</url>
    </references>
    <dates>
      <discovery>2011-04-14</discovery>
      <entry>2011-04-17</entry>
    </dates>
  </vuln>

  <vuln vid="6a3c3e5c-66cb-11e0-a116-c535f3aa24f0">
    <topic>krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><ge>1.7</ge><lt>1.7.2</lt></range>
	<range><ge>1.8</ge><lt>1.8.4</lt></range>
	<range><eq>1.9</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>An advisory published by the MIT Kerberos team says:</p>
	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt">
	  <p>The password-changing capability of the MIT krb5 administration
	    daemon (kadmind) has a bug that can cause it to attempt to free()
	    an invalid pointer under certain error conditions.  This can cause
	    the daemon to crash or induce the execution of arbitrary code
	    (which is believed to be difficult).  No exploit that executes
	    arbitrary code is known to exist, but it is easy to trigger a
	    denial of service manually.</p>
	  <p>Some platforms detect attempted freeing of invalid pointers and
	    protectively terminate the process, preventing arbitrary code
	    execution on those platforms.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0285</cvename>
      <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt</url>
    </references>
    <dates>
      <discovery>2011-04-12</discovery>
      <entry>2011-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="7edac52a-66cd-11e0-9398-5d45f3aa24f0">
    <topic>krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><ge>1.7</ge><lt>1.7.2</lt></range>
	<range><ge>1.8</ge><lt>1.8.4</lt></range>
	<range><eq>1.9</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>An advisory published by the MIT Kerberos team says:</p>
	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt">
	  <p>The MIT Kerberos 5 Key Distribution Center (KDC) daemon is
	     vulnerable to a double-free condition if the Public Key
	     Cryptography for Initial Authentication (PKINIT) capability is
	     enabled, resulting in daemon crash or arbitrary code execution
	     (which is believed to be difficult).</p>
	  <p>An unauthenticated remote attacker can induce a double-free
	     event, causing the KDC daemon to crash (denial of service),
	     or to execute arbitrary code.  Exploiting a double-free event
	     to execute arbitrary code is believed to be difficult.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0284</cvename>
      <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt</url>
    </references>
    <dates>
      <discovery>2011-03-15</discovery>
      <entry>2011-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="4ab413ea-66ce-11e0-bf05-d445f3aa24f0">
    <topic>krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><ge>1.7</ge><lt>1.7.2</lt></range>
	<range><ge>1.8</ge><le>1.8.4</le></range>
	<range><eq>1.9</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>An advisory published by the MIT Kerberos team says:</p>
	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt">
	  <p>The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
	    to denial of service attacks from unauthenticated remote
	    attackers.  CVE-2011-0281 and CVE-2011-0282 occur only in KDCs
	    using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9
	    KDCs.</p>
	  <p>Exploit code is not known to exist, but the vulnerabilities are
	    easy to trigger manually.  The trigger for CVE-2011-0281 has
	    already been disclosed publicly, but that fact might not be
	    obvious to casual readers of the message in which it was
	    disclosed.  The triggers for CVE-2011-0282 and CVE-2011-0283
	    have not yet been disclosed publicly, but they are also
	    trivial.</p>
	  <p>CVE-2011-0281: An unauthenticated remote attacker can cause a KDC
	    configured with an LDAP back end to become completely unresponsive
	    until restarted.</p>
	  <p>CVE-2011-0282: An unauthenticated remote attacker can cause a KDC
	    configured with an LDAP back end to crash with a null pointer
	    dereference.</p>
	  <p>CVE-2011-0283: An unauthenticated remote attacker can cause a
	    krb5-1.9 KDC with any back end to crash with a null pointer
	    dereference.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0281</cvename>
      <cvename>CVE-2011-0282</cvename>
      <cvename>CVE-2011-0283</cvename>
      <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="64f24a1e-66cf-11e0-9deb-f345f3aa24f0">
    <topic>krb5 -- MITKRB5-SA-2011-001, kpropd denial of service</topic>
    <affects>
      <package>
	<name>krb5</name>
	<range><ge>1.7</ge><lt>1.7.2</lt></range>
	<range><ge>1.8</ge><lt>1.8.4</lt></range>
	<range><eq>1.9</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>An advisory published by the MIT Kerberos team says:</p>
	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt">
	  <p>The MIT krb5 KDC database propagation daemon (kpropd) is
	    vulnerable to a denial-of-service attack triggered by invalid
	    network input.  If a kpropd worker process receives invalid
	    input that causes it to exit with an abnormal status, it can
	    cause the termination of the listening process that spawned it,
	    preventing the slave KDC it was running on from receiving
	    database updates from the master KDC.</p>
	  <p>Exploit code is not known to exist, but the vulnerabilities are
	    easy to trigger manually.</p>
	  <p>An unauthenticated remote attacker can cause kpropd running in
	    standalone mode (the "-S" option) to terminate its listening
	    process, preventing database propagations to the KDC host on
	    which it was running.  Configurations where kpropd runs in
	    incremental propagation mode ("iprop") or as an inetd server
	    are not affected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-4022</cvename>
      <url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="2eccb24f-61c0-11e0-b199-0015f2db7bde">
    <topic>xrdb -- root hole via rogue hostname</topic>
    <affects>
      <package>
	<name>xrdb</name>
	<range><lt>1.0.6_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matthias Hopf reports:</p>
	<blockquote cite="http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html">
	  <p>By crafting hostnames with shell escape characters, arbitrary
	    commands can be executed in a root environment when a display
	    manager reads in the resource database via xrdb.</p>
	  <p>These specially crafted hostnames can occur in two environments:</p>
	  <p>Systems are affected are: systems set their hostname via DHCP,
	    and the used DHCP client allows setting of hostnames with illegal
	    characters. And systems that allow remote logins via xdmcp.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0465</cvename>
      <url>http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html</url>
    </references>
    <dates>
      <discovery>2011-04-05</discovery>
      <entry>2011-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="a4372a68-652c-11e0-a25a-00151735203a">
    <topic>OTRS -- Several XSS attacks possible</topic>
    <affects>
      <package>
	<name>otrs</name>
	<range><gt>2.3.*</gt><lt>3.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OTRS Security Advisory reports:</p>
	<blockquote cite="http://otrs.org/advisory/OSA-2011-01-en/">
	  <ul>
	    <li>Several XSS attacks possible:
	      An attacker could trick a logged in user to following a prepared
	      URL inside of the OTRS system which causes a page to be shown that
	      possibly includes malicious !JavaScript code because of incorrect
	      escaping during the generation of the HTML page.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1518</cvename>
      <url>http://otrs.org/advisory/OSA-2011-01-en/</url>
    </references>
    <dates>
      <discovery>2011-03-12</discovery>
      <entry>2011-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="7e69f00d-632a-11e0-9f3a-001d092480a4">
    <topic>isc-dhcp-client -- dhclient does not strip or escape shell meta-characters</topic>
    <affects>
      <package>
	<name>isc-dhcp31-client</name>
	<range><lt>3.1.ESV_1,1</lt></range>
      </package>
      <package>
	<name>isc-dhcp41-client</name>
	<range><lt>4.1.e,2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-0997">
	  <p>ISC dhclient did not strip or escape certain shell meta-characters
	    in responses from the dhcp server (like hostname) before passing the
	    responses on to dhclient-script. Depending on the script and OS,
	    this can result in execution of exploit code on the client.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0997</cvename>
      <certvu>107886</certvu>
    </references>
    <dates>
      <discovery>2011-04-05</discovery>
      <entry>2011-04-10</entry>
    </dates>
  </vuln>

  <vuln vid="b9281fb9-61b2-11e0-b1ce-0019d1a7ece2">
    <topic>tinyproxy -- ACL lists ineffective when range is configured</topic>
    <affects>
      <package>
	<name>tinyproxy</name>
	<range><lt>1.8.2_2,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	  <p>When including a line to allow a network of IP addresses, the access to tinyproxy
	    56 is actually allowed for all IP addresses.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1499</cvename>
      <url>https://banu.com/bugzilla/show_bug.cgi?id=90</url>
    </references>
    <dates>
      <discovery>2010-05-18</discovery>
      <entry>2011-04-08</entry>
    </dates>
  </vuln>

  <vuln vid="b2a40507-5c88-11e0-9e85-00215af774f0">
    <topic>quagga -- two DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>quagga</name>
	<range><lt>0.99.17_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Quagga developers report:</p>
	<blockquote cite="http://www.quagga.net/news2.php?y=2011&amp;m=3&amp;d=21#id1300723200">
	  <p>Quagga 0.99.18 has been released.
	    This release fixes 2 denial of services in bgpd, which can be
	    remotely triggered by malformed AS-Pathlimit or Extended-Community
	    attributes. These issues have been assigned CVE-2010-1674 and
	    CVE-2010-1675. Support for AS-Pathlimit has been removed with this
	    release.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-1674</cvename>
      <cvename>CVE-2010-1675</cvename>
      <url>http://www.quagga.net/news2.php?y=2011&amp;m=3&amp;d=21#id1300723200</url>
    </references>
    <dates>
      <discovery>2010-04-30</discovery>
      <entry>2011-04-01</entry>
    </dates>
  </vuln>

  <vuln vid="c6fbd447-59ed-11e0-8d04-0015f2db7bde">
    <topic>gdm -- privilege escalation vulnerability</topic>
    <affects>
      <package>
	<name>gdm</name>
	<range><lt>2.30.5_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Sebastian Krahmer reports:</p>
	<blockquote cite="http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html">
	  <p>It was discovered that the GNOME Display Manager (gdm) cleared the cache
	    directory, which is owned by an unprivileged user, with the privileges of the
	    root user.  A race condition exists in gdm where a local user could take
	    advantage of this by writing to the cache directory between ending the session
	    and the signal to clean up the session, which could lead to the execution of
	    arbitrary code as the root user.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0727</cvename>
      <url>http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=688323</url>
    </references>
    <dates>
      <discovery>2011-03-28</discovery>
      <entry>2011-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="fe853666-56ce-11e0-9668-001fd0d616cf">
    <topic>php -- ZipArchive segfault with FL_UNCHANGED on empty archive</topic>
    <affects>
      <package>
	<name>php5-zip</name>
	<range><lt>5.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>US-CERT/NIST reports:</p>
	<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0421">
	  <p>The _zip_name_locate function in zip_name_locate.c in the Zip extension
	    in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
	    argument, which might allow context-dependent attackers to cause a
	    denial of service (application crash) via an empty ZIP archive that is
	    processed with a (1) locateName or (2) statName operation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0421</cvename>
    </references>
    <dates>
      <discovery>2011-03-20</discovery>
      <entry>2011-03-25</entry>
    </dates>
  </vuln>

  <vuln vid="cc3bfec6-56cd-11e0-9668-001fd0d616cf">
    <topic>php -- crash on crafted tag in exif</topic>
    <affects>
      <package>
	<name>php5-exif</name>
	<range><lt>5.3.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>US-CERT/NIST reports:</p>
	<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0708">
	  <p>exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
	    performs an incorrect cast, which allows remote attackers to cause a
	    denial of service (application crash) via an image with a crafted
	    Image File Directory (IFD) that triggers a buffer over-read.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0708</cvename>
    </references>
    <dates>
      <discovery>2011-03-20</discovery>
      <entry>2011-03-25</entry>
    </dates>
  </vuln>

  <vuln vid="501ee07a-5640-11e0-985a-001b2134ef46">
    <topic>linux-flashplugin -- remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f8-flashplugin</name>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.2r153</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/advisories/apsa11-01.html">
	  <p>A critical vulnerability exists in Adobe Flash Player
	    10.2.152.33 and earlier versions (Adobe Flash Player
	    10.2.154.18 and earlier for Chrome users) for Windows,
	    Macintosh, Linux and Solaris operating systems, Adobe
	    Flash Player 10.1.106.16 and earlier versions for Android,
	    and the Authplay.dll component that ships with Adobe Reader
	    and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of
	    Reader and Acrobat for Windows and Macintosh operating systems.</p>
	  <p>This vulnerability (CVE-2011-0609) could cause a crash and
	    potentially allow an attacker to take control of the affected
	    system. There are reports that this vulnerability is being
	    exploited in the wild in targeted attacks via a Flash (.swf)
	    file embedded in a Microsoft Excel (.xls) file delivered as
	    an email attachment.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0609</cvename>
      <url>http://www.adobe.com/support/security/advisories/apsa11-01.html</url>
    </references>
    <dates>
      <discovery>2011-01-20</discovery>
      <entry>2011-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="b2f09169-55af-11e0-9d6f-000f20797ede">
    <topic>mozilla -- update to HTTPS certificate blacklist</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>3.6.*,1</gt><lt>3.6.16,1</lt></range>
	<range><gt>3.5.*,1</gt><lt>3.5.18,1</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><gt>1.9.2.*</gt><lt>1.9.2.16</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.16,1</lt></range>
      </package>
      <package>
	<name>linux-firefox-devel</name>
	<range><lt>3.5.18</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.13</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-11 Update to HTTPS certificate blacklist</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.mozilla.org/security/announce/2011/mfsa2011-11.html</url>
    </references>
    <dates>
      <discovery>2011-03-22</discovery>
      <entry>2011-03-24</entry>
    </dates>
  </vuln>

  <vuln vid="14a6f516-502f-11e0-b448-bbfa2731f9c7">
    <topic>postfix -- plaintext command injection with SMTP over TLS</topic>
    <affects>
      <package>
	<name>postfix</name>
	<name>postfix-base</name>
	<range><ge>2.7.*,1</ge><lt>2.7.3,1</lt></range>
	<range><ge>2.6.*,1</ge><lt>2.6.9,1</lt></range>
	<range><ge>2.5.*,2</ge><lt>2.5.12,2</lt></range>
	<range><ge>2.4.*,1</ge><lt>2.4.16,1</lt></range>
      </package>
      <package>
	<name>postfix-current</name>
	<name>postfix-current-base</name>
	<range><lt>2.9.20100120,4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Wietse Venema has discovered a software flaw that allows
	  an attacker to inject client commands into an SMTP session
	  during the unprotected plaintext SMTP protocol phase, such
	  that the server will execute those commands during the SMTP-
	  over-TLS protocol phase when all communication is supposed
	  to be protected.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0411</cvename>
      <url>http://www.postfix.org/CVE-2011-0411.html</url>
      <url>http://secunia.com/advisories/43646/</url>
    </references>
    <dates>
      <discovery>2011-03-07</discovery>
      <entry>2011-03-19</entry>
    </dates>
  </vuln>

  <vuln vid="b13414c9-50ba-11e0-975a-000c29cc39d3">
    <topic>hiawatha -- integer overflow in Content-Length header parsing</topic>
    <affects>
      <package>
	<name>hiawatha</name>
	<range><lt>7.4_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Hugo Leisink reports:</p>
	<blockquote cite="http://www.hiawatha-webserver.org/weblog/16">
	  <p>A bug has been found in version 7.4 of the Hiawatha webserver,
	    which could lead to a server crash. This is caused by an integer
	    overflow in the routine that reads the HTTP request. A too large
	    value of the Content-Length HTTP header results in an overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.hiawatha-webserver.org/weblog/16</url>
      <url>http://secunia.com/advisories/43660/</url>
      <url>http://securityvulns.com/Zdocument902.html</url>
      <url>http://packetstormsecurity.org/files/99021/Hiawatha-WebServer-7.4-Denial-Of-Service.html</url>
      <url>http://seclists.org/bugtraq/2011/Mar/65</url>
    </references>
    <dates>
      <discovery>2011-02-25</discovery>
      <entry>2011-03-17</entry>
    </dates>
  </vuln>

  <vuln vid="bfe9c75e-5028-11e0-b2d2-00215c6a37bb">
    <topic>asterisk -- Multiple Vulnerabilities</topic>
    <affects>
     <package>
       <name>asterisk16</name>
       <range><gt>1.6.*</gt><lt>1.6.2.17.1</lt></range>
     </package>
     <package>
       <name>asterisk18</name>
       <range><gt>1.8.*</gt><lt>1.8.3.1</lt></range>
     </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://www.venturevoip.com/news.php?rssid=2521">
	  <p>The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1
	    resolve two issues:</p>
	  <ul>
	    <li>Resource exhaustion in Asterisk Manager Interface
	      (AST-2011-003)</li>
	    <li>Remote crash vulnerability in TCP/TLS server
	      (AST-2011-004)</li>
	  </ul>
	  <p>The issues and resolutions are described in the AST-2011-003
	    and AST-2011-004 security advisories.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-003.html</url>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-004.html</url>
    </references>
    <dates>
      <discovery>2011-03-01</discovery>
      <entry>2011-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="8b986a05-4dbe-11e0-8b9a-02e0184b8d35">
    <topic>avahi -- denial of service</topic>
    <affects>
      <package>
	<name>avahi</name>
	<name>avahi-app</name>
	<name>avahi-autoipd</name>
	<name>avahi-gtk</name>
	<name>avahi-libdns</name>
	<name>avahi-qt3</name>
	<name>avahi-qt4</name>
	<name>avahi-sharp</name>
	<range><lt>0.6.29</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Avahi developers reports:</p>
	<blockquote cite="http://secunia.com/advisories/43361/">
	  <p>A vulnerability has been reported in Avahi, which can be exploited
	    by malicious people to cause a DoS (Denial of Service).
	    The vulnerability is caused due to an error when processing certain
	    UDP packets, which can be exploited to trigger an infinite loop by
	    e.g. sending an empty packet to port 5353/UDP.</p>
	</blockquote>
      </body>
    </description>
    <references>
     <cvename>CVE-2011-1002</cvename>
     <cvename>CVE-2010-2244</cvename>
     <url>http://secunia.com/advisories/43361/</url>
     <url>https://bugzilla.redhat.com/show_bug.cgi?id=667187</url>
    </references>
    <dates>
      <discovery>2011-02-21</discovery>
      <entry>2011-03-13</entry>
    </dates>
  </vuln>

  <vuln vid="64691c49-4b22-11e0-a226-00e0815b8da8">
    <topic>mailman -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>mailman</name>
	<range><lt>2.1.14_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>CVE reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707">
	  <p>Multiple cross-site scripting (XSS) vulnerabilities in
	    Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote
	    attackers to inject arbitrary web script or HTML via the (1)
	    full name or (2) username field in a confirmation message.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0707</cvename>
      <url>http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html</url>
    </references>
    <dates>
      <discovery>2011-02-13</discovery>
      <entry>2011-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="cf96cd8d-48fb-11e0-98a6-0050569b2d21">
    <topic>redmine -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>redmine</name>
	<range><gt>1.0</gt><lt>1.1.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jean-Philippe Lang reports:</p>
	<blockquote cite="http://www.redmine.org/news/53">
	  <p>This maintenance release for 1.1.x users includes
	    13 bug fixes since 1.1.1 and a security fix (XSS
	    vulnerability affecting all Redmine versions from
	    1.0.1 to 1.1.1).
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.redmine.org/news/53</url>
    </references>
    <dates>
      <discovery>2011-03-07</discovery>
      <entry>2011-03-07</entry>
    </dates>
  </vuln>

  <vuln vid="e27ca763-4721-11e0-bdc4-001e8c75030d">
    <topic>subversion -- remote HTTP DoS vulnerability</topic>
    <affects>
      <package>
	<name>subversion</name>
	<range><ge>1.6</ge><le>1.6.15</le></range>
	<range><ge>1.5</ge><le>1.6.9</le></range>
      </package>
      <package>
	<name>subversion-freebsd</name>
	<range><ge>1.6</ge><le>1.6.15</le></range>
	<range><ge>1.5</ge><le>1.6.9</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion project reports:</p>
	<blockquote cite="http://subversion.apache.org/security/CVE-2011-0715-advisory.txt">
	  <p>Subversion HTTP servers up to 1.5.9 (inclusive) or 1.6.15 (inclusive)
	    are vulnerable to a remotely triggerable NULL-pointer dereference.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0715</cvename>
    </references>
    <dates>
      <discovery>2011-02-27</discovery>
      <entry>2011-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="45f102cd-4456-11e0-9580-4061862b8c22">
    <topic>mozilla -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>firefox</name>
	<range><gt>3.6.*,1</gt><lt>3.6.14,1</lt></range>
	<range><gt>3.5.*,1</gt><lt>3.5.17,1</lt></range>
      </package>
      <package>
	<name>libxul</name>
	<range><gt>1.9.2.*</gt><lt>1.9.2.14</lt></range>
      </package>
      <package>
	<name>linux-firefox</name>
	<range><lt>3.6.14,1</lt></range>
      </package>
      <package>
	<name>linux-firefox-devel</name>
	<range><lt>3.5.17</lt></range>
      </package>
      <package>
	<name>linux-seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.12</lt></range>
      </package>
      <package>
	<name>linux-thunderbird</name>
	<range><ge>3.1</ge><lt>3.1.8</lt></range>
      </package>
      <package>
	<name>seamonkey</name>
	<range><gt>2.0.*</gt><lt>2.0.12</lt></range>
      </package>
      <package>
	<name>thunderbird</name>
	<range><lt>3.1.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Mozilla Project reports:</p>
	<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
	  <p>MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)</p>
	  <p>MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true</p>
	  <p>MFSA 2011-03 Use-after-free error in JSON.stringify</p>
	  <p>MFSA 2011-04 Buffer overflow in JavaScript upvarMap</p>
	  <p>MFSA 2011-05 Buffer overflow in JavaScript atom map</p>
	  <p>MFSA 2011-06 Use-after-free error using Web Workers</p>
	  <p>MFSA 2011-07 Memory corruption during text run construction (Windows)</p>
	  <p>MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents</p>
	  <p>MFSA 2011-09 Crash caused by corrupted JPEG image</p>
	  <p>MFSA 2011-10 CSRF risk with plugins and 307 redirects</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-1585</cvename>
      <cvename>CVE-2011-0051</cvename>
      <cvename>CVE-2011-0053</cvename>
      <cvename>CVE-2011-0054</cvename>
      <cvename>CVE-2011-0055</cvename>
      <cvename>CVE-2011-0056</cvename>
      <cvename>CVE-2011-0057</cvename>
      <cvename>CVE-2011-0058</cvename>
      <cvename>CVE-2011-0059</cvename>
      <cvename>CVE-2011-0061</cvename>
      <cvename>CVE-2011-0062</cvename>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-01.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-02.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-03.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-04.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-05.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-06.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-07.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-08.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-09.html</url>
      <url>https://www.mozilla.org/security/announce/2011/mfsa2011-10.html</url>
    </references>
    <dates>
      <discovery>2011-03-01</discovery>
      <entry>2011-03-01</entry>
    </dates>
  </vuln>

  <vuln vid="be3dfe33-410b-11e0-9e02-00215c6a37bb">
    <topic>openldap -- two security bypass vulnerabilities</topic>
    <affects>
      <package>
	<name>openldap-server</name>
	<range><gt>2.4.0</gt><lt>2.4.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/43331/">
	  <p>Two vulnerabilities have been reported in
	    OpenLDAP, which can be exploited by malicious
	    people to bypass certain security restrictions.</p>
	  <p>The vulnerabilities are reported in versions
	    prior to 2.4.24.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://secunia.com/advisories/43331/</url>
    </references>
    <dates>
      <discovery>2011-02-14</discovery>
      <entry>2011-02-25</entry>
    </dates>
  </vuln>

  <vuln vid="65d16342-3ec8-11e0-9df7-001c42d23634">
    <topic>asterisk -- Exploitable Stack and Heap Array Overflows</topic>
    <affects>
     <package>
       <name>asterisk14</name>
       <range><gt>1.4.*</gt><lt>1.4.39.2</lt></range>
     </package>
     <package>
       <name>asterisk16</name>
       <range><gt>1.6.*</gt><lt>1.6.2.16.2</lt></range>
     </package>
     <package>
       <name>asterisk18</name>
       <range><gt>1.8.*</gt><lt>1.8.2.4</lt></range>
     </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-February/000302.html">
	  <p>The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and
	    1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple
	    heap based arrays can be made to overflow by specially
	    crafted packets. Systems configured for T.38 pass through or
	    termination are vulnerable. The issue and resolution are described
	    in the AST-2011-002 security advisory.</p>
	</blockquote>
      </body>
    </description>
    <references>
	<url>http://downloads.asterisk.org/pub/security/AST-2011-002.html</url>
	<url>http://secunia.com/advisories/43429/</url>
    </references>
    <dates>
      <discovery>2011-02-21</discovery>
      <entry>2011-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="ae0e5835-3cad-11e0-b654-00215c6a37bb">
    <topic>PivotX -- administrator password reset vulnerability</topic>
    <affects>
      <package>
	<name>pivotx</name>
	<range><lt>2.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>US CERT reports:</p>
	<blockquote cite="http://www.kb.cert.org/vuls/id/175068">
	  <p>PivotX contains a vulnerability that allows an
	    attacker to change the password of any account
	    just by guessing the username.  Version 2.2.4 has
	    been reported to not be affected.
	    This vulnerability is being exploited in the wild
	    and users should immediately upgrade to 2.2.5 or
	    later.  Mitigation steps for users that have been
	    compromised have been posted to the <a href="http://forum.pivotx.net/viewtopic.php?f=2&amp;t=1967">PivotX
	    Support Community</a>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-1035</cvename>
    </references>
    <dates>
      <discovery>2011-02-18</discovery>
      <entry>2011-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="553ec4ed-38d6-11e0-94b1-000c29ba66d2">
    <topic>tomcat -- Cross-site scripting vulnerability</topic>
    <affects>
      <package>
	<name>tomcat</name>
	<range><gt>5.5.0</gt><lt>5.5.32</lt></range>
      </package>
      <package>
	<name>tomcat</name>
	<range><gt>6.0.0</gt><lt>6.0.30</lt></range>
      </package>
      <package>
	<name>tomcat</name>
	<range><gt>7.0.0</gt><lt>7.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tomcat security team reports:</p>
	<blockquote cite="http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32">
	  <p>The HTML Manager interface displayed web applciation
	    provided data, such as display names, without filtering.
	    A malicious web application could trigger script execution
	    by an administartive user when viewing the manager pages.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0013</cvename>
      <url>http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32</url>
      <url>http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30</url>
      <url>http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6</url>
    </references>
    <dates>
      <discovery>2010-11-12</discovery>
      <entry>2011-02-15</entry>
      <modified>2011-09-30</modified>
    </dates>
  </vuln>

  <vuln vid="cd68ff50-362b-11e0-ad36-00215c6a37bb">
    <topic>phpMyAdmin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>phpMyAdmin</name>
	<range><lt>3.3.9.2</lt></range>
      </package>
      <package>
	<name>phpMyAdmin211</name>
	<range><lt>2.11.11.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpMyAdmin team reports:</p>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php">
	  <p>It was possible to create a bookmark which would be executed
	    unintentionally by other users.</p>
	</blockquote>
	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php">
	  <p>When the files README, ChangeLog or LICENSE have been removed
	    from their original place (possibly by the distributor), the
	    scripts used to display these files can show their full path,
	    leading to possible further attacks.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php</url>
      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-02-11</entry>
    </dates>
  </vuln>

