summaryrefslogtreecommitdiffstats
path: root/data/CVE/2011.list
blob: 9fc930ce0b01e6d8fb8dfdf337f2daaeba276645 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
8991
8992
8993
8994
8995
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
11569
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
11605
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
11634
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
11660
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
11686
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
11742
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
11777
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
11804
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
11834
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
11871
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
11890
11891
11892
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
11922
11923
11924
11925
11926
11927
11928
11929
11930
11931
11932
11933
11934
11935
11936
11937
11938
11939
11940
11941
11942
11943
11944
11945
11946
11947
11948
11949
11950
11951
11952
11953
11954
11955
11956
11957
11958
11959
11960
11961
11962
11963
11964
11965
11966
11967
11968
11969
11970
11971
11972
11973
11974
11975
11976
11977
11978
11979
11980
11981
11982
11983
11984
11985
11986
11987
11988
11989
11990
11991
11992
11993
11994
11995
11996
11997
11998
11999
12000
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
14001
14002
14003
14004
14005
14006
14007
14008
14009
14010
14011
14012
14013
14014
14015
14016
14017
14018
14019
14020
14021
14022
14023
14024
14025
14026
14027
14028
14029
14030
14031
14032
14033
14034
14035
14036
14037
14038
14039
14040
14041
14042
14043
14044
14045
14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
14097
14098
14099
14100
14101
14102
14103
14104
14105
14106
14107
14108
14109
14110
14111
14112
14113
14114
14115
14116
14117
14118
14119
14120
14121
14122
14123
14124
14125
14126
14127
14128
14129
14130
14131
14132
14133
14134
14135
14136
14137
14138
14139
14140
14141
14142
14143
14144
14145
14146
14147
14148
14149
14150
14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
CVE-2011-5331 (Distributed Ruby (aka DRuby) 1.8 mishandles instance_eval. ...)
	NOT-FOR-US: Distributed Ruby
CVE-2011-5330 (Distributed Ruby (aka DRuby) 1.8 mishandles the sending of syscalls. ...)
	NOT-FOR-US: Distributed Ruby
CVE-2011-5329 (The redirection plugin before 2.2.9 for WordPress has XSS in the admin ...)
	NOT-FOR-US: redirection plugin for WordPress
CVE-2011-5328 (The user-access-manager plugin before 1.2 for WordPress has CSRF. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5327 (In the Linux kernel before 3.1, an off by one in the drivers/target/lo ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: https://git.kernel.org/linus/12f09ccb4612734a53e47ed5302e0479c10a50f8
CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of servi ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #639414)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
	NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
	{DLA-1445-1}
	- busybox 1:1.27.2-1 (bug #802702)
	[stretch] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other  ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password o ...)
	NOT-FOR-US: GE Healthcare Centricity Analytics Server
CVE-2011-5321 (The tty_open function in drivers/tty/tty_io.c in the Linux kernel befo ...)
	{DLA-246-1}
	- linux 3.2.20-1
	- linux-2.6 3.2.1-1
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
	NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename.
CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google  ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local users to  ...)
	{DLA-165-1}
	- glibc 2.15
	- eglibc 2.13-25 (bug #553206)
	NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
	NOTE: be handled correctly then by the tracker.
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138
	NOTE: https://www.openwall.com/lists/oss-security/2015/02/26/2
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
	NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.C ...)
	NOT-FOR-US: diafan.CMS
CVE-2011-5317 (Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS  ...)
	NOT-FOR-US: WonderCMS
CVE-2011-5316 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: Cambio
CVE-2011-5315 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in  ...)
	NOT-FOR-US: whCMS
CVE-2011-5314 (templates/default/index.php in Redaxscript 0.3.2 allows remote attacke ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5313 (Multiple SQL injection vulnerabilities in includes/password.php in Red ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allo ...)
	NOT-FOR-US: Gollos
CVE-2011-5311 (Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipa ...)
	NOT-FOR-US: Wikipad
CVE-2011-5310 (Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows ...)
	NOT-FOR-US: Wikipad
CVE-2011-5309 (Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 ...)
	NOT-FOR-US: Wikipad
CVE-2011-5308 (Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnv ...)
	NOT-FOR-US: cdnvote plugin for WordPress
CVE-2011-5307 (Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmas ...)
	NOT-FOR-US: PhotoSmash plugin for WordPress
CVE-2011-5306 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5305 (Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO  ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5304 (Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Po ...)
	NOT-FOR-US: Sodahead Polls plugin for WordPress
CVE-2011-5303 (Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allow ...)
	NOT-FOR-US: Spitfire CMS
CVE-2011-5302 (Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php  ...)
	NOT-FOR-US: PHPDug
CVE-2011-5301 (Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 al ...)
	NOT-FOR-US: PHPDug
CVE-2011-5300 (Cross-site request forgery (CSRF) vulnerability in admin/setup/config/ ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5299 (Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark  ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5298 (Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle S ...)
	NOT-FOR-US: Argyle Social
CVE-2011-5297 (Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 al ...)
	NOT-FOR-US: TTChat
CVE-2011-5296 (Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat  ...)
	NOT-FOR-US: Happy Chat
CVE-2011-5295 (Buffer overflow in the Download method in a certain ActiveX control in ...)
	NOT-FOR-US: Gogago YouTube Video Converter
CVE-2011-5294 (The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in ...)
	NOT-FOR-US: Kofax e-Transactions Sender Sendbox
CVE-2011-5293 (The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX contro ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5292 (The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FT ...)
	NOT-FOR-US: Easewe FTP OCX
CVE-2011-5291 (The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in C ...)
	NOT-FOR-US: Ashampoo 3D CAD Professional
CVE-2011-5290 (The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control i ...)
	NOT-FOR-US: IDrive Online Backup
CVE-2011-5289 (The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX  ...)
	NOT-FOR-US: aTube Catcher
CVE-2011-5288 (Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5287 (Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4 ...)
	NOT-FOR-US: HESK
CVE-2011-5286 (SQL injection vulnerability in social-slider-2/ajax.php in the Social  ...)
	NOT-FOR-US: Social Slider plugin for WordPress
CVE-2011-5285 (Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 a ...)
	NOT-FOR-US: BugFree
CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web management  ...)
	NOT-FOR-US: Smoothwall
CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Smoothwall
CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...)
	NOT-FOR-US: mIRC
CVE-2011-5374
	RESERVED
CVE-2011-5281
	RESERVED
CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote att ...)
	- boinc 7.0.2+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft In ...)
	NOT-FOR-US: Microsoft IIS
CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum Signatu ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the Advance ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller fun ...)
	- dtc 0.34.1-1
CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 g ...)
	- dtc 0.34.1-1
CVE-2011-5274 (The drawAdminTools_PackageInstaller function in shared/inc/forms/packa ...)
	- dtc 0.34.1-1
CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in Domai ...)
	- dtc 0.34.1-1
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	- dtc 0.34.1-1
CVE-2011-5271 (Pacemaker before 1.1.6 configure script creates temporary files insecu ...)
	- pacemaker 1.1.6-1 (unimportant; bug #633964)
	NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
	NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
	- wordpress 3.2.1+dfsg-1
CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3  ...)
	NOT-FOR-US: ProjectForge
CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets, whic ...)
	- bip 0.8.9-1
	[squeeze] - bip <no-dsa> (Minor issue)
	[wheezy] - bip <no-dsa> (Minor issue)
	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: https://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...)
	NOT-FOR-US: SpellChecker module in Xinha
CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall (WAF)
CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in SA ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allo ...)
	NOT-FOR-US: SonicWALL Aventail
CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M ...)
	NOT-FOR-US: Axis M10 Series Network Cameras
CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...)
	NOT-FOR-US: NetWeaver
CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php i ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...)
	NOT-FOR-US: WordPress theme
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in  ...)
	NOT-FOR-US: X3 CMS
CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...)
	NOT-FOR-US: Connections plugin for WordPress
CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to  ...)
	NOT-FOR-US: Dl Download Ticket Service
CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x b ...)
	NOT-FOR-US: Orchard
CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and  ...)
	NOT-FOR-US: vBulletin
CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
	NOT-FOR-US: Snare for Linux
CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...)
	NOT-FOR-US: SNARE
CVE-2011-5248
	RESERVED
CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...)
	NOT-FOR-US: Snare for Linux
CVE-2011-5246
	RESERVED
CVE-2011-5373
	REJECTED
CVE-2011-5372
	REJECTED
CVE-2011-5371
	REJECTED
CVE-2011-5370
	REJECTED
CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEas ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken function ...)
	{DSA-2357-1}
	- evince 2.32.0-1
	[squeeze] - evince 2.30.3-2+squeeze1
	NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start
CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...)
	NOT-FOR-US: TwitterOAuth
CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches  ...)
	NOT-FOR-US: tmhOAuth
CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname matche ...)
	NOT-FOR-US: PEAR module for Twitter
CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
	NOT-FOR-US: Magento
CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname match ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the  ...)
	NOT-FOR-US: google-checkout-php-sample-code
CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a  ...)
	NOT-FOR-US: PayPal WPS ToolKit
CVE-2011-5236 (Moneris eSelectPlus 2.03 PHP API does not verify that the server hostn ...)
	NOT-FOR-US: Moneris eSelectPlus 2.03 PHP API
CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...)
	NOT-FOR-US: mnoGoSearch
CVE-2011-5234 (SQL injection vulnerability in user.php in Social Network Community 2  ...)
	NOT-FOR-US: Social Network Community
CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote atta ...)
	NOT-FOR-US: IrfanView
CVE-2011-5232
	REJECTED
CVE-2011-5231
	REJECTED
CVE-2011-5230 (Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass  ...)
	NOT-FOR-US: Seotoaster
CVE-2011-5229 (SQL injection vulnerability in quickstart/profile/index.php in the For ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5228 (Cross-site scripting (XSS) vulnerability in the Search module (quickst ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5227 (Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in E ...)
	NOT-FOR-US: Enterasys Network Management Suite
CVE-2011-5226 (Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel. ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5225 (Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in  ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...)
	- cacti 0.8.7i-1 (low)
	[squeeze] - cacti 0.8.7g-1+squeeze4
CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and ...)
	NOT-FOR-US: PHP Flirt-Projekt
CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function in svn ...)
	- websvn 2.3.1-1
CVE-2011-5220 (Cross-site scripting (XSS) vulnerability in templates/default/Admin/Lo ...)
	NOT-FOR-US: PHP-SCMS
CVE-2011-5219 (Directory traversal vulnerability in examples/show_code.php in mPDF 5. ...)
	NOT-FOR-US: mPDF
CVE-2011-5218 (SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows ...)
	NOT-FOR-US: DotA OpenStats
CVE-2011-5217 (Directory traversal vulnerability in the PXE Mtftp service in Hitachi  ...)
	NOT-FOR-US: Hitachi JP1/ServerConductor/DeploymentManager
CVE-2011-5216 (SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress p ...)
	NOT-FOR-US: WordPress plugin SCORM Cloud
CVE-2011-5215 (SQL injection vulnerability in index.php in Video Community Portal all ...)
	NOT-FOR-US: Video Community Portal
CVE-2011-5214 (Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.10 ...)
	NOT-FOR-US: BrowserCRM
CVE-2011-5213 (Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earl ...)
	NOT-FOR-US: BrowserCRM
CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 al ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0  ...)
	NOT-FOR-US: Limny
CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone S ...)
	NOT-FOR-US: GraphicsClone
CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin be ...)
	NOT-FOR-US: BackWPup
CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...)
	NOT-FOR-US: WP TheCartPress
CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech be ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local u ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a de ...)
	NOT-FOR-US: WinCDEmu
CVE-2011-5201 (Multiple SQL injection vulnerabilities in sign.php in tinyguestbook al ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5200 (Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow ...)
	NOT-FOR-US: DeDeCMS
CVE-2011-5199 (Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook  ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5198 (SQL injection vulnerability in search.php in Neturf eCommerce Shopping ...)
	NOT-FOR-US: Neturf eCommerce Shopping Cart
CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	NOT-FOR-US: Public Knowledge Project Open Harvester Systems
CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in index/manager/fileU ...)
	NOT-FOR-US: Public Knowledge Project Open Conference Systems
CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5193 (Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhoi ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5192 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2011-5191 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty L ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book Fac ...)
	NOT-FOR-US: Social Book Facebook Clone 2010
CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation mod ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing Syst ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop p ...)
	NOT-FOR-US: jbShop plugin for e107
CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in Onli ...)
	NOT-FOR-US: Online Subtitles Workshop
CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-5182
	NOT-FOR-US: Wordpress Lanoba Social plugin
CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...)
	NOT-FOR-US: Wordpress ClickDesk Live Support - Live Chat plugin
CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in th ...)
	NOT-FOR-US: Wordpress ZooEffect plugin
CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php i ...)
	NOT-FOR-US: Skysa App Bar
CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in admin/controlle ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module 6 ...)
	NOT-FOR-US: Drupal module
CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier a ...)
	NOT-FOR-US: OrderSys
CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/u ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in B ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly B. ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Auth ...)
	NOT-FOR-US: Intel Trusted Execution Technology
CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows user-assi ...)
	NOT-FOR-US: Bugbear Entertainment FlatOut 2005
CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and poss ...)
	NOT-FOR-US: StoryBoard Quick 6 Build, StoryBoard Artist and StoryBoard Studio
CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 1 ...)
	NOT-FOR-US: CyberLink Power2Go
CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 al ...)
	NOT-FOR-US: Castillo Bueno Systems CCMPlayer
CVE-2011-5169 (SQL injection vulnerability in sgms/reports/scheduledreports/configure ...)
	NOT-FOR-US: SonicWall ViewPoint
CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 a ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone  ...)
	NOT-FOR-US: Oracle Hyperion Strategic Finance
CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote atta ...)
	NOT-FOR-US: KnFTP
CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier ...)
	NOT-FOR-US: Free MP3 CD Ripper
CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 thro ...)
	NOT-FOR-US: VanDyke Software AbsoluteFTP
CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch m ...)
	NOT-FOR-US: Schneider Electric CitectSCADA
CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assi ...)
	NOT-FOR-US: GOM Player
CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph funct ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 all ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...)
	NOT-FOR-US: Geeklog
CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and  ...)
	NOT-FOR-US: DATEV Grundpaket Basis
CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before 14 ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 allow ...)
	NOT-FOR-US: Effective File Search
CVE-2011-5155 (Untrusted search path vulnerability in Help &amp; Manual 5.5.1 Build 1 ...)
	NOT-FOR-US: Help & Manual 5.5.1 Build
CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ( ...)
	NOT-FOR-US: SAP GUI
CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows  ...)
	NOT-FOR-US: FotoSlate
CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor  ...)
	NOT-FOR-US: ACDSee Photo Editor
CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager 1. ...)
	NOT-FOR-US: ACDSee Picture Frame Manager
CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote atta ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07  ...)
	NOT-FOR-US: SpamTitan 5.07
CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08  ...)
	NOT-FOR-US: SpamTitan 5.08
CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File Uploa ...)
	NOT-FOR-US: Simple File Upload
CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax  ...)
	NOT-FOR-US: tinymce plugin
CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management (OB ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote at ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business M ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in  ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY- ...)
	NOT-FOR-US: DIY CMS
CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards D ...)
	NOT-FOR-US: Pre Studio Business Cards Designer
CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum b0.91 ...)
	NOT-FOR-US: tForum
CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote a ...)
	NOT-FOR-US: tForum
CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allo ...)
	NOT-FOR-US: EPractize Labs Subscription Manager
CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
	NOT-FOR-US: DoceboLMS
CVE-2011-5134 (Unrestricted file upload vulnerability in editor/extensions/browser/fi ...)
	NOT-FOR-US: JCE component for Joomla!
CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and  ...)
	NOT-FOR-US: MyBB
CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows r ...)
	NOT-FOR-US: MyBB
CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB  ...)
	NOT-FOR-US: MyBB
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...)
	NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...)
	- xchat <removed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize  ...)
	NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1  ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before  ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5123 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5122 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5121 (The Antivirus component in Comodo Internet Security before 5.3.175888. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5120 (The Antivirus component in Comodo Internet Security before 5.4.189822. ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before 5.8.211697 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before 5.8.213334 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, S ...)
	NOT-FOR-US: Sophos SafeGuard
CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11 ...)
	NOT-FOR-US: SetSeed CMS
CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and  ...)
	NOT-FOR-US: DLguard
CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the Authoritati ...)
	NOT-FOR-US: DLguard
CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in  ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before  ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...)
	NOT-FOR-US: Kajian Website CMS
CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earl ...)
	NOT-FOR-US: Blogs Manager
CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...)
	NOT-FOR-US: Freelancer calendar
CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0 ...)
	NOT-FOR-US: AdaptCMS
CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Be ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexi ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch. ...)
	NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-l ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script all ...)
	NOT-FOR-US: Alurian Prismotube PHP Video Script
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management conso ...)
	NOT-FOR-US: Websense
CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 a ...)
	NOT-FOR-US: McAfee
CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...)
	NOT-FOR-US: McAfee
CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter (m ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef befo ...)
	- chef 0.10.10-1
CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef be ...)
	- chef 0.10.10-1
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application Ser ...)
	NOT-FOR-US: Avaya Aura Application Server
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when  ...)
	- openssl 0.9.8a-1 (bug #684527)
	NOTE: fips version not used in Debian
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certa ...)
	NOTE: Disputed NSS issue
CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly impleme ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 a ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6 ...)
	NOT-FOR-US: GR Board
CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require auth ...)
	NOT-FOR-US: GR Board
CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS GENE ...)
	NOT-FOR-US: ICONICS, BizViz
CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 a ...)
	NOT-FOR-US: ICONICS GENESIS32, BizViz
CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows rem ...)
	NOT-FOR-US: AdAstrA TRACE MODE Data Center
CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before ...)
	NOT-FOR-US: Unitronics UniOPC
CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x befo ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4. ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in Dot ...)
	- dotclear 2.5+dfsg-1 (low; bug #670227)
	NOTE: Post-authentication; vulnerability is actually in admin/media.php.
CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin be ...)
	NOT-FOR-US: s2Member Pro plugin for WordPress
CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
	- backuppc 3.1.0-9.1 (low; bug #661011)
	[squeeze] - backuppc 3.1.0-9.1
	[lenny] - backuppc <no-dsa> (Minor issue)
CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tc ...)
	NOT-FOR-US: jftcaforms extension for TYPO3
CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2  ...)
	NOT-FOR-US: irfaq extension for TYPO3
CVE-2011-5078 (The web administration interface in the server in Sybase M-Business An ...)
	NOT-FOR-US: Sybase
CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki 5. ...)
	NOT-FOR-US: HDWiki
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0,  ...)
	NOT-FOR-US: HDWiki
CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker (ak ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support Inciden ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support  ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 all ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging Compon ...)
	NOT-FOR-US: WebSphere
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application  ...)
	NOT-FOR-US: WebSphere
CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication impl ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allow ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl crea ...)
	- libpar-perl 1.005-1 (bug #650707)
	[squeeze] - libpar-perl 1.000-1+squeeze1
CVE-2011-5059 (Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote ...)
	NOT-FOR-US: Final Draft
CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 S ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5057 (Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces  ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash value ...)
	- maradns <not-affected> (Only affects 2.x, see #653838)
CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...)
	- maradns 1.4.09-1 (low)
	[squeeze] - maradns <no-dsa> (Minor issue)
CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function,  ...)
	- kdebase-workspace <unfixed> (unimportant)
	NOTE: the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints)
	NOTE: Not exploitable without OpenPAM
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar ...)
	NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755 . All products listed there are not part of Debian.
CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
	NOT-FOR-US: CoCSoft Stream Down
CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium  ...)
	NOT-FOR-US: Symposium plugin for Wordpress
CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore Techn ...)
	NOT-FOR-US: Elitecore Technologies Cyberoam UTM
CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to cause ...)
	NOT-FOR-US: MySQL on Windows
CVE-2011-5048 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Web Experie ...)
	NOT-FOR-US: IBM Web Experience Factory
CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in pf ...)
	NOT-FOR-US: pfSense
CVE-2011-5046 (The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode d ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in PHP Bo ...)
	NOT-FOR-US: PHP Booking Calendar 10e (not in Debian)
CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for  ...)
	NOT-FOR-US: SopCast (not in Debian)
CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a deni ...)
	NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian)
CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SA ...)
	NOT-FOR-US: SASHA (not in Debian)
CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS 1 ...)
	NOT-FOR-US: Pulse Pro CMS (not in Debian)
CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biz ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj all ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly  ...)
	NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
	- libv8 3.6.6.14-2 (bug #653962)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
	{DSA-2783-1}
	- ruby-rack 1.4.0-1 (bug #653963)
	- librack-ruby <removed>
	NOTE: https://github.com/rack/rack/commit/5b9d09a81a9fdc9475f0ab0095cb2a33bf2a8f91
CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Se ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form parame ...)
	NOT-FOR-US: Apache Geronimo
CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security &amp; Fi ...)
	NOT-FOR-US: ConfigServer Security & Firewall
CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cau ...)
	NOT-FOR-US: WinMount
CVE-2011-5031 (Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalid ...)
	NOT-FOR-US: cApexWEB
CVE-2011-5030 (Cross-site scripting (XSS) vulnerability in the Meta tags quick module ...)
	NOT-FOR-US: Meta tags quick module for Drupal
CVE-2011-5029 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Sumple PHP Blog
CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in  ...)
	NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allow ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost function in da ...)
	NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki applic ...)
	- yaws 1.92-1 (low; bug #653966)
	[squeeze] - yaws <no-dsa> (Minor issue)
CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mai ...)
	NOT-FOR-US: ht://Dig integration for Mailman
CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows rem ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows re ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression Denia ...)
	- php-ids <itp> (bug #488848)
CVE-2011-5020 (An SQL Injection vulnerability exists in the ID parameter in Online TV ...)
	NOT-FOR-US: Online TV Database
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...)
	- textpattern <unfixed> (low)
	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...)
	NOT-FOR-US: Koala Framework
CVE-2011-5017
	RESERVED
CVE-2011-5016
	RESERVED
CVE-2011-5015
	RESERVED
CVE-2011-5014
	RESERVED
CVE-2011-5013
	RESERVED
CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7 ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in xt:Comme ...)
	NOT-FOR-US: xt:Commerce
CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows rem ...)
	NOT-FOR-US: Ctek SkyRouter
CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 S ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSy ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attacker ...)
	NOT-FOR-US: QQPlayer
CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier a ...)
	NOT-FOR-US: QuiXplorer
CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php in the  ...)
	NOT-FOR-US: Joomla extension
CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndex ...)
	NOT-FOR-US: Avid Media Composer
CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before 8.02 all ...)
	NOT-FOR-US: Final Draft
CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and e ...)
	- openssh 1:5.9p1-1
	[squeeze] - openssh 1:5.5p1-6+squeeze4
	NOTE: looking at the code an additional integer overflow check was added in at least 5.9
CVE-2011-4999
	REJECTED
CVE-2011-4998
	REJECTED
CVE-2011-4997
	REJECTED
CVE-2011-4996
	REJECTED
CVE-2011-4995
	REJECTED
CVE-2011-4994
	REJECTED
CVE-2011-4993
	REJECTED
CVE-2011-4992
	REJECTED
CVE-2011-4991
	REJECTED
CVE-2011-4990
	REJECTED
CVE-2011-4989
	REJECTED
CVE-2011-4988
	REJECTED
CVE-2011-4987
	REJECTED
CVE-2011-4986
	REJECTED
CVE-2011-4985
	REJECTED
CVE-2011-4984
	REJECTED
CVE-2011-4983
	REJECTED
CVE-2011-4982
	REJECTED
CVE-2011-4981
	REJECTED
CVE-2011-4980
	REJECTED
CVE-2011-4979
	REJECTED
CVE-2011-4978
	RESERVED
CVE-2011-4977
	RESERVED
CVE-2011-4976
	RESERVED
CVE-2011-4975
	RESERVED
CVE-2011-4974
	RESERVED
CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...)
	- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
	NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
	NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197
CVE-2011-4972 (hook_file_download in the CKEditor module 7.x-1.4 for Drupal does not  ...)
	NOT-FOR-US: Drupal module
CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ( ...)
	{DSA-2832-1}
	- memcached 1.4.13-0.3 (bug #706426)
	NOTE: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
CVE-2011-4970 (Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM)  ...)
	- lcgdm 1.8.6-1 (low; bug #702895)
	[wheezy] - lcgdm <no-dsa> (Minor issue)
	- dpm <removed>
	[squeeze] - dpm <no-dsa> (Minor issue)
CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when  ...)
	- jquery 1.6.4-1 (low; bug #699482)
	[squeeze] - jquery <no-dsa> (Minor issue)
	NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
	NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
CVE-2011-4968 (nginx http proxy module does not verify peer identity of https origin  ...)
	- nginx 1.9.1-1 (low; bug #697940)
	[jessie] - nginx <no-dsa> (Minor issue)
	[squeeze] - nginx <no-dsa> (Minor issue)
	[wheezy] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/ticket/13
	NOTE: Upstream commit: http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
CVE-2011-4967 (tog-Pegasus has a package hash collision DoS vulnerability ...)
	NOT-FOR-US: OpenPegasus
CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...)
	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
	[squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
	REJECTED
CVE-2011-4964
	REJECTED
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote  ...)
	- nginx <not-affected> (Only affects Nginx on Windows)
CVE-2011-4962 (code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x befor ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4961 (SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote  ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4960 (SQL injection vulnerability in the Folder::findOrMake method in Silver ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe 2 ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4958 (Cross-site scripting (XSS) vulnerability in the process function in SS ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 all ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in ...)
	NOT-FOR-US: wordpress bsuite plugin
CVE-2011-4954 (cobbler has local privilege escalation via the use of insecure locatio ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 al ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4952 (cobbler: Web interface lacks CSRF protection when using Django framewo ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware E ...)
	NOT-FOR-US: EGroupware
CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/tes ...)
	NOT-FOR-US: EGroupware
CVE-2011-4949 (SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/ ...)
	NOT-FOR-US: EGroupware
CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware En ...)
	NOT-FOR-US: EGroupware
CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in e107_admin/users_ex ...)
	NOT-FOR-US: e107
CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 b ...)
	NOT-FOR-US: e107
CVE-2011-4945 (PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which  ...)
	- policykit-1 0.103-1
	[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissio ...)
	{DLA-25-1}
	- python2.7 2.7.3~rc2-2 (low; bug #650555)
	- python2.6 2.6.8-1 (unimportant; bug #615118)
	NOTE: Negligible impact
CVE-2011-4943 (ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed  ...)
	NOT-FOR-US: ImpressPages CMS
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in admin/configura ...)
	NOT-FOR-US: Geeklog
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attac ...)
	- piwik <itp> (bug #506933)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPSe ...)
	{DLA-25-1}
	- python2.7 2.7.2-8 (unimportant)
	- python2.6 <unfixed> (unimportant; bug #664135)
	- python2.5 <removed> (unimportant)
	NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/11
	NOTE: This only affects IE7, which is inherently insecure anyway
CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin befor ...)
	- pidgin 2.10.2-1 (bug #664028)
	[squeeze] - pidgin <not-affected> (vulnerable code not present)
	NOTE: http://pidgin.im/news/security/?id=60
CVE-2011-4938 (Multiple cross-site scripting (XSS) vulnerabilities in Ariadne 2.7.6 a ...)
	NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4936
	REJECTED
CVE-2011-4935
	REJECTED
CVE-2011-4934
	REJECTED
CVE-2011-4933
	REJECTED
CVE-2011-4932 (Eval injection vulnerability in ip_cms/modules/standard/content_manage ...)
	NOT-FOR-US: ImpressPages CMS not in Debian
CVE-2011-4931 (gpw generates shorter passwords than required ...)
	- gpw <unfixed> (unimportant; bug #651510)
	NOTE: This has only marginal security impact
CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4,  ...)
	- condor <not-affected> (Fixed before initial release)
CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine  ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in R ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine  ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page ...)
	NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource  ...)
	- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
CVE-2011-4924 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12,  ...)
	- zope2.12 2.12.22-1
	- zope3 <removed> (low)
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.9 <removed>
	NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...)
	- backuppc 3.2.1-2 (bug #646865)
	[squeeze] - backuppc 3.1.0-9.1
CVE-2011-4922 (cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 retain ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
	NOTE: http://www.pidgin.im/news/security/?id=50
CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and po ...)
	NOT-FOR-US: e107
CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, an ...)
	NOT-FOR-US: e107
CVE-2011-4919 (mpack 1.6 has information disclosure via eavesdropping on mails sent b ...)
	- mpack 1.6-8 (low; bug #655971)
	[squeeze] - mpack <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009. ...)
	NOT-FOR-US: Elxis CMS, Aphrodite
CVE-2011-4917
	RESERVED
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4916
	RESERVED
CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 doe ...)
	{DSA-2389-1}
	- linux-2.6 2.6.38-4
CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified fi ...)
	NOT-FOR-US: Joomla!
CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allo ...)
	NOT-FOR-US: Joomla!
CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upl ...)
	NOT-FOR-US: Joomla!
CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...)
	NOT-FOR-US: Joomla!
CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows fil ...)
	NOT-FOR-US: Joomla!
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
	- activemq 5.5.0+dfsg-5 (bug #655495)
CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2011-4898 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2011-4904 (TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4903 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4902 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4901 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4900 (TYPO3 before 4.5.4 allows Information Disclosure in the backend. ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4897 (Tor before 0.2.2.25-alpha, when configured as a relay without the Nick ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4896 (Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4895 (Tor before 0.2.2.34, when configured as a bridge, sets up circuits thr ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4894 (Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort  ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4893
	REJECTED
CVE-2011-4892
	REJECTED
CVE-2011-4891
	REJECTED
CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows rem ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the Virtua ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-4888
	RESERVED
CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in th ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-4886
	RESERVED
CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without rest ...)
	{DSA-2399-1}
	- php5 5.3.9-1 (low)
CVE-2011-4884
	RESERVED
CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 all ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 doe ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec atvise w ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 20 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in Siemen ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4874 (Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows  ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before 2. ...)
	NOT-FOR-US: Certec EDV atvise
CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, Gla ...)
	NOT-FOR-US: Android devices
CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows remote atta ...)
	NOT-FOR-US: opcsystems.com
CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...)
	NOT-FOR-US: Invensys Wonderware
CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly per ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when u ...)
	- isc-dhcp 4.2.2.dfsg.1-5 (low; bug #655746)
	[squeeze] - isc-dhcp <not-affected> (vulnerable code not present)
CVE-2011-4867 (The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android ...)
	NOT-FOR-US: Tencent QQPhoto (com.tencent.qqphoto) application
CVE-2011-4866 (The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for ...)
	NOT-FOR-US: Kaixin001 (com.kaixin001.activity) application
CVE-2011-4865 (The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 app ...)
	NOT-FOR-US: Tencent WBlog
CVE-2011-4864 (The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Androi ...)
	NOT-FOR-US: Tencent MobileQQ (com.tencent.mobileqq) application
CVE-2011-4863 (The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 fo ...)
	NOT-FOR-US: Tencent QQPimSecure (com.tencent.qqpimsecure) application
CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 throu ...)
	{DSA-2375-1 DSA-2373-1 DSA-2372-1}
	- heimdal 1.5.dfsg.1-1 (high)
	- inetutils 2:1.8-6 (high)
	- krb5 1.8+dfsg~aa+r23527-1 (high)
	- krb5-appl 1:1.0.1-1.2 (high; bug #654231)
	NOTE: krb5 fixed through move of code to krb5-appl.
CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum Ethe ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4860 (The ComputePassword function in the Schneider Electric Quantum Etherne ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the Quantum ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23  ...)
	{DSA-2401-1}
	- tomcat5 <removed>
	- tomcat6 6.0.35-1
	- tomcat7 7.0.26-1
CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5 ...)
	NOT-FOR-US: Winamp
CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sen ...)
	NOT-FOR-US: Plesk
CVE-2011-4855 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omi ...)
	NOT-FOR-US: Plesk
CVE-2011-4854 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4853 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...)
	NOT-FOR-US: Plesk
CVE-2011-4852 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...)
	NOT-FOR-US: Plesk
CVE-2011-4851 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 gen ...)
	NOT-FOR-US: Plesk
CVE-2011-4850 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4849 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 doe ...)
	NOT-FOR-US: Plesk
CVE-2011-4848 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 inc ...)
	NOT-FOR-US: Plesk
CVE-2011-4847 (SQL injection vulnerability in the Control Panel in Parallels Plesk Pa ...)
	NOT-FOR-US: Plesk
CVE-2011-4846
	RESERVED
CVE-2011-4845
	RESERVED
CVE-2011-4844
	RESERVED
CVE-2011-4843
	RESERVED
CVE-2011-4842
	RESERVED
CVE-2011-4841
	RESERVED
CVE-2011-4840
	RESERVED
CVE-2011-4839
	RESERVED
CVE-2011-4838 (JRuby before 1.6.5.1 computes hash values without restricting the abil ...)
	{DLA-209-1}
	- jruby 1.5.6-4 (low; bug #686867)
CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web in ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in HomeS ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4835 (Directory traversal vulnerability in the web interface in HomeSeer HS2 ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4834 (The GetInstalledPackages function in the configuration tool in HP Appl ...)
	NOT-FOR-US: HP Application Lifestyle Management
CVE-2011-4833 (Multiple SQL injection vulnerabilities in the Leads module in SugarCRM ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-4832 (Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop Clas ...)
	NOT-FOR-US: CaupoShop
CVE-2011-4831 (Directory traversal vulnerability in webFileBrowser.php in Web File Br ...)
	NOT-FOR-US: Web File Browser
CVE-2011-4830 (Multiple cross-site scripting (XSS) vulnerabilities in the com_listing ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4829 (SQL injection vulnerability in the com_listing component in Barter Sit ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4828 (Unrestricted file upload vulnerability in includes/inline_image_upload ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4827 (Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4826 (SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0  ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4825 (Static code injection vulnerability in inc/function.base.php in Ajax F ...)
	NOT-FOR-US: Ajax File and Image Manager
CVE-2011-4824 (SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h a ...)
	{DSA-2384-1}
	- cacti 0.8.7i-1 (high; bug #652371)
CVE-2011-4823 (Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikreal ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user profil ...)
	NOT-FOR-US: Atlassian FishEye
CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...)
	NOT-FOR-US: D-Link router
CVE-2011-4820 (IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass ...)
	NOT-FOR-US: IBM
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asse ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset M ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and A ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4816 (SQL injection vulnerability in the KPI component in IBM Maximo Asset M ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restri ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.358-1
	- ruby1.9 <not-affected> (Includes randomisation of the hash function)
	- ruby1.9.1 <not-affected> (Includes randomisation of the hash function)
CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0  ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in WHMCompleteSolu ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4812 (Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4811 (SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows  ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4810 (Multiple directory traversal vulnerabilities in WHMCompleteSolution (W ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4809 (Multiple cross-site scripting (XSS) vulnerabilities in the HM Communit ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4808 (SQL injection vulnerability in the HM Community (com_hmcommunity) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4807 (Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4806 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in php ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4805 (Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crys ...)
	NOT-FOR-US: SAP Crystal Report Server
CVE-2011-4804 (Directory traversal vulnerability in the obSuggest (com_obsuggest) com ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4803 (SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin  ...)
	NOT-FOR-US: WPTouch WordPress plugin
CVE-2011-4802 (Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probab ...)
	- dolibarr 3.3.4-1
CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex Web  ...)
	NOT-FOR-US: Authenex Strong Authentication System
CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2011-4799
	REJECTED
CVE-2011-4798
	REJECTED
CVE-2011-4797
	REJECTED
CVE-2011-4796
	REJECTED
CVE-2011-4795
	REJECTED
CVE-2011-4794
	REJECTED
CVE-2011-4793
	REJECTED
CVE-2011-4792
	REJECTED
CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier al ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, an ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP L ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP Stora ...)
	NOT-FOR-US: HP StorageWorks
CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on  ...)
	NOT-FOR-US: HP-ChaiSOE/1.0 web server
CVE-2011-4784 (The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not properl ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2011-4783 (The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted re ...)
	NOT-FOR-US: IDA Pro
CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFil ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4781
	RESERVED
CVE-2011-4780 (Multiple cross-site scripting (XSS) vulnerabilities in libraries/displ ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4779
	REJECTED
CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteB ...)
	NOT-FOR-US: Plesk
CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...)
	NOT-FOR-US: Plesk
CVE-2011-4775
	RESERVED
CVE-2011-4774
	RESERVED
CVE-2011-5146 (Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users ...)
	- bokken 1.5-3 (bug #651931)
CVE-2011-4773 (The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android do ...)
	NOT-FOR-US: AnGuanJia (com.anguanjia.safe) application
CVE-2011-4772 (The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android doe ...)
	NOT-FOR-US: 360 KouXin (com.qihoo360.kouxin) application
CVE-2011-4771 (The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for And ...)
	NOT-FOR-US: Scan to PDF Free (com.scan.to.pdf.trial) application
CVE-2011-4770 (The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not ...)
	NOT-FOR-US: QIWI Wallet (ru.mw) application
CVE-2011-4769 (The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2. ...)
	NOT-FOR-US: 360 MobileSafe (com.qihoo360.mobilesafe) application
CVE-2011-4768 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4767 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4766 (** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels  ...)
	NOT-FOR-US: Plesk
CVE-2011-4765 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Bus ...)
	NOT-FOR-US: Plesk
CVE-2011-4764 (Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor ...)
	NOT-FOR-US: Plesk
CVE-2011-4763 (Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBui ...)
	NOT-FOR-US: Plesk
CVE-2011-4762 (Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Ty ...)
	NOT-FOR-US: Plesk
CVE-2011-4761 (Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type hea ...)
	NOT-FOR-US: Plesk
CVE-2011-4760 (Parallels Plesk Small Business Panel 10.2.0 has web pages containing e ...)
	NOT-FOR-US: Plesk
CVE-2011-4759 (Parallels Plesk Small Business Panel 10.2.0 generates web pages contai ...)
	NOT-FOR-US: Plesk
CVE-2011-4758 (Parallels Plesk Small Business Panel 10.2.0 receives cleartext passwor ...)
	NOT-FOR-US: Plesk
CVE-2011-4757 (Parallels Plesk Small Business Panel 10.2.0 generates a password form  ...)
	NOT-FOR-US: Plesk
CVE-2011-4756 (Parallels Plesk Small Business Panel 10.2.0 does not include the HTTPO ...)
	NOT-FOR-US: Plesk
CVE-2011-4755 (Parallels Plesk Small Business Panel 10.2.0 does not properly validate ...)
	NOT-FOR-US: Plesk
CVE-2011-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk ...)
	NOT-FOR-US: Plesk
CVE-2011-4753 (Multiple SQL injection vulnerabilities in Parallels Plesk Small Busine ...)
	NOT-FOR-US: Plesk
CVE-2011-4752 (SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type header ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4751 (SmarterTools SmarterStats 6.2.4100 generates web pages containing exte ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4750 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools Sm ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4749 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4748 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4747 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4746 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the billing sys ...)
	NOT-FOR-US: Plesk
CVE-2011-4744 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 se ...)
	NOT-FOR-US: Plesk
CVE-2011-4743 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 om ...)
	NOT-FOR-US: Plesk
CVE-2011-4742 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ha ...)
	NOT-FOR-US: Plesk
CVE-2011-4741 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...)
	NOT-FOR-US: Plesk
CVE-2011-4740 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...)
	NOT-FOR-US: Plesk
CVE-2011-4739 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ge ...)
	NOT-FOR-US: Plesk
CVE-2011-4738 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 do ...)
	NOT-FOR-US: Plesk
CVE-2011-4737 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 in ...)
	NOT-FOR-US: Plesk
CVE-2011-4736 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 re ...)
	NOT-FOR-US: Plesk
CVE-2011-4735 (Multiple cross-site scripting (XSS) vulnerabilities in the Control Pan ...)
	NOT-FOR-US: Plesk
CVE-2011-4734 (Multiple SQL injection vulnerabilities in the Control Panel in Paralle ...)
	NOT-FOR-US: Plesk
CVE-2011-4733 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4732 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4731 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4730 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4729 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4728 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4727 (The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1 ...)
	NOT-FOR-US: Plesk
CVE-2011-4726 (Multiple cross-site scripting (XSS) vulnerabilities in the Server Admi ...)
	NOT-FOR-US: Plesk
CVE-2011-4725 (Multiple SQL injection vulnerabilities in the Server Administration Pa ...)
	NOT-FOR-US: Plesk
CVE-2011-4724
	RESERVED
CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows con ...)
	NOT-FOR-US: D-Link DIR-300 router
CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswi ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2011-4721
	RESERVED
CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Hillstone HS TFTP Server
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Duplicate for chromebooks
CVE-2011-4718 (Session fixation vulnerability in the Sessions subsystem in PHP before ...)
	- php5 5.5.2+dfsg-1 (low)
	[wheezy] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	NOTE: 5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows  ...)
	NOT-FOR-US: zFTPServer Suite
CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1. ...)
	NOT-FOR-US: DreamBox
CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha  ...)
	- koha <itp> (bug #389876)
CVE-2011-4714 (Directory traversal vulnerability in Virtual Vertex Muster before 6.20 ...)
	NOT-FOR-US: Virtual Vertex Muster
CVE-2011-4713 (Directory traversal vulnerability in catalog/content.php in osCSS2 2.1 ...)
	NOT-FOR-US: osCSS2
CVE-2011-4712 (Directory traversal vulnerability in Oxide WebServer allows remote att ...)
	NOT-FOR-US: Oxide
CVE-2011-4711 (Multiple directory traversal vulnerabilities in namazu.cgi in Namazu b ...)
	- namazu2 <not-affected> (Windows-specific issue)
CVE-2011-4710 (Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04  ...)
	NOT-FOR-US: Pixie CMS
CVE-2011-4709 (Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in t ...)
	NOT-FOR-US: Hotaru
CVE-2011-4708 (Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager ...)
	NOT-FOR-US: IBM Rational Asset Manager
CVE-2011-4707 (Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan  ...)
	NOT-FOR-US: SAP Netweaver
CVE-2011-4706
	RESERVED
CVE-2011-4705 (The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and  ...)
	NOT-FOR-US: Ming Blacklist Free (vc.software.blacklist) application
CVE-2011-4704 (The Voxofon (com.voxofon) application before 2.5.2 for Android does no ...)
	NOT-FOR-US: Voxofon (com.voxofon) application
CVE-2011-4703 (The Limit My Call (com.limited.call.view) application 2.11 for Android ...)
	NOT-FOR-US: Limit My Call (com.limited.call.view) application
CVE-2011-4702 (The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android doe ...)
	NOT-FOR-US: Nimbuzz (com.nimbuzz) application
CVE-2011-4701 (The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 ...)
	NOT-FOR-US: CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application
CVE-2011-4700 (The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 f ...)
	NOT-FOR-US: UberMedia UberSocial (com.twidroid) application
CVE-2011-4699 (The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11  ...)
	NOT-FOR-US: Ubermedia Twidroyd Legacy (com.twidroydlegacy) application
CVE-2011-4698 (The AndroidAppTools Easy Filter (com.phoneblocker.android) application ...)
	NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2. ...)
	NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allow ...)
	NOT-FOR-US: Eye-Fi Helper
CVE-2011-4695 (Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is ins ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4694 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of dat ...)
	- chromium-browser 17.0.963.56~r121963-1 (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the tim ...)
	NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of da ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data abo ...)
	- iceweasel <removed> (unimportant)
CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera b ...)
	NOT-FOR-US: Opera
CVE-2011-4685 (Dragonfly in Opera before 11.60 allows remote attackers to cause a den ...)
	NOT-FOR-US: Opera
CVE-2011-4684 (Opera before 11.60 does not properly handle certificate revocation, wh ...)
	NOT-FOR-US: Opera
CVE-2011-4683 (Unspecified vulnerability in Opera before 11.60 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-4682 (The JavaScript engine in Opera before 11.60 does not properly implemen ...)
	NOT-FOR-US: Opera
CVE-2011-4681 (Opera before 11.60 does not properly consider the number of . (dot) ch ...)
	NOT-FOR-US: Opera
CVE-2011-4680 (Multiple cross-site scripting (XSS) vulnerabilities in the customer po ...)
	NOT-FOR-US: vtiger CRM
CVE-2011-4679 (vtiger CRM before 5.3.0 does not properly recognize the disabled statu ...)
	NOT-FOR-US: vtiger CRM
CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates di ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete attribut ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4676
	RESERVED
CVE-2011-4675 (The pathname canonicalization functionality in io/filesystem/filesyste ...)
	- widelands 1:15-3 (low)
	NOTE: Nearly a duplicate of CVE-2011-1932.
	NOTE: CVE's SPLIT decision is unclear.
CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, an ...)
	- zabbix 1:1.8.9-1 (bug #651225)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack p ...)
	NOT-FOR-US: Jetpack plugin for Wordpress
CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earli ...)
	NOT-FOR-US: Valid tiny-erp, different from TinyERP, the former name of OpenERP
CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the AdRota ...)
	NOT-FOR-US: Adrorate plugin for Wordpress
CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2. ...)
	NOT-FOR-US: vTiger CRM
CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin  ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...)
	NOT-FOR-US: Tivoli
CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and  ...)
	NOT-FOR-US: Cisco
CVE-2011-4666
	RESERVED
CVE-2011-4665
	RESERVED
CVE-2011-4664
	RESERVED
CVE-2011-4663
	RESERVED
CVE-2011-4662
	RESERVED
CVE-2011-4661 (A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to ...)
	NOT-FOR-US: Cisco
CVE-2011-4660
	RESERVED
CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phon ...)
	NOT-FOR-US: Cisco TelePresence Software
CVE-2011-4658
	RESERVED
CVE-2011-4657
	RESERVED
CVE-2011-4656
	RESERVED
CVE-2011-4655
	RESERVED
CVE-2011-4654
	RESERVED
CVE-2011-4653
	RESERVED
CVE-2011-4652
	RESERVED
CVE-2011-4651
	RESERVED
CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging Dur ...)
	NOT-FOR-US: Cisco
CVE-2011-4649
	RESERVED
CVE-2011-4648
	RESERVED
CVE-2011-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the story creat ...)
	NOT-FOR-US: Geeklog
CVE-2011-4646 (SQL injection vulnerability in wp-postratings.php in the WP-PostRating ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4645
	RESERVED
CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected, enables pot ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2. ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly  ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4641
	RESERVED
CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan  ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in SpamTi ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3. ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4637
	RESERVED
CVE-2011-4636
	RESERVED
CVE-2011-4635
	RESERVED
CVE-2011-4634 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...)
	- phpmyadmin 4:3.4.8-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-4633
	RESERVED
CVE-2011-4632 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4631 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4630 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4629 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4628 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4627 (TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4626 (Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, ...)
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4625 (simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ...)
	{DSA-2330-1}
	- simplesamlphp 1.8.1-1
CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND  ...)
	NOT-FOR-US: WordPress flash-album-gallery
CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf. ...)
	- rsyslog 5.7.4-1
	[squeeze] - rsyslog <no-dsa> (Minor issue)
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and p ...)
	{DSA-2389-1}
	- linux-2.6 3.1.8-1
CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a certain c ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.35)
CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
	{DSA-2425-1}
	- plib 1.8.5-5.1 (bug #654785)
CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before 0 ...)
	{DSA-2390-1}
	- openssl 1.0.0h-1
CVE-2011-4618 (Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanc ...)
	NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
	- python-virtualenv 1.6-1 (low; bug #652653)
	[lenny] - python-virtualenv <no-dsa> (Minor issue)
	[squeeze] - python-virtualenv 1.4.9-3squeeze1
CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro modu ...)
	- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1 ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4614 (PHP remote file inclusion vulnerability in Classes/Controller/Abstract ...)
	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...)
	{DSA-2364-1}
	- xorg 1:7.6+10 (low; bug #652249)
	[lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
CVE-2011-XXXX [X launcher doesn't drop group privileges]
	- xorg 1:7.6+10 (low)
	[squeeze] - xorg 1:7.5+8+squeeze1
	[lenny] - xorg <no-dsa> (potential privilege handling weakness, no known attack vector)
	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522
CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control charact ...)
	- icecast2 2.3.3-1 (bug #652663)
	[lenny] - icecast2 <no-dsa> (Minor issue)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	[wheezy] - icecast2 2.3.2-9+deb7u2
CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in arch/powerpc/ ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
CVE-2011-4610 (JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1 ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 al ...)
	- eglibc 2.13-33 (low; bug #671478)
	[squeeze] - eglibc 2.11.3-4
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4607 (PuTTY 0.59 through 0.61 does not clear sensitive process memory when m ...)
	- putty 0.62-1 (unimportant)
	[squeeze] - putty 0.60+2010-02-20-1+squeeze2
	NOTE: DSA-2736-1
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
	NOTE: Hardening measure, not a vulnerability
CVE-2011-4606 (Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 al ...)
	- rocksndiamonds 3.3.0.1+dfsg1-2.2 (bug #651620)
	[squeeze] - rocksndiamonds <no-dsa> (Contrib not supported)
	[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invok ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the Li ...)
	- batmand-adv-kernelland <removed>
	[squeeze] - batmand-adv-kernelland <not-affected> (Vulnerable code not present)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin b ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4600 (The networkReloadIptablesRules function in network/bridge_driver.c in  ...)
	- libvirt 0.9.9-1 (low)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in common/ul ...)
	{DSA-2397-1}
	- icu 4.8.1.1-3 (bug #654883)
CVE-2011-4598 (The handle_request_info function in channels/chan_sip.c in Asterisk Op ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1 ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before  ...)
	- nova 2012.1~e1-4
CVE-2011-4595 (Pretty-Link WordPress plugin 1.5.2 has XSS ...)
	NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel before  ...)
	- linux-2.6 3.1-1
	[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
	[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before 2.0.6 and  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object function  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x befor ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, a ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the Calendar subsy ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does not use h ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2 ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle 2.1.x b ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss E ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in liba ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...)
	{DSA-2362-1}
	- acpid 1:2.0.11-1
CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is  ...)
	- openssl 1.0.0f-1 (unimportant)
	NOTE: RFC 3779 support has not been enabled at compile time.
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0 ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...)
	NOT-FOR-US: JMX Console
CVE-2011-4574
	RESERVED
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly  ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
	NOT-FOR-US: CF Image Hosting Script
CVE-2011-4571 (SQL injection vulnerability in the Estate Agent (com_estateagent) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4570 (SQL injection vulnerability in the Time Returns (com_timereturns) comp ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4569 (SQL injection vulnerability in userbarsettings.php in the Userbar plug ...)
	NOT-FOR-US: MyBB extension
CVE-2011-4568 (Cross-site scripting (XSS) vulnerability in view/frontend-head.php in  ...)
	NOT-FOR-US: Wordpress extension
CVE-2011-4567 (Cross-site scripting (XSS) vulnerability in includes/templates/templat ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...)
	{DSA-2399-1}
	- php5 5.3.9-1
CVE-2011-4565 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a,  ...)
	NOT-FOR-US: XOOPS
CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in Active ...)
	NOT-FOR-US: Active CMS
CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS 2.0.4. ...)
	NOT-FOR-US: JAKCMS
CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/ ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...)
	NOT-FOR-US: Phorum
CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node module 6 ...)
	NOT-FOR-US: Petition node module for Drupal
CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...)
	NOT-FOR-US: vTiger
CVE-2011-4558 (Tiki 8.2 and earlier allows remote administrators to execute arbitrary ...)
	- tikiwiki <removed>
	NOTE: http://dev.tiki.org/item4059
	NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
CVE-2011-4557
	RESERVED
CVE-2011-4556
	RESERVED
CVE-2011-4555 (One Click Orgs before 1.2.3 does not require unique e-mail addresses f ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4554 (One Click Orgs before 1.2.3 allows remote authenticated users to trigg ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4553 (Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3  ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs  ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in Tik ...)
	- tikiwiki <removed>
CVE-2011-4550
	RESERVED
CVE-2011-4549
	RESERVED
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before 16.0.912. ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in includes/templa ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4546
	RESERVED
CVE-2011-4545 (CRLF injection vulnerability in admin/displayImage.php in Prestashop 1 ...)
	NOT-FOR-US: Prestashop
CVE-2011-4544 (Multiple cross-site scripting (XSS) vulnerabilities in Prestashop befo ...)
	NOT-FOR-US: Prestashop
CVE-2011-4543 (Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow ...)
	NOT-FOR-US: osCommerce
CVE-2011-4542 (Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitra ...)
	- hastymail <removed>
CVE-2011-4541 (Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2. ...)
	- hastymail <removed>
CVE-2011-4540 (Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (ak ...)
	- atmailopen <removed>
CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 do ...)
	{DSA-2519-2 DSA-2519-1}
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
CVE-2011-4538 (Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to ...)
	NOT-FOR-US: Lexmark
CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...)
	NOT-FOR-US: 7-Technologies IGSS
CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka H ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-4535 (Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ...)
	NOT-FOR-US: TurboPower Abbrevia
CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows rem ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows r ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl A ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 allo ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4530 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4529 (Multiple buffer overflows in Siemens Automation License Manager (ALM)  ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during pro ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4527
	RESERVED
CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess  ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to tri ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remo ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/Br ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/B ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4520 (Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTI ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4519 (Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOT ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4518 (Directory traversal vulnerability in the PmWebDir object in the web se ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.90 ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in lib ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4515 (Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA  ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC fl ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in Siem ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 200 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4507 (The D-Link DIR-685 router, when certain WPA and WPA2 configurations ar ...)
	NOT-FOR-US: D-Link DIR-685 router
CVE-2011-4506 (The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 wit ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4505 (The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware be ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4504 (The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyX ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4503 (The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 al ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4502 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K  ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4501 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K  ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4500 (The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4499 (The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Li ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4498 (Cross-site request forgery (CSRF) vulnerability in the web console in  ...)
	NOT-FOR-US: Zenprise Device Manager
CVE-2011-4497 (QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4 ...)
	NOT-FOR-US: Asus device
CVE-2011-4496 (Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers ...)
	NOT-FOR-US: Aviosoft DTV Player
CVE-2011-4495
	RESERVED
CVE-2011-4494
	RESERVED
CVE-2011-4493
	RESERVED
CVE-2011-4492
	RESERVED
CVE-2011-4491
	RESERVED
CVE-2011-4490
	RESERVED
CVE-2011-4489
	RESERVED
CVE-2011-4488
	RESERVED
CVE-2011-4487 (SQL injection vulnerability in Cisco Unified Communications Manager (C ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4486 (Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4485
	RESERVED
CVE-2011-4484
	RESERVED
CVE-2011-4483
	RESERVED
CVE-2011-4482
	RESERVED
CVE-2011-4481
	RESERVED
CVE-2011-4480
	RESERVED
CVE-2011-4479
	RESERVED
CVE-2011-4478
	RESERVED
CVE-2011-4477
	RESERVED
CVE-2011-4476
	RESERVED
CVE-2011-4475
	RESERVED
CVE-2011-4474
	RESERVED
CVE-2011-4473
	RESERVED
CVE-2011-4472
	RESERVED
CVE-2011-4471
	RESERVED
CVE-2011-4470
	RESERVED
CVE-2011-4469
	RESERVED
CVE-2011-4468
	RESERVED
CVE-2011-4467
	RESERVED
CVE-2011-4466
	RESERVED
CVE-2011-4465 (Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect ( ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2011-4464
	RESERVED
CVE-2011-4463
	RESERVED
CVE-2011-4462 (Plone 4.1.3 and earlier computes hash values for form parameters witho ...)
	- plone3 <removed>
CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form parameters w ...)
	- jetty 6.1.26-1
	[squeeze] - jetty <no-dsa> (Minor issue)
CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 doe ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and  ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when J ...)
	NOT-FOR-US: OWASP HTML Sanitizer
CVE-2011-4456
	REJECTED
CVE-2011-4455 (Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier  ...)
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4454 (Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earl ...)
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
	- pmwiki <itp> (bug #330117)
CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers comp ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php  ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4449 (actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MO ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php i ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4447 (The "encrypt wallet" feature in wxBitcoin and bitcoind 0.4.x before 0. ...)
	- bitcoin 0.5.1-1
CVE-2011-4446
	RESERVED
CVE-2011-4445
	RESERVED
CVE-2011-4444
	RESERVED
CVE-2011-4443
	RESERVED
CVE-2011-4442
	RESERVED
CVE-2011-4441
	RESERVED
CVE-2011-4440
	RESERVED
CVE-2011-4439
	RESERVED
CVE-2011-4438
	RESERVED
CVE-2011-4437
	RESERVED
CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4435 (The web-server component in the Consolidation and Analysis Engine (CAE ...)
	NOT-FOR-US: IBM DB2
CVE-2011-4434 (Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4433
	REJECTED
CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in Merethi ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon bef ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4430
	REJECTED
CVE-2011-4429
	REJECTED
CVE-2011-4428
	REJECTED
CVE-2011-4427
	REJECTED
CVE-2011-4426
	REJECTED
CVE-2011-4425
	REJECTED
CVE-2011-4424
	REJECTED
CVE-2011-4423
	REJECTED
CVE-2011-4422
	REJECTED
CVE-2011-4421
	REJECTED
CVE-2011-4420
	REJECTED
CVE-2011-4419
	REJECTED
CVE-2011-4418
	REJECTED
CVE-2011-4417
	REJECTED
CVE-2011-4416
	REJECTED
CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0 ...)
	- apache2 2.4.1-1 (unimportant)
	NOTE: apache2 does not protect or claim to protect against DoS through .htaccess
CVE-2011-4414
	REJECTED
CVE-2011-4413
	REJECTED
CVE-2011-4412
	REJECTED
CVE-2011-4411
	REJECTED
CVE-2011-4410
	REJECTED
CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LT ...)
	NOT-FOR-US: Ubuntu One
CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11. ...)
	- ubuntu-sso-client <removed> (bug #680492)
CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the s ...)
	- software-properties 0.76.7debian2+nmu2
	[squeeze] - software-properties <not-affected> (Vulnerable code not present)
	[lenny] - software-properties <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210/
CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does n ...)
	- accountsservice 0.6.15-3
CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 1 ...)
	- system-config-printer 1.3.7-1 (low; bug #651204)
	[squeeze] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere Updat ...)
	- jetty 6.1.19-1 (low; bug #528389)
	NOTE: duplicate of CVE-2009-1523
CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4402
	REJECTED
CVE-2011-4401
	REJECTED
CVE-2011-4400
	REJECTED
CVE-2011-4399
	REJECTED
CVE-2011-4398
	REJECTED
CVE-2011-4397
	REJECTED
CVE-2011-4396
	REJECTED
CVE-2011-4395
	REJECTED
CVE-2011-4394
	REJECTED
CVE-2011-4393
	REJECTED
CVE-2011-4392
	REJECTED
CVE-2011-4391
	REJECTED
CVE-2011-4390
	REJECTED
CVE-2011-4389
	REJECTED
CVE-2011-4388
	REJECTED
CVE-2011-4387
	REJECTED
CVE-2011-4386
	REJECTED
CVE-2011-4385
	REJECTED
CVE-2011-4384
	REJECTED
CVE-2011-4383
	REJECTED
CVE-2011-4382
	REJECTED
CVE-2011-4381
	REJECTED
CVE-2011-4380
	REJECTED
CVE-2011-4379
	REJECTED
CVE-2011-4378
	REJECTED
CVE-2011-4377
	REJECTED
CVE-2011-4376
	REJECTED
CVE-2011-4375
	REJECTED
CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows atta ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Window ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development Service ...)
	NOT-FOR-US: Adobe Cold Fusion
CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer Fac ...)
	- mojarra <not-affected> (The Debian package only ships some API classes)
CVE-2011-4366
	REJECTED
CVE-2011-4365
	REJECTED
CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5. ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when T ...)
	- libproc-processtable-perl 0.45-6 (low; bug #650500)
	[squeeze] - libproc-processtable-perl 0.45-1+squeeze1
CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP aut ...)
	{DSA-2368-1}
	- lighttpd 1.4.30-1 (low; bug #652726)
	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
	NOTE: http://redmine.lighttpd.net/issues/2370
	NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package
CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before hand ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page tit ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions]
	REJECTED
CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1  ...)
	{DSA-2359-1}
	- mojarra 2.0.3-2 (bug #650430)
CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in python/neo_ ...)
	{DSA-2355-1}
	- clearsilver 0.10.5-1.3 (bug #649322)
CVE-2011-4356 (Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4. ...)
	- celery 2.4.6-1
	- django-celery <not-affected> (Vulnerable code not present)
CVE-2011-4355 (GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defi ...)
	- gdb 7.6-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=HEAD (lists "auto-load safe-path" under "Changes in GDB 7.5")
CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as u ...)
	{DSA-2390-1}
	- openssl 0.9.8o-4squeeze3 (bug #650621)
CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
CVE-2011-4352 (Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c ...)
	- libav 4:0.7.3-1
	- ffmpeg <not-affected> (Was introduced in 0.6)
	- ffmpeg-debian <not-affected> (Was introduced in 0.6)
	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x befo ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...)
	- yaws 1.91-2 (bug #650009)
	[lenny] - yaws <not-affected> (Vulnerable code not present)
	[squeeze] - yaws <not-affected> (Vulnerable code not present)
CVE-2011-4349 (Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2)  ...)
	- colord 0.1.15-1 (medium; bug #650021)
CVE-2011-4348 (Race condition in the sctp_rcv function in net/sctp/input.c in the Lin ...)
	- linux-2.6 <not-affected> (Incomplete fix for RHEL5-specific backport regression)
	NOTE: incomplete fix for CVE-2011-2482
CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in  ...)
	{DSA-2443-1}
	- linux-2.6 <removed>
CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red H ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...)
	- namazu2 2.0.21-1 (low)
	[squeeze] - namazu2 <no-dsa> (Minor issue)
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...)
	- jenkins-winstone 0.9.10-jenkins-29+dfsg-1  (bug #649900)
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...)
	NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4341 (Multiple SQL injection vulnerabilities in symphony/content/content.pub ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2. ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmito ...)
	{DSA-2376-2 DSA-2376-1}
	- ipmitool 1.8.11-5 (bug #651917)
CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.con ...)
	NOT-FOR-US: Arch-Linux specific tool
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...)
	- tikiwiki <removed>
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...)
	NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded  ...)
	NOT-FOR-US: LabWiki
CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...)
	NOT-FOR-US: LabWiki
CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 a ...)
	NOT-FOR-US: Joomla!
CVE-2011-4331
	REJECTED
CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/tran ...)
	- linux-2.6 3.1.4-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0  ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ( ...)
	{DSA-2435-1}
	- gnash 0.8.10-1 (low; bug #649384)
CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platfo ...)
	- openssh <not-affected> (Only affects platforms w/o /dev/random)
	NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel b ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-40
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain ...)
	- linux-2.6 2.6.32-1
CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux kern ...)
	- linux-2.6 <not-affected> (RHEL5-specific backport error)
CVE-2011-4323
	REJECTED
CVE-2011-4322 (websitebaker prior to and including 2.8.1 has an authentication error  ...)
	NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses  ...)
	NOT-FOR-US: Joomla!
CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alp ...)
	- ejabberd 2.1.9-1 (low)
	[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
	NOTE: https://support.process-one.net/browse/EJAB-1498
CVE-2011-4319 (Cross-site scripting (XSS) vulnerability in the i18n translations help ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-4318 (Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostn ...)
	- dovecot 1:2.0.18-1 (unimportant; bug #649511)
	NOTE: Additional hardening
CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...)
	{DSA-2405-1}
	- apache2 2.2.21-3
	NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
CVE-2011-4316 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in cert ...)
	NOT-FOR-US: ovirt
	NOTE: While the Red Hat advisory refers to SPICE, this is a vulnerability in
	NOTE: the server-side ovirt logic (contacted Red Hat for clarification)
CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in core/n ...)
	- nginx 1.1.8-1 (low)
	[squeeze] - nginx 0.7.67-3+squeeze1
	[lenny] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used i ...)
	- openid4java 0.9.6.662-1
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ...)
	{DSA-2347-1}
	- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commenting  ...)
	NOT-FOR-US: Review Board
CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys,  ...)
	NOT-FOR-US: ResourceSpace
CVE-2011-4310 (The news module in CMSMS before 1.9.4.3 allows remote attackers to cor ...)
	- cmsms <itp> (bug #608888)
CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attacke ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4308 (mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5,  ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2011-4307 (Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4306 (Cross-site scripting (XSS) vulnerability in course/editsection.html in ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4305 (message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authen ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4304 (The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4303 (lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4302 (mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x be ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4301 (The MoodleQuickForm class in the Forms Library in lib/formslib.php in  ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4300 (The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x befo ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4299 (Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Mo ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 do ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4295 (The moodle_enrol_external:role_assign function in enrol/externallib.ph ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x b ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php  ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly im ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the media-filte ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an incorrec ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive  ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterp ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7 ...)
	NOT-FOR-US: CourseForum
CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...)
	NOT-FOR-US: Android
CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Op ...)
	NOT-FOR-US: IT Operations Portal
CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and PC/Mobil ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserv ...)
	NOT-FOR-US: GoAhead Webserver
CVE-2011-4272
	REJECTED
CVE-2011-4271
	REJECTED
CVE-2011-4270
	REJECTED
CVE-2011-4269
	REJECTED
CVE-2011-4268
	REJECTED
CVE-2011-4267
	REJECTED
CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...)
	NOT-FOR-US: FFFTP
CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 al ...)
	NOT-FOR-US: phpWebSite
CVE-2011-4264 (Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows  ...)
	NOT-FOR-US: Etomite
CVE-2011-4263 (Cross-site scripting (XSS) vulnerability in Schneider Electric PowerCh ...)
	NOT-FOR-US: Schneider Electric PowerChute Business Edition
CVE-2011-4262 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 all ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remo ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4257 (The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4254 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4249 (Array index error in the RV30 codec in RealNetworks RealPlayer before  ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execu ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4246 (The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPla ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4245 (The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Ma ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4244 (Heap-based buffer overflow in the RealVideo renderer in RealNetworks R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4243
	RESERVED
CVE-2011-4242
	RESERVED
CVE-2011-4241
	RESERVED
CVE-2011-4240
	RESERVED
CVE-2011-4239
	RESERVED
CVE-2011-4238
	RESERVED
CVE-2011-4237 (CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Comm ...)
	NOT-FOR-US: Cisco
CVE-2011-4236
	RESERVED
CVE-2011-4235
	RESERVED
CVE-2011-4234
	RESERVED
CVE-2011-4233
	RESERVED
CVE-2011-4232 (The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces diff ...)
	NOT-FOR-US: Cisco
CVE-2011-4231 (Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec hu ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4230
	RESERVED
CVE-2011-4229
	RESERVED
CVE-2011-4228
	RESERVED
CVE-2011-4227
	RESERVED
CVE-2011-4226
	RESERVED
CVE-2011-4225
	RESERVED
CVE-2011-4224
	RESERVED
CVE-2011-4223 (Unspecified vulnerability in Investintech.com Absolute PDF Server allo ...)
	NOT-FOR-US: Investintech.com Absolute PDF Server
CVE-2011-4222 (Unspecified vulnerability in Investintech.com Able2Extract and Able2Ex ...)
	NOT-FOR-US: Investintech.com Able2Extract
CVE-2011-4221 (Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc Pr ...)
	NOT-FOR-US: Investintech.com Able2Doc
CVE-2011-4220 (Investintech.com SlimPDF Reader does not properly restrict the argumen ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4219 (Investintech.com SlimPDF Reader does not prevent faulting-address data ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4218 (Investintech.com SlimPDF Reader does not prevent faulting-instruction  ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4217 (Investintech.com SlimPDF Reader does not properly restrict read operat ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4216 (Investintech.com SlimPDF Reader does not properly restrict write opera ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4215 (SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action  ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2011-4214 (OneOrZero Action &amp; Information Management System (AIMS) 2.7.0 allo ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before 1.5 ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4211 (The FakeFile implementation in the sandbox environment in the Google A ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4210
	RESERVED
CVE-2011-4209
	RESERVED
CVE-2011-4208
	RESERVED
CVE-2011-4207
	RESERVED
CVE-2011-4206
	RESERVED
CVE-2011-4205
	RESERVED
CVE-2011-4204
	RESERVED
CVE-2011-4203 (CRLF injection vulnerability in calendar/set.php in the Calendar compo ...)
	NOT-FOR-US: Moodle addon
CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions ( ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image a ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4200
	RESERVED
CVE-2011-4199
	RESERVED
CVE-2011-4198
	RESERVED
CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 cr ...)
	NOT-FOR-US: pfSense
CVE-2011-XXXX [spip privilege escalation]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip XSS]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip path disclosure]
	- spip 2.1.12-1 (unimportant; bug #646758)
	NOTE: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/
	NOTE: Path disclosure not an issue for Debian
CVE-2011-4196
	RESERVED
CVE-2011-4195 (kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise Serv ...)
	NOT-FOR-US: Novell iPrint
CVE-2011-4193 (Cross-site scripting (XSS) vulnerability in the overlay files tab in S ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in XNFS.NL ...)
	NOT-FOR-US: Novell NetWare
CVE-2011-4190 (The kdump implementation is missing the host key verification in the k ...)
	NOT-FOR-US: kdump as used in SuSE
CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote atta ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-4188 (Buffer overflow in the Create Attribute function in jclient in Novell  ...)
	NOT-FOR-US: Novell iManager
CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in No ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iPrint  ...)
	NOT-FOR-US: ActiveX
CVE-2011-4184
	RESERVED
CVE-2011-4183 (A vulnerability in open build service allows remote attackers to uploa ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=736243
	NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e
CVE-2011-4182 (Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise ...)
	NOT-FOR-US: sysconfig in SUSE Linux Enterprise
CVE-2011-4181 (A vulnerability in open build service allows remote attackers to gain  ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=734003
	NOTE: https://github.com/openSUSE/open-build-service/commit/5281e4bff9df31f1f91e22a0d1e9086b93b23d7e
CVE-2011-4180
	RESERVED
CVE-2011-4179
	RESERVED
CVE-2011-4178
	RESERVED
CVE-2011-4177
	RESERVED
CVE-2011-4176
	RESERVED
CVE-2011-4175
	RESERVED
CVE-2011-4174
	RESERVED
CVE-2011-4173 (Cross-site request forgery (CSRF) vulnerability in Simple Machines For ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-4172 (Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FO ...)
	NOT-FOR-US: KENT WEB FORUM
CVE-2011-4171 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...)
	NOT-FOR-US: WebSphere
CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in  ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing  ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4166 (Directory traversal vulnerability in the MPAUploader.Uploader.1.Upload ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 allow ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, ...)
	NOT-FOR-US: HP Protect Tools Device Access Manager
CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; Co ...)
	NOT-FOR-US: HP CM8060 Color MFP
CVE-2011-4160 (Unspecified vulnerability in HP Operations Agent 11.00 and Performance ...)
	NOT-FOR-US: HP Operations Agent
CVE-2011-4159 (Unspecified vulnerability in System Administration Manager (SAM) in EM ...)
	NOT-FOR-US: HP-UX
CVE-2011-4158 (Unspecified vulnerability in HP Directories Support for ProLiant Manag ...)
	NOT-FOR-US: HP Directories Support
CVE-2011-4157 (Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on th ...)
	NOT-FOR-US: HP SAN/iQ
CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4154
	RESERVED
CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup f ...)
	{DSA-2408-1}
	- php5 5.3.9-1 (low)
CVE-2011-4152
	RESERVED
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center (KD ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	[lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2011-4150
	REJECTED
CVE-2011-4149
	REJECTED
CVE-2011-4148
	REJECTED
CVE-2011-4147
	REJECTED
CVE-2011-4146
	REJECTED
CVE-2011-4145
	REJECTED
CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 be ...)
	NOT-FOR-US: EMC
CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote att ...)
	NOT-FOR-US: EMC
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before 6. ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token  ...)
	NOT-FOR-US: RSA SecurID
CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x throug ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host  ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4138 (The verify_exists functionality in the URLField implementation in Djan ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4137 (The verify_exists functionality in the URLField implementation in Djan ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4135 (Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexN ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11. ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...)
	- linux-2.6 3.1.6-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does not pro ...)
	- linux 3.2.9-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, minor impact)
CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before 1.3 ...)
	{DSA-2346-2 DSA-2346-1}
	- proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373)
	[lenny] - proftpd-dfsg <not-affected> (vulnerable functionality not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3711
CVE-2011-4129 ((1) services/twitter/twitter-contact-view.c and (2) services/twitter/t ...)
	- libsocialweb 0.25.20-1
CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in lib/gnutls_ ...)
	- gnutls26 2.12.14-1 (low; bug #648441)
	[squeeze] - gnutls26 2.8.6-1+squeeze1
	[lenny] - gnutls26 <no-dsa> (Minor issue)
CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl c ...)
	{DSA-2443-1 DSA-2389-1}
	- libguestfs 1:1.14.8-1
	- linux-2.6 <removed>
CVE-2011-4126
	RESERVED
CVE-2011-4125
	RESERVED
CVE-2011-4124
	RESERVED
CVE-2011-4123
	REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...)
	NOT-FOR-US: OpenPAM
CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...)
	- ruby1.9.1 <not-affected> (Only affected trunk versions)
CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...)
	- yubico-pam 2.10-1
CVE-2011-4119
	RESERVED
CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...)
	NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...)
	- perl <unfixed> (unimportant; bug #776268)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
	NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...)
	- libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian)
	NOTE: affected code was never in Debian. Upstream fixed in 1.0.0
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for P ...)
	- libpar-packer-perl 1.012-1 (bug #650706)
	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for Dr ...)
	- drupal6-mod-views 2.14-1
CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly res ...)
	- linux-2.6 3.1-1 (unimportant)
	NOTE: Turned out to be a non-issue, https://www.openwall.com/lists/oss-security/2011/11/24/3
CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in hw/ ...)
	- qemu 0.15.1+dfsg-2
	[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux  ...)
	{DSA-2389-1}
	- linux-2.6 3.1.4-1
CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_ ...)
	{DSA-2390-1}
	- openssl 1.0.0c-1
CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1 (low; bug #645805)
	NOTE: http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in (librarie ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.7.1-1 (bug #656247)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106 (TimThumb (timthumb.php) before 2.0 does not validate the entire source ...)
	NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of arbitra ...)
	- lightdm 1.0.6-2
CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before 0.9.1 ...)
	- django-tastypie 0.9.10-1 (bug #647314)
CVE-2011-4103 (emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 doe ...)
	{DSA-2344-1}
	- python-django-piston 0.2.2-2 (high; bug #647315)
CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in wiretap/ ...)
	{DSA-2351-1}
	- wireshark 1.6.3-1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
	NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
	NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches
CVE-2011-4101 (The dissect_infiniband_common function in epan/dissectors/packet-infin ...)
	- wireshark 1.6.3-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...)
	- wireshark 1.6.3-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current wo ...)
	- libcap2 1:2.22-1 (low)
	[squeeze] - libcap2 <no-dsa> (Minor issue)
CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux kerne ...)
	- linux 3.2.1-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (fallocate support was added to GFS2 in 2.37)
CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the L ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not properly fr ...)
	{DSA-2381-1}
	- squid3 3.1.16-1
	[lenny] - squid3 <not-affected> (no IPv6 support)
CVE-2011-4095 (Jara 1.6 has an XSS vulnerability ...)
	NOT-FOR-US: Jara
CVE-2011-4094 (Jara 1.6 has a SQL injection vulnerability. ...)
	NOT-FOR-US: Jara
CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...)
	- net6 1:1.3.14-1 (low; bug #647318)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
CVE-2011-4092 (obby (aka libobby) does not verify SSL server certificates, which allo ...)
	- obby <removed> (low; bug #647317)
	[wheezy] - obby <no-dsa> (Minor design limitation)
	[lenny] - obby <no-dsa> (Minor design limitation)
	[squeeze] - obby <no-dsa> (Minor design limitation)
CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3. ...)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
	- net6 1:1.3.14-1 (low; bug #647318)
CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may  ...)
	- serendipity <removed> (bug #650937)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2011/q4/192
CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed exec ...)
	- bzip2 1.0.6-1 (low; bug #632862)
	[squeeze] - bzip2 1.0.5-6+squeeze1
	[lenny] - bzip2 <no-dsa> (Minor issue)
CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash  ...)
	NOT-FOR-US: abrt/libreport
CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the Linu ...)
	{DSA-2469-1}
	- linux-2.6 <removed> (low)
CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...)
	NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
	REJECTED
CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x  ...)
	NOT-FOR-US: RedHat sos
CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...)
	- phpldapadmin 0.9.8-1
CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (CRYPTO_GHASH Introduced in 2.6.32)
CVE-2011-4080 (The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kern ...)
	- linux-2.6 2.6.39-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.2 ...)
	- openldap 2.4.28-1 (unimportant; bug #647610)
	NOTE: Not exploitable with glibc, see
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5. ...)
	- roundcube 0.6+dfsg-1 (bug #646675)
	[squeeze] - roundcube <not-affected> (squeeze PHP version does not expose the issue)
	NOTE: http://trac.roundcube.net/ticket/1488086
	NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c  ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-6
CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...)
	- nova 2012.1~e1-1
	NOTE: https://bugs.launchpad.net/nova/+bug/868360
	NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/
CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x before  ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646754)
CVE-2011-4074 (Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1. ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646769)
CVE-2011-4073 (Use-after-free vulnerability in the cryptographic helper handler funct ...)
	{DSA-2374-1}
	- openswan 1:2.6.37-1 (low; bug #650674)
CVE-2011-4072
	REJECTED
CVE-2011-4071
	RESERVED
CVE-2011-4070
	RESERVED
CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote attacke ...)
	NOT-FOR-US: PacketFence
CVE-2011-4068 (The check_password function in html/admin/login.php in PacketFence bef ...)
	NOT-FOR-US: PacketFence
CVE-2011-4067
	RESERVED
CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earl ...)
	NOT-FOR-US: GNU Board
CVE-2011-4065
	RESERVED
CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...)
	- asterisk 1:1.8.7.1~dfsg-1 (bug #647252)
	[lenny] - asterisk <not-affected> (Only affects >= 1.8)
	[squeeze] - asterisk <not-affected> (Only affects >= 1.8)
CVE-2011-4062 (Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows lo ...)
	{DSA-2325-1}
	- kfreebsd-10 10.0~svn226224-1
	- kfreebsd-9 9.0~svn225873-1
	- kfreebsd-8 8.2-11 (bug #645377)
	- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
	NOT-FOR-US: DB2
CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 do ...)
	NOT-FOR-US: QNX
CVE-2011-4059
	RESERVED
CVE-2011-4058
	RESERVED
CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in php ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ver ...)
	NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime
CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix Fac ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-4053 (Untrusted search path vulnerability in 7-Technologies (7T) Interactive ...)
	NOT-FOR-US: 7-Technologies (7T) Interactive Graphical SCADA System
CVE-2011-4052 (Stack-based buffer overflow in CEServer.exe in the CEServer component  ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent module in I ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4050 (Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA Sys ...)
	NOT-FOR-US: Interactive Graphical SCADA System
CVE-2011-4049
	RESERVED
CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default username ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4047 (The Dell KACE K2000 System Deployment Appliance allows remote attacker ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4046 (The Dell KACE K2000 System Deployment Appliance stores the recovery ac ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4045 (Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in AR ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4044 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4043 (Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in A ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4042 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVu ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4041 (webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers t ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2011-4040 (Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows re ...)
	NOT-FOR-US: NJStar Communicator
CVE-2011-4039 (Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in  ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4038 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Re ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4037 (Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog ...)
	NOT-FOR-US: Sielco Sistemi Winlog PRO
CVE-2011-4036 (Directory traversal vulnerability in Schneider Electric Vijeo Historia ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4035 (Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo H ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4034 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4033 (Buffer overflow in the Steema TeeChart ActiveX control, as used in Sch ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4032
	RESERVED
CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in libavformat/r ...)
	- libav 0.8-1 (bug #675767)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4 ...)
	- plone3 <not-affected> (Only affects Plone 4.x)
CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
	NOTE: this has a poc now: http://web.archive.org/web/20111204204028/http://vladz.devzero.fr:80/Xorg-CVE-2011-4029.txt
CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 a ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
CVE-2011-4027
	RESERVED
CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remot ...)
	NOT-FOR-US: NexusPHP
CVE-2011-XXXX [lintian disclosure of file presense]
	- lintian 2.5.2 (unimportant)
	[squeeze] - lintian 2.4.3+squeeze1
CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues]
	- ibid 0.1.1+dfsg-1
	[squeeze] - ibid 0.1.0+dfsg-2+squeeze1
CVE-2011-4025
	RESERVED
CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Invent ...)
	- ocsinventory-server 2.0.2-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2011-4023 (Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows remo ...)
	NOT-FOR-US: Cisco
CVE-2011-4022 (The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allo ...)
	NOT-FOR-US: Cisco
CVE-2011-4021
	RESERVED
CVE-2011-4020
	RESERVED
CVE-2011-4019 (Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4018
	RESERVED
CVE-2011-4017
	RESERVED
CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when P ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) 7. ...)
	NOT-FOR-US: Cisco
CVE-2011-4013
	RESERVED
CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C)  ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4011
	RESERVED
CVE-2011-4010
	RESERVED
CVE-2011-4009
	RESERVED
CVE-2011-4008
	RESERVED
CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances (AS ...)
	NOT-FOR-US: Cisco
CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready  ...)
	NOT-FOR-US: Cisco SRP
CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco We ...)
	NOT-FOR-US: Cisco Webex
CVE-2011-4003
	RESERVED
CVE-2011-4002 (HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to exe ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4001 (Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and e ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arb ...)
	{DSA-2361-1}
	- chasen 2.4.4-17 (medium; bug #648359)
CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader i ...)
	NOT-FOR-US: Iwate Portal Bar
CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and e ...)
	NOT-FOR-US: Apple WebObjects
CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote attac ...)
	NOT-FOR-US: Opengear
CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote attack ...)
	NOT-FOR-US: CSWorks
CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 an ...)
	NOT-FOR-US: Twilight Frontier Touhou Hisouten
CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link DES-3800 ...)
	NOT-FOR-US: D-Link device
CVE-2011-3991 (Untrusted search path vulnerability in FFFTP 1.98a and earlier allows  ...)
	NOT-FOR-US: FFFTP
CVE-2011-3990 (Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in  ...)
	NOT-FOR-US: PukiWiki
CVE-2011-3989 (SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows re ...)
	NOT-FOR-US: DBD::mysqlPP Perl module
CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11 ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard befor ...)
	NOT-FOR-US: DAEMON Tools
CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows  ...)
	NOT-FOR-US: Pligg
CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows  ...)
	NOT-FOR-US: Plume
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 do ...)
	NOT-FOR-US: IBM AIX driver
CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the Allwebme ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndro ...)
	NOT-FOR-US: TYPO3 extension
CVE-2011-3979 (Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/ ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2011-3978 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php  ...)
	NOT-FOR-US: LightNEasy
CVE-2011-3977 (Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x b ...)
	NOT-FOR-US: NoMachine NX components
CVE-2011-3976 (Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP ...)
	NOT-FOR-US: AmmSoft ScriptFTP
CVE-2011-3975 (A certain HTC update for Android 2.3.4 build GRJ22, when the Sense int ...)
	NOT-FOR-US: HTC Android
CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in cavs ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3  ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3972 (The shader translator implementation in Google Chrome before 17.0.963. ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3971 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote at ...)
	- libxslt 1.1.26-11 (low; bug #660650)
	[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3968 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3967 (Unspecified vulnerability in Google Chrome before 17.0.963.46 allows r ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3966 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3965 (Google Chrome before 17.0.963.46 does not properly check signatures, w ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3964 (Google Chrome before 17.0.963.46 does not properly implement the drag- ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX imag ...)
	- chromium-browser <not-affected> (Only affects proprietary Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path clippi ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3961 (Race condition in Google Chrome before 17.0.963.46 allows remote attac ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3960 (Google Chrome before 17.0.963.46 does not properly decode audio data,  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3959 (Buffer overflow in the locale implementation in Google Chrome before 1 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3958 (Google Chrome before 17.0.963.46 does not properly perform casts of va ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality i ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3955 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3954 (Google Chrome before 17.0.963.46 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of the cl ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg befor ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmp ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3948
	RESERVED
CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0. ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg bef ...)
	{DSA-3003-1}
	- libav 6:10.3-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Not suitable for code injection, not treated as security issue
CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in libavcode ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in FFm ...)
	{DSA-2855-1}
	- libav 6:9.10-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
CVE-2011-3943
	RESERVED
CVE-2011-3942
	RESERVED
CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg befo ...)
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620
CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before  ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3939
	RESERVED
CVE-2011-3938
	RESERVED
CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12,  ...)
	- libav 6:0.8.3-1
	- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7 ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
	{DSA-3003-1}
	- libav 6:10-1
	- ffmpeg <not-affected> (vuln. code not present, introduced later)
	NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
	{DSA-3003-1}
	- libav 6:10-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
	NOTE: only a crasher
CVE-2011-3933
	RESERVED
CVE-2011-3932
	RESERVED
CVE-2011-3931
	RESERVED
CVE-2011-3930
	RESERVED
CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x be ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3927 (Skia, as used in Google Chrome before 16.0.912.77, does not perform al ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3926 (Heap-based buffer overflow in the tree builder in Google Chrome before ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Google Ch ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 allow ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3923 (Apache Struts before 2.3.1.2 allows remote attackers to bypass securit ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009
	NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75 allow ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3920
	RESERVED
CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before ...)
	{DSA-2394-1}
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
	- libxml2 2.7.8.dfsg-7 (bug #656377)
CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests  ...)
	NOT-FOR-US: Android
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before 16. ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross re ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote atta ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as use ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (v8-i18n chrome issue)
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF document ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video fr ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG documents ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows rem ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote attac ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote at ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 allow ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex match ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3902
	RESERVED
CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...)
	NOT-FOR-US: Android SQLite Journal
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.5.10.24
	[squeeze] - chromium-browser <not-affected>
	[squeeze] - libv8 <not-affected>
CVE-2011-3899
	RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...)
	- chromium-browser 15.0.874.121~r109964-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 allo ...)
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote att ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome befo ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (Chrome issue)
	- ffmpeg 7:2.4.1-1
	- libav 4:0.8~beta2-1 (bug #654534; bug #654573)
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 decodi ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV  ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
	- ffmpeg 7:2.4.1-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome befor ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
	- libav 4:0.8~beta2-1 (bug #654534; bug #654571)
	- ffmpeg 7:2.4.1-1
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google C ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.6
	[squeeze] - libv8 <not-affected>
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97402
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address timing iss ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96632
CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 allo ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3881 (WebKit, as used in Google Chrome before 15.0.874.102 and Android befor ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97353
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an unspecifi ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to chrome ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/96610
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows remote atta ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96999
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache internals pag ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle downloading ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag and dr ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x through 2. ...)
	NOT-FOR-US: Android
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader t ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-XXXX [Fix file indirectory injection]
	- puppet 2.7.3-3 (unimportant)
	[squeeze] - puppet 2.6.2-5+squeeze1
	NOTE: Only exploitable during build/test suite run
	NOTE: DSA-2314-1
CVE-2011-3872 (Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterpri ...)
	{DSA-2352-1}
	- puppet 2.7.6-1
CVE-2011-3871 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when runni ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3870 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows loca ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player  ...)
	NOT-FOR-US: Vmware
CVE-2011-3867
	REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3865 (Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3864 (Cross-site scripting (XSS) vulnerability in the The Erudite theme befo ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3863 (Cross-site scripting (XSS) vulnerability in the RedLine theme before 1 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3862 (Cross-site scripting (XSS) vulnerability in the Morning Coffee theme b ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3861 (Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3860 (Cross-site scripting (XSS) vulnerability in the Cover WP theme before  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3859 (Cross-site scripting (XSS) vulnerability in the Trending theme before  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3858 (Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme bef ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3857 (Cross-site scripting (XSS) vulnerability in the Antisnews theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3856 (Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme b ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3855 (Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3854 (Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3853 (Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0. ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3852 (Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1. ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3851 (Cross-site scripting (XSS) vulnerability in the News theme before 0.2  ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3850 (Cross-site scripting (XSS) vulnerability in the Atahualpa theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3849 (Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1  ...)
	NOT-FOR-US: CA Directory
CVE-2011-3848 (Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2. ...)
	{DSA-2314-1}
	- puppet 2.7.3-2
CVE-2011-3847
	RESERVED
CVE-2011-3846 (Cross-site request forgery (CSRF) vulnerability in HP System Managemen ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-3845 (Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in wit ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3844 (Apple Safari 5.0.5 does not properly implement the setInterval functio ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3843
	RESERVED
CVE-2011-3842
	RESERVED
CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avat ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3840
	RESERVED
CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote attackers  ...)
	NOT-FOR-US: Wuzly
CVE-2011-3838 (Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attac ...)
	NOT-FOR-US: Wuzly
CVE-2011-3837 (Directory traversal vulnerability in blog_system/data_functions.php in ...)
	NOT-FOR-US: Wuzly
CVE-2011-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly 2. ...)
	NOT-FOR-US: Wuzly
CVE-2011-3835 (Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow ...)
	NOT-FOR-US: Wuzly
CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before 5 ...)
	NOT-FOR-US: Winamp
CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in Suppo ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in Support Inc ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in Support Inci ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
	NOT-FOR-US: DVR Remote
CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWI ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-3826 (Zikula 1.2.4 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3825 (Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3824 (Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3823 (Yamamah 1.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3822 (XOOPS 2.5.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3821 (xajax 0.6 beta1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3820 (WSN Software 6.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3819 (WoW Server Status 4.1 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3818 (WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3817 (Website Baker 2.8.1 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3816 (WEBinsta mailing list manager 1.3e allows remote attackers to obtain s ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3814 (WebCalendar 1.2.3, and other versions before 1.2.5, allows remote atta ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3812 (Vanilla 2.0.16 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3811 (TomatoCart 1.1.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3810 (TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3809 (TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3808 (The Bug Genie 2.1.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3807 (Textpattern 4.2.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3806 (TCExam 11.1.015 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3805 (TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3804 (SweetRice 0.7.1 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3803 (SugarCRM 6.1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3802 (StatusNet 0.9.6 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3801 (SimpleTest 1.0.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3800 (Serendipity 1.5.5 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3799 (ReOS 2.0.5 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3798 (Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3797 (ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3796 (PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3795 (Podcast Generator 1.3 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3794 (Pligg CMS 1.1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3793 (Pixie 1.04 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3792 (Pixelpost 1.7.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3791 (Piwik 1.1 allows remote attackers to obtain sensitive information via  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3790 (Piwigo 2.1.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3789 (phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3788 (PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3787 (phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3786 (PHProjekt 6.0.5 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3785 (PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3784 (Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3783 (phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3782 (phpLD 2-151.2.0 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3781 (PHPIDS 0.6.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3780 (PHP iCalendar 2.4 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3779 (PhpHostBot 2.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3778 (PhpGedView 4.2.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3777 (phpFreeChat 1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3776 (phpFormGenerator 2.09 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3775 (PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3774 (php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to obta ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3773 (PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3772 (phpCollab 2.5 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3771 (phpBook 2.1.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3770 (phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3769 (PHPads 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3768 (Phorum 5.2.15a allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3767 (osCommerce 3.0a5 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3766 (OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3765 (Open-Realty 2.5.8 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3764 (OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain sens ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3763 (OpenCart 1.4.9.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3762 (OpenBlog 1.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3761 (NuSOAP 0.9.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3760 (Nucleus 3.61 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3759 (MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3758 (::mound:: 2.1.6 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3757 (Moodle 2.0.1 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3756 (MicroBlog 0.9.5 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3755 (MantisBT 1.2.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3754 (Mambo 4.6.5 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3753 (LinPHA 1.3.4 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3752 (LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3751 (LifeType 1.2.10 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3750 (kPlaylist 1.8.502 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3749 (ka-Map 1.0-20070205 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3748 (Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive in ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3747 (Joomla! 1.6.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3746 (Jcow 4.2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3745 (HycusCMS 1.0.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3744 (HTML Purifier 4.2.0 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3743 (Hesk 2.2 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3742 (HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3741 (Ganglia 3.1.7 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3740 (FrontAccounting 2.3.1 allows remote attackers to obtain sensitive info ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3739 (Freeway 1.5 Alpha allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3738 (Feng Office 1.7.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3737 (eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3736 (ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3735 (Escort Agency CMS (aka escort-agency-cms) allows remote attackers to o ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3734 (Energine 2.3.8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3733 (Elgg 1.7.6 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3732 (eggBlog 4.1.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3731 (e107 0.7.24 allows remote attackers to obtain sensitive information vi ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3730 (Drupal 7.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3729 (dotproject 2.1.4 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3728 (Dolphin 7.0.4 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3727 (DokuWiki 2009-12-25c allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3726 (DoceboLMS 4.0.4 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3725 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3724 (CubeCart 4.4.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3723 (Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3722 (Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to obtai ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3721 (concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3720 (conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote att ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3719 (CodeIgniter 1.7.2 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3718 (CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3717 (ClipBucket 2.0.9 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3716 (Claroline 1.9.7 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3715 (ClanTiger 1.1.3 allows remote attackers to obtain sensitive informatio ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3714 (ClanSphere 2010.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3713 (cFTP r80 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3712 (CakePHP 1.3.7 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3711 (BIGACE 2.7.5 allows remote attackers to obtain sensitive information v ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3710 (bbPress 1.0.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3709 (b2evolution 3.3.3 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3708 (Automne 4.0.2 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3707 (JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote attack ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3706 (ATutor 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3705 (Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3704 (appRain 0.1.0 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3703 (AneCMS 1.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3702 (Ananta Gazelle 1.0 allows remote attackers to obtain sensitive informa ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3701 (AlegroCart 1.2.3 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain  ...)
	- libphp-adodb <unfixed> (unimportant)
	NOTE: path is already known
CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3696 (60cycleCMS 2.5.2 allows remote attackers to obtain sensitive informati ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3695 (111WebCalendar 1.2.3 allows remote attackers to obtain sensitive infor ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3694 (The Server Administration Console in NetSaro Enterprise Messenger Serv ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3693 (NetSaro Enterprise Messenger Server 2.0 allows local users to discover ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3692 (NetSaro Enterprise Messenger Server 2.0 stores cleartext console crede ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3691 (Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718  ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-3690 (Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0  ...)
	NOT-FOR-US: PlotSoft PDFill PDF Editor
CVE-2011-3689 (Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Syst ...)
	NOT-FOR-US: Wibu-Systems CodeMeter WebAdmin
CVE-2011-3688 (Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9. ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3687 (Multiple cross-site scripting (XSS) vulnerabilities in Sonexis Confere ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3686 (Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.a ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3685 (Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cip ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3684 (Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server  ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3683
	RESERVED
CVE-2011-3682
	RESERVED
CVE-2011-3681
	REJECTED
CVE-2011-3680
	REJECTED
CVE-2011-3679
	REJECTED
CVE-2011-3678
	REJECTED
CVE-2011-3677
	REJECTED
CVE-2011-3676
	REJECTED
CVE-2011-3675
	REJECTED
CVE-2011-3674
	REJECTED
CVE-2011-3673
	REJECTED
CVE-2011-3672
	REJECTED
CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ns ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before  ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 7.0-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in B ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bug ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and  ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS  ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3665 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3664 (Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey befo ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3663 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaM ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3662
	RESERVED
CVE-2011-3661 (YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 thro ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3659 (Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and Se ...)
	- iceweasel 9.0-1
	- iceape 2.7.1-1
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x an ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3656
	RESERVED
	- iceweasel 4.0-1
	[squeeze] - iceweasel <end-of-life> (Iceweasel not supported in Squeeze LTS)
CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perfor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3654 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3653 (Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do n ...)
	- iceweasel <not-affected> (MacOS X-specific)
CVE-2011-3652 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird befor ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3651 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird befo ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) A ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3646 (phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote atta ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access rest ...)
	NOT-FOR-US: Newgen OmniDocs
CVE-2011-XXXX [atftp DoS]
	- atftp 0.7.dfsg-11 (low)
	[squeeze] - atftp <no-dsa> (Minor issue)
	[lenny] - atftp <not-affected> (Introduced with ipv6 patch)
CVE-2011-3644
	RESERVED
CVE-2011-3643
	RESERVED
CVE-2011-3642 (Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 thr ...)
	- mahara <removed> (low; bug #699230)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
CVE-2011-3641
	RESERVED
CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network  ...)
	{DSA-2339-1}
	- nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614)
	[lenny] - nss <no-dsa> (Minor issue)
	[squeeze] - nss <no-dsa> (Minor issue)
	- chromium-browser <unfixed> (unimportant)
	NOTE: attacker needs to get malicious file into cwd first
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...)
	{DSA-2405-1}
	- apache2 2.2.18-1
	NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modif ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before 2 ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-3636 (Cross-site request forgery (CSRF) vulnerability in the management inte ...)
	NOT-FOR-US: FreeIPA
CVE-2011-3635 (Cross-site scripting (XSS) vulnerability in the theme_adium_append_mes ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the cer ...)
	{DLA-0005-1}
	- apt 0.8.11 (low)
	[squeeze] - apt 0.8.10.3+squeeze2
	NOTE: Minor issue, apt is only affected if apt-transport-https is installed
	NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
	REJECTED
CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names  ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...)
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak encryptio ...)
	NOT-FOR-US: Joomla!
CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module)  ...)
	- pam 1.1.3-7 (low; bug #670076)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125
	NOTE: https://launchpadlibrