automatic update

1 files changed, 21 insertions, 42 deletions

diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index d7bcc33090..dad43f5a3b 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -2278,8 +2278,7 @@ CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
-CVE-2011-4350
-	RESERVED
+CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...)
 	- yaws 1.91-2 (bug #650009)
 	[lenny] - yaws <not-affected> (Vulnerable code not present)
 	[squeeze] - yaws <not-affected> (Vulnerable code not present)
@@ -2810,11 +2809,9 @@ CVE-2011-4123
 	REJECTED
 CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
 	NOT-FOR-US: OpenPAM
-CVE-2011-4121
-	RESERVED
+CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...)
 	- ruby1.9.1 <not-affected> (Only affected trunk versions)
-CVE-2011-4120 [authentication bypass by pressing ctrl-d]
-	RESERVED
+CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
 	- yubico-pam 2.10-1
 CVE-2011-4119
 	RESERVED
@@ -2920,8 +2917,7 @@ CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before
 	[squeeze] - net6 <no-dsa> (Minor issue)
 	[lenny] - net6 <no-dsa> (Minor issue)
 	- net6 1:1.3.14-1 (low; bug #647318)
-CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin]
-	RESERVED
+CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may  ...)
 	- serendipity <removed> (bug #650937)
 	[squeeze] - serendipity <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/oss-sec/2011/q4/192
@@ -2945,8 +2941,7 @@ CVE-2011-4084
 	REJECTED
 CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x  ...)
 	NOT-FOR-US: RedHat sos
-CVE-2011-4082
-	RESERVED
+CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...)
 	- phpldapadmin 0.9.8-1
 CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...)
 	- linux-2.6 3.0.0-6
@@ -2968,8 +2963,7 @@ CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when P
 CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c  ...)
 	{DSA-2389-1}
 	- linux-2.6 3.0.0-6
-CVE-2011-4076
-	RESERVED
+CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...)
 	- nova 2012.1~e1-1
 	NOTE: https://bugs.launchpad.net/nova/+bug/868360
 	NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/
@@ -4167,14 +4161,11 @@ CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when th
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
 CVE-2011-3633
 	REJECTED
-CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees]
-	RESERVED
+CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names  ...)
 	- hardlink <not-affected> (Only the C version, ours are written in Python)
-CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees]
-	RESERVED
+CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...)
 	- hardlink <not-affected> (Only the C version, ours are written in Python)
-CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees]
-	RESERVED
+CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...)
 	- hardlink <not-affected> (Only the C version, ours are written in Python)
 CVE-2011-3629
 	RESERVED
@@ -4195,8 +4186,7 @@ CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in
 	- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
 	[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
 	- mplayer2 2.0-134-g84d8671-9 (bug #646937)
-CVE-2011-3624
-	RESERVED
+CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...)
 	- ruby1.8 <removed> (low; bug #646020)
 	[lenny] - ruby1.8 <no-dsa> (Minor issue)
 	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
@@ -4225,8 +4215,7 @@ CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling .
 	- atop 1.23-1.1 (low; bug #622794)
 	[lenny] - atop 1.23-1+lenny1 (bug #622794)
 	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
-CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files]
-	RESERVED
+CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...)
 	- tahoe-lafs 1.8.3-1 (bug #641540)
 CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...)
 	- conky 1.8.0-1.1 (low; bug #612033)
@@ -4249,16 +4238,14 @@ CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB]
 CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
 	RESERVED
 	NOT-FOR-US: Serendipity plugin
-CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management API]
-	RESERVED
+CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2011-3608
 	REJECTED
 CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...)
 	{DSA-2405-1}
 	- apache2 2.2.21-4
-CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console]
-	RESERVED
+CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...)
 	{DSA-2323-1}
@@ -4281,8 +4268,7 @@ CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertis
 	[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
 	[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
 	NOTE: http://seclists.org/oss-sec/2011/q4/30
-CVE-2011-3600
-	RESERVED
+CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...)
 	- libxmlrpc3-java 3.1.3-1 (low)
 	[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
 CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when  ...)
@@ -4300,8 +4286,7 @@ CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for
 	[squeeze] - perl 5.10.1-17squeeze3
 	[lenny] - perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
-CVE-2011-3596
-	RESERVED
+CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...)
 	- polipo 1.0.4.1-1.2 (bug #644289)
 	[squeeze] - polipo <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
@@ -4342,13 +4327,11 @@ CVE-2011-3585
 	- cifs-utils 2:4.5-1 (low)
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
-CVE-2011-3584 [TYPO3-SA-2011-003]
-	RESERVED
+CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to  ...)
 	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
 	[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
 	[lenny] - typo3-src 4.2.5-1+lenny9
-CVE-2011-3583 [TYPO3-SA-2011-002]
-	RESERVED
+CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...)
 	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
 	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
 	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
@@ -4939,12 +4922,10 @@ CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does no
 	{DSA-2401-1}
 	- tomcat6 6.0.33-1
 	- tomcat7 7.0.22-1
-CVE-2011-3374 [apt-key insecure validation]
-	RESERVED
+CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...)
 	- apt <unfixed> (unimportant; bug #642480)
 	NOTE: Not exploitable in Debian, since no keyring URI is defined
-CVE-2011-3373
-	RESERVED
+CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...)
 	NOT-FOR-US: Views Bulk Operations module for Drupal
 CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...)
 	{DSA-2318-1}
@@ -5010,8 +4991,7 @@ CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_def
 	- mantis 1.2.7-1 (low; bug #640297)
 	[squeeze] - mantis <not-affected> (Vulnerable code not present)
 	[lenny] - mantis <not-affected> (Vulnerable code not present)
-CVE-2011-3355
-	RESERVED
+CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...)
 	- evolution-data-server3 3.2.1-1 (bug #641052)
 CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...)
 	{DSA-2389-1}
@@ -5020,8 +5000,7 @@ CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fus
 	[squeeze] - linux-2.6 2.6.32-36
 CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...)
 	NOT-FOR-US: Zikula
-CVE-2011-3351
-	RESERVED
+CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely  ...)
 	- openvas-server <removed> (low; bug #641327)
 	[squeeze] - openvas-server <no-dsa> (Minor issue)
 	NOTE: openvas-scanner in experimental also affected according to #671327