  <vuln vid="4a3482da-3624-11e0-b995-001b2134ef46">
    <topic>linux-flashplugin -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>linux-flashplugin</name>
	<range><le>9.0r289</le></range>
      </package>
      <package>
	<name>linux-f8-flashplugin</name>
	<name>linux-f10-flashplugin</name>
	<range><lt>10.2r152</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Adobe Product Security Incident Response Team reports:</p>
	<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-02.html">
	  <p>Critical vulnerabilities have been identified in
	    Adobe Flash Player 10.1.102.64 and earlier versions for
	    Windows, Macintosh, Linux, and Solaris. These vulnerabilities
	    could cause the application to crash and could potentially
	    allow an attacker to take control of the affected system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0558</cvename>
      <cvename>CVE-2011-0559</cvename>
      <cvename>CVE-2011-0560</cvename>
      <cvename>CVE-2011-0561</cvename>
      <cvename>CVE-2011-0571</cvename>
      <cvename>CVE-2011-0572</cvename>
      <cvename>CVE-2011-0573</cvename>
      <cvename>CVE-2011-0574</cvename>
      <cvename>CVE-2011-0575</cvename>
      <cvename>CVE-2011-0577</cvename>
      <cvename>CVE-2011-0578</cvename>
      <cvename>CVE-2011-0607</cvename>
      <cvename>CVE-2011-0608</cvename>
      <url>http://www.adobe.com/support/security/bulletins/apsb11-02.html</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-02-11</entry>
    </dates>
  </vuln>

  <vuln vid="53bde960-356b-11e0-8e81-0022190034c0">
    <topic>mupdf -- Remote System Access</topic>
    <affects>
      <package>
	<name>mupdf</name>
	<range><lt>0.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/43020/">
	  <p>The vulnerability is caused due to an error within the
	    "closedctd()" function in fitz/filt_dctd.c when processing PDF
	    files containing certain malformed JPEG images. This can be
	    exploited to cause a stack corruption by e.g. tricking a user
	    into opening a specially crafted PDF file.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>46027</bid>
      <url>http://secunia.com/advisories/43020/</url>
    </references>
    <dates>
      <discovery>2011-01-26</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="1cae628c-3569-11e0-8e81-0022190034c0">
    <topic>rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability</topic>
    <affects>
      <package>
	<name>rubygem-mail</name>
	<range><lt>2.2.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Secunia reports:</p>
	<blockquote cite="http://secunia.com/advisories/43077/">
	  <p>Input passed via an email from address is not properly sanitised
	    in the "deliver()" function (lib/mail/network/delivery_methods/sendmail.rb)
	    before being used as a command line argument. This can be exploited
	    to inject arbitrary shell commands.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>46021</bid>
      <cvename>CVE-2011-0739</cvename>
      <url>http://secunia.com/advisories/43077/</url>
      <url>http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1</url>
    </references>
    <dates>
      <discovery>2011-01-25</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="7c492ea2-3566-11e0-8e81-0022190034c0">
    <topic>plone -- Remote Security Bypass</topic>
    <affects>
      <package>
	<name>plone</name>
	<range><ge>2.5</ge><lt>3</lt></range>
      </package>
      <package>
	<name>plone3</name>
	<range><ge>3</ge><le>3.3</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Plone developer reports:</p>
	<blockquote cite="http://plone.org/products/plone/security/advisories/cve-2011-0720">
	  <p>This is an escalation of privileges attack that can be used by
	    anonymous users to gain access to a Plone site's administration
	    controls, view unpublished content, create new content and modify a
	    site's skin.  The sandbox protecting access to the underlying
	    system is still in place, and it does not grant access to other
	    applications running on the same Zope instance.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>46102</bid>
      <cvename>CVE-2011-0720</cvename>
      <url>http://plone.org/products/plone/security/advisories/cve-2011-0720</url>
    </references>
    <dates>
      <discovery>2011-02-02</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="44ccfab0-3564-11e0-8e81-0022190034c0">
    <topic>exim -- local privilege escalation</topic>
    <affects>
      <package>
	<name>exim</name>
	<name>exim-ldap</name>
	<name>exim-ldap2</name>
	<name>exim-mysql</name>
	<name>exim-postgresql</name>
	<name>exim-sa-exim</name>
	<range><lt>4.74</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>exim.org reports:</p>
	<blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74">
	  <p>CVE-2011-0017 - check return value of setuid/setgid. This is a
	    privilege escalation vulnerability whereby the Exim run-time user
	    can cause root to append content of the attacker's choosing to
	    arbitrary files.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0017</cvename>
      <url>ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74</url>
    </references>
    <dates>
      <discovery>2011-01-31</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="f2b43905-3545-11e0-8e81-0022190034c0">
    <topic>openoffice.org -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openoffice.org</name>
	<range><lt>3.3.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>OpenOffice.org Security Team reports:</p>
	<blockquote cite="http://www.openoffice.org/security/bulletin.html">
	  <p>Fixed in OpenOffice.org 3.3</p>
	  <ul>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html">
		CVE-2010-2935 / CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to PowerPoint document processing</li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-3450.html">
		CVE-2010-3450</a>: Security Vulnerability in OpenOffice.org related to Extensions and filter package files</li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html">
		CVE-2010-3451 / CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF document processing </li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html">
		CVE-2010-3453 / CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word document processing  </li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-3689.html">
		CVE-2010-3689</a>: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html">
		CVE-2010-3702 / CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF</li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html">
		CVE-2010-4008 / CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2 </li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-4253.html">
		CVE-2010-4253</a>: Security Vulnerability in OpenOffice.org related to PNG file processing </li>
	    <li><a href="http://www.openoffice.org/security/cves/CVE-2010-4643.html">
		CVE-2010-4643</a>: Security Vulnerability in OpenOffice.org related to TGA file processing  </li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.openoffice.org/security/bulletin.html</url>
      <url>http://secunia.com/advisories/40775/</url>
    </references>
    <dates>
      <discovery>2010-08-04</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="35ecdcbe-3501-11e0-afcd-0015f2db7bde">
    <topic>webkit-gtk2 -- Multiple vurnabilities.</topic>
    <affects>
      <package>
	<name>webkit-gtk2</name>
	<range><lt>1.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gustavo Noronha Silva reports:</p>
	<blockquote cite="http://permalink.gmane.org/gmane.os.opendarwin.webkit.gtk/405">
	  <p>This release has essentially security fixes. Refer to the
	    WebKit/gtk/NEWS file inside the tarball for details. We would like
	    to thank the Red Hat security team (Huzaifa Sidhpurwala in
	    particular) and Michael Gilbert from Debian for their help in
	    checking (and pushing!) security issues affecting the WebKitGTK+
	    stable branch for this release.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-2901</cvename>
      <cvename>CVE-2010-4040</cvename>
      <cvename>CVE-2010-4042</cvename>
      <cvename>CVE-2010-4199</cvename>
      <cvename>CVE-2010-4492</cvename>
      <cvename>CVE-2010-4493</cvename>
      <cvename>CVE-2010-4578</cvename>
      <cvename>CVE-2011-0482</cvename>
      <cvename>CVE-2011-0778</cvename>
      <url>https://bugs.webkit.org/show_bug.cgi?id=48328</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=50710</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=50840</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=50932</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=51993</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=53265</url>
      <url>https://bugs.webkit.org/show_bug.cgi?id=53276</url>
      <url>http://permalink.gmane.org/gmane.os.opendarwin.webkit.gtk/405</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="ce6ce2f8-34ac-11e0-8103-00215c6a37bb">
    <topic>awstats -- arbitrary commands execution vulnerability</topic>
    <affects>
      <package>
	<name>awstats</name>
	<range><lt>7.0,1</lt></range>
      </package>
      <package>
	<name>awstats-devel</name>
	<range><gt>0</gt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Awstats change log reports:</p>
	<blockquote cite="http://awstats.sourceforge.net/docs/awstats_changelog.txt">
	  <ul>
	    <li>Security fix (Traverse directory of LoadPlugin)</li>
	    <li>Security fix (Limit config to defined directory
	      to avoid access to external config file via a nfs
	      or webdav link).</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-4367</cvename>
      <url>http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html</url>
      <url>http://awstats.sourceforge.net/docs/awstats_changelog.txt</url>
    </references>
    <dates>
      <discovery>2010-05-01</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="2eda0c54-34ab-11e0-8103-00215c6a37bb">
    <topic>opera -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>opera</name>
	<name>opera-devel</name>
	<name>linux-opera</name>
	<range><lt>11.01</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Opera reports:</p>
	<blockquote cite="http://www.opera.com/docs/changelogs/unix/1101/">
	  <p>Opera 11.01 is a recommended upgrade offering security and
	    stability enhancements.</p>
	  <p>The following security vulnerabilities have been fixed:</p>
	  <ul>
	    <li>Removed support for "<code>javascript:</code>" URLs in
	      CSS -o-link values, to make it easier for sites to filter
	      untrusted CSS.</li>
	    <li>Fixed an issue where large form inputs could allow
	      execution of arbitrary code, as reported by Jordi Chancel;
	      see our <a href="http://www.opera.com/support/kb/view/982/">advisory</a>.</li>
	    <li>Fixed an issue which made it possible to carry out
	      clickjacking attacks against internal opera: URLs;
	      see our <a href="http://www.opera.com/support/kb/view/983/">advisory</a>.</li>
	    <li>Fixed issues which allowed web pages to gain limited
	      access to files on the user's computer; see our
	      <a href="http://www.opera.com/support/kb/view/984/">advisory</a>.</li>
	    <li>Fixed an issue where email passwords were not immediately
	      deleted when deleting private data; see our
	      <a href="http://www.opera.com/support/kb/view/986/">advisory</a>.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0450</cvename>
      <cvename>CVE-2011-0681</cvename>
      <cvename>CVE-2011-0682</cvename>
      <cvename>CVE-2011-0683</cvename>
      <cvename>CVE-2011-0684</cvename>
      <cvename>CVE-2011-0685</cvename>
      <cvename>CVE-2011-0686</cvename>
      <cvename>CVE-2011-0687</cvename>
      <url>http://www.opera.com/support/kb/view/982/</url>
      <url>http://www.opera.com/support/kb/view/983/</url>
      <url>http://www.opera.com/support/kb/view/984/</url>
      <url>http://secunia.com/advisories/43023</url>
    </references>
    <dates>
      <discovery>2011-01-26</discovery>
      <entry>2011-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="bd760627-3493-11e0-8103-00215c6a37bb">
    <topic>django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py23-django</name>
	<name>py24-django</name>
	<name>py25-django</name>
	<name>py26-django</name>
	<name>py27-django</name>
	<name>py30-django</name>
	<name>py31-django</name>
	<range><gt>1.2</gt><lt>1.2.5</lt></range>
	<range><gt>1.1</gt><lt>1.1.4</lt></range>
      </package>
      <package>
	<name>py23-django-devel</name>
	<name>py24-django-devel</name>
	<name>py25-django-devel</name>
	<name>py26-django-devel</name>
	<name>py27-django-devel</name>
	<name>py30-django-devel</name>
	<name>py31-django-devel</name>
	<range><lt>15470,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django project reports:</p>
	<blockquote cite="http://www.djangoproject.com/weblog/2011/feb/08/security/">
	  <p>Today the Django team is issuing multiple releases --
	    Django 1.2.5 and Django 1.1.4 -- to remedy three security
	    issues reported to us. All users of affected versions of
	    Django are urged to upgrade immediately.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.djangoproject.com/weblog/2011/feb/08/security/</url>
    </references>
    <dates>
      <discovery>2011-02-08</discovery>
      <entry>2011-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="8d04cfbd-344d-11e0-8669-0025222482c5">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki</name>
	<range><lt>1.16.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Medawiki reports:</p>
	<blockquote cite="http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html">
	  <p>An arbitrary script inclusion vulnerability was discovered. The
	    vulnerability only allows execution of files with names ending in
	    ".php" which are already present in the local filesystem. Only servers
	    running Microsoft Windows and possibly Novell Netware are affected.
	    Despite these mitigating factors, all users are advised to upgrade,
	    since there is a risk of complete server compromise. MediaWiki 1.8.0
	    and later is affected.</p>
	  <p>Security researcher mghack discovered a CSS injection
	    vulnerability. For Internet Explorer and similar browsers, this is
	    equivalent to an XSS vulnerability, that is to say, it allows the
	    compromise of wiki user accounts. For other browsers, it allows private
	    data such as IP addresses and browsing patterns to be sent to a malicious
	    external web server. It affects all versions of MediaWiki. All users are
	    advised to upgrade.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0047</cvename>
      <url>https://bugzilla.wikimedia.org/show_bug.cgi?id=27094</url>
      <url>https://bugzilla.wikimedia.org/show_bug.cgi?id=27093</url>
      <url>http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES</url>
      <url>http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html</url>
    </references>
    <dates>
      <discovery>2011-02-01</discovery>
      <entry>2011-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="8c93e997-30e0-11e0-b300-485d605f4717">
    <topic>wordpress -- SQL injection vulnerability</topic>
    <affects>
      <package>
	<name>wordpress</name>
	<range><lt>3.0.2,1</lt></range>
      </package>
      <package>
	<name>de-wordpress</name>
	<name>zh-wordpress-zh_CN</name>
	<name>zh-wordpress-zh_TW</name>
	<range><lt>3.0.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Vendor reports:</p>
	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257">
	  <p>SQL injection vulnerability in the do_trackbacks function in
	    wp-includes/comment.php in WordPress before 3.0.2 allows remote
	    authenticated users to execute arbitrary SQL commands via the Send
	    Trackbacks field.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-4257</cvename>
      <url>http://www.cvedetails.com/cve/CVE-2010-4257/</url>
    </references>
    <dates>
      <discovery>2010-11-16</discovery>
      <entry>2011-02-05</entry>
      <modified>2011-02-09</modified>
    </dates>
  </vuln>

  <vuln vid="f9258873-2ee2-11e0-afcd-0015f2db7bde">
    <topic>vlc -- Insufficient input validation in MKV demuxer</topic>
    <affects>
      <package>
	<name>vlc</name>
	<range><lt>1.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>VLC team reports:</p>
	<blockquote cite="http://www.videolan.org/security/sa1102.html">
	  <p>When parsing an invalid MKV (Matroska or WebM) file, input
	    validation are insufficient.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.videolan.org/security/sa1102.html</url>
    </references>
    <dates>
      <discovery>2011-01-26</discovery>
      <entry>2011-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="8015600f-2c80-11e0-9cc1-00163e5bf4f9">
    <topic>maradns -- denial of service when resolving a long DNS hostname</topic>
    <affects>
      <package>
	<name>maradns</name>
	<range><lt>1.4.06</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MaraDNS developer Sam Trenholme reports:</p>
	<blockquote cite="http://samiam.org/blog/20110129.html">
	  <p>... a mistake in allocating an array of integers, allocating it
	    in bytes instead of sizeof(int) units. This resulted in a buffer
	    being too small, allowing it to be overwritten. The impact of this
	    programming error is that MaraDNS can be crashed by sending
	    MaraDNS a single "packet of death". Since the data placed in the
	    overwritten array cannot be remotely controlled (it is a list of
	    increasing integers), there is no way to increase privileges
	    exploiting this bug.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>45966</bid>
      <cvename>CVE-2011-0520</cvename>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834</url>
    </references>
    <dates>
      <discovery>2011-01-23</discovery>
      <entry>2011-01-31</entry>
    </dates>
  </vuln>

  <vuln vid="dc9f8335-2b3b-11e0-a91b-00e0815b8da8">
    <topic>isc-dhcp-server -- DHCPv6 crash</topic>
    <affects>
      <package>
	<name>isc-dhcp41-server</name>
	<range><le>4.1.2,1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>ISC reports:</p>
	<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-0413">
	  <p>When the DHCPv6 server code processes a message for an address
	    that was previously declined and internally tagged as abandoned
	    it can trigger an assert failure resulting in the server crashing.
	    This could be used to crash DHCPv6 servers remotely. This issue
	    only affects DHCPv6 servers. DHCPv4 servers are unaffected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0413</cvename>
      <url>http://www.isc.org/software/dhcp/advisories/cve-2011-0413</url>
      <url>http://www.kb.cert.org/vuls/id/686084</url>
    </references>
    <dates>
      <discovery>2011-01-26</discovery>
      <entry>2011-01-28</entry>
    </dates>
  </vuln>

  <vuln vid="c8c927e5-2891-11e0-8f26-00151735203a">
    <topic>bugzilla -- multiple serious vulnerabilities</topic>
    <affects>
      <package>
	<name>bugzilla</name>
	<range><ge>2.14.*</ge><lt>3.6.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A Bugzilla Security Advisory reports:</p>
	<blockquote cite="http://www.bugzilla.org/security/3.2.9/">
	  <p>This advisory covers three security issues that have recently been
	    fixed in the Bugzilla code:</p>
	  <ul>
	    <li>A weakness in Bugzilla could allow a user to gain unauthorized
	      access to another Bugzilla account.</li>
	    <li>A weakness in the Perl CGI.pm module allows injecting HTTP
	      headers and content to users via several pages in Bugzilla.</li>
	    <li>If you put a harmful "javascript:" or "data:" URL into
	      Bugzilla's "URL" field, then there are multiple situations in
	      which Bugzilla will unintentionally make that link clickable.</li>
	    <li>Various pages lack protection against cross-site request
	      forgeries.</li>
	  </ul>
	  <p>All affected installations are encouraged to upgrade as soon as
	    possible.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>25425</bid>
      <cvename>CVE-2010-4568</cvename>
      <cvename>CVE-2010-2761</cvename>
      <cvename>CVE-2010-4411</cvename>
      <cvename>CVE-2010-4572</cvename>
      <cvename>CVE-2010-4567</cvename>
      <cvename>CVE-2010-0048</cvename>
      <cvename>CVE-2011-0046</cvename>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621591</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=619594</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=591165</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621572</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=619588</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=628034</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621090</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621105</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621107</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621108</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621109</url>
      <url>https://bugzilla.mozilla.org/show_bug.cgi?id=621110</url>
    </references>
    <dates>
      <discovery>2011-01-24</discovery>
      <entry>2011-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="7580f00e-280c-11e0-b7c8-00215c6a37bb">
    <topic>dokuwiki -- multiple privilege escalation vulnerabilities</topic>
    <affects>
      <package>
	<name>dokuwiki</name>
	<range><lt>20101107a</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dokuwiki reports:</p>
	<blockquote cite="http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=2136">
	  <p>This security update fixes problems in the XMLRPC
	    interface where ACLs where not checked correctly
	    sometimes, making it possible to access and write
	    information that should not have been accessible/writable.
	    This only affects users who have enabled the XMLRPC
	    interface (default is off) and have enabled XMLRPC
	    access for users who can't access/write all content
	    anyway (default is nobody, see <a href="http://www.dokuwiki.org/config:xmlrpcuser">http://www.dokuwiki.org/config:xmlrpcuser</a>
	    for details).</p>
	  <p>This update also includes a fix for a problem in
	    the general ACL checking function that could be exploited
	    to gain access to restricted pages and media files in rare
	    conditions (when you had rights for an id you could get
	    the same rights on ids where one character has been
	    replaced by a ".").</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=2136</url>
    </references>
    <dates>
      <discovery>2011-01-16</discovery>
      <entry>2011-01-24</entry>
    </dates>
  </vuln>

  <vuln vid="5ab9fb2a-23a5-11e0-a835-0003ba02bf30">
    <topic>asterisk -- Exploitable Stack Buffer Overflow</topic>
    <affects>
      <package>
	<name>asterisk14</name>
	<range><gt>1.4.*</gt><lt>1.4.39.1</lt></range>
      </package>
      <package>
	<name>asterisk16</name>
	<range><gt>1.6.*</gt><lt>1.6.2.16.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><gt>1.8.*</gt><lt>1.8.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk Development Team reports:</p>
	<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-January/000297.html">
	  <p>The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
	  1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an
	  outgoing SIP request while in pedantic mode, which can cause a stack
	  buffer to be made to overflow if supplied with carefully crafted
	  caller ID information. The issue and resolution are described in the
	  AST-2011-001 security advisory.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://downloads.asterisk.org/pub/security/AST-2011-001.pdf</url>
    </references>
    <dates>
      <discovery>2011-01-18</discovery>
      <entry>2011-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="2c2d4e83-2370-11e0-a91b-00e0815b8da8">
    <topic>tarsnap -- cryptographic nonce reuse</topic>
    <affects>
      <package>
	<name>tarsnap</name>
	<range><ge>1.0.22</ge><le>1.0.27</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Colin Percival reports:</p>
	<blockquote cite="http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html">
	  <p>In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value
	    is not incremented after each chunk is encrypted. (The CTR counter
	    is correctly incremented after each 16 bytes of data was processed,
	    but this counter is reset to zero for each new chunk.)</p>
	  <p>Note that since the Tarsnap client-server protocol is encrypted,
	    being able to intercept Tarsnap client-server traffic does not
	    provide an attacker with access to the data.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html</url>
    </references>
    <dates>
      <discovery>2011-01-18</discovery>
      <entry>2011-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="4c017345-1d89-11e0-bbee-0014a5e3cda6">
    <topic>MoinMoin -- cross-site scripting vulnerabilities</topic>
    <affects>
      <package>
	<name>moinmoin</name>
	<range><lt>1.9.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MoinMoin developers reports:</p>
	<blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES">
	  <p>Fix XSS in Despam action (CVE-2010-0828)</p>
	</blockquote>
	<blockquote cite="http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg">
	  <p>Fix XSS issues</p>
	  <ul>
	    <li>by escaping template name in messages</li>
	    <li>by fixing other places that had similar issues</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>39110</bid>
      <cvename>CVE-2010-0828</cvename>
      <url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES</url>
      <url>http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg</url>
    </references>
    <dates>
      <discovery>2010-04-05</discovery>
      <entry>2011-01-11</entry>
    </dates>
  </vuln>

  <vuln vid="38bdf10e-2293-11e0-bfa4-001676740879">
    <topic>tor -- remote code execution and crash</topic>
    <affects>
      <package>
	<name>tor</name>
	<range><lt>0.2.1.29</lt></range>
      </package>
      <package>
	<name>tor-devel</name>
	<range><lt>0.2.2.21.a</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tor Project reports:</p>
	<blockquote cite="http://archives.seul.org/or/announce/Jan-2011/msg00000.html">
	  <p>A remote heap overflow vulnerability that can allow remote
	    code execution. Other fixes address a variety of assert and crash
	    bugs, most of which we think are hard to exploit remotely.
	    All Tor users should upgrade.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>45832</bid>
      <cvename>CVE-2011-0427</cvename>
      <freebsdpr>ports/154099</freebsdpr>
      <mlist msgid="20110117155813.GG3300@moria.seul.org">http://archives.seul.org/or/announce/Jan-2011/msg00000.html</mlist>
      <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog</url>
      <url>https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog</url>
    </references>
    <dates>
      <discovery>2011-01-15</discovery>
      <entry>2011-01-17</entry>
    </dates>
  </vuln>

  <vuln vid="908f4cf2-1e8b-11e0-a587-001b77d09812">
    <topic>sudo -- local privilege escalation</topic>
    <affects>
      <package>
	<name>sudo</name>
	<range><ge>1.7.0</ge><lt>1.7.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Todd Miller reports:</p>
	<blockquote cite="http://www.sudo.ws/sudo/alerts/runas_group_pw.html">
	  <p>Beginning with sudo version 1.7.0 it has been possible
	    to grant permission to run a command using a specified
	    group via sudo's -g option (run as group), if allowed by
	    the sudoers file. A flaw exists in sudo's password
	    checking logic that allows a user to run a command
	    with only the group changed without being prompted
	    for a password.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2011-0010</cvename>
      <url>http://www.sudo.ws/sudo/alerts/runas_group_pw.html</url>
      <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641</url>
    </references>
    <dates>
      <discovery>2011-01-11</discovery>
      <entry>2011-01-13</entry>
    </dates>
  </vuln>

  <vuln vid="71612099-1e93-11e0-a587-001b77d09812">
    <topic>subversion -- multiple DoS</topic>
    <affects>
      <package>
	<name>subversion</name>
	<range><lt>1.6.15</lt></range>
      </package>
      <package>
	<name>subversion-freebsd</name>
	<range><lt>1.6.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Entry for CVE-2010-4539 says:</p>
	<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4539">
	  <p>The walk function in repos.c in the mod_dav_svn module
	    for the Apache HTTP Server, as distributed in Apache
	    Subversion before 1.6.15, allows remote authenticated
	    users to cause a denial of service (NULL pointer
	    dereference and daemon crash) via vectors that trigger
	    the walking of SVNParentPath collections.</p>
	</blockquote>
	<p>Entry for CVE-2010-4644 says:</p>
	<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4644">
	  <p>Multiple memory leaks in rev_hunt.c in Apache Subversion
	    before 1.6.15 allow remote authenticated users to cause
	    a denial of service (memory consumption and daemon crash)
	    via the -g option to the blame command.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <bid>45655</bid>
      <cvename>CVE-2010-4539</cvename>
      <cvename>CVE-2010-4644</cvename>
    </references>
    <dates>
      <discovery>2011-01-02</discovery>
      <entry>2011-01-13</entry>
    </dates>
  </vuln>

  <vuln vid="2b6ed5c7-1a7f-11e0-b61d-000c29d1636d">
    <topic>php -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php5</name>
	<range><lt>5.3.5</lt></range>
      </package>
      <package>
	<name>php52</name>
	<range><lt>5.2.17</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PHP developers reports:</p>
	<blockquote cite="http://www.php.net/releases/5_3_5.php">
	  <p>Security Enhancements and Fixes in PHP 5.3.5:</p>
	  <ul>
	    <li>Fixed bug #53632 (PHP hangs on numeric value
	      2.2250738585072011e-308). (CVE-2010-4645)</li>
	  </ul>
	</blockquote>
	<blockquote cite="http://www.php.net/releases/5_2_17.php">
	  <p>Security Enhancements and Fixes in PHP 5.2.17:</p>
	  <ul>
	    <li>Fixed bug #53632 (PHP hangs on numeric value
	      2.2250738585072011e-308). (CVE-2010-4645)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-4645</cvename>
    </references>
    <dates>
      <discovery>2011-01-06</discovery>
      <entry>2011-01-09</entry>
      <modified>2011-01-09</modified>
    </dates>
  </vuln>

  <vuln vid="e4fcf020-0447-11e0-becc-0022156e8794">
    <topic>exim -- local privilege escalation</topic>
    <affects>
      <package>
	<name>exim</name>
	<range><lt>4.73</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Woodhouse reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3">
	  <p>Secondly a privilege escalation where the trusted 'exim'
	    user is able to tell Exim to use arbitrary config files,
	    in which further ${run ...} commands will be invoked as
	    root.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2010-4345</cvename>
      <url>http://www.exim.org/lurker/message/20101209.022730.dbb6732d.en.html</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3</url>
    </references>
    <dates>
      <discovery>2010-12-10</discovery>
      <entry>2011-01-08</entry>
    </dates>
  </vuln>

  <vuln vid="e177c410-1943-11e0-9d1c-000c29ba66d2">
    <topic>mediawiki -- Clickjacking vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki</name>
	<range><gt>1.16</gt><lt>1.16.1</lt></range>
	<range><gt>1.15</gt><lt>1.15.5_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Clickjacking vulnerabilities:</p>
	<blockquote cite="https://bugzilla.wikimedia.org/show_bug.cgi?id=26561">
	  <p>Clickjacking is a type of vulnerability discovered in 2008, which
	    is similar to CSRF. The attack involves displaying the target webpage
	    in a iframe embedded in a malicious website. Using CSS, the submit button
	    of the form on the targeit webpage is made invisible, and then overlaid
	    with some button or link on the malicious website that encourages
	    the user to click on it.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://bugzilla.wikimedia.org/show_bug.cgi?id=26561</url>
    </references>
    <dates>
      <discovery>2011-01-04</discovery>
      <entry>2011-01-06</entry>
    </dates>
  </vuln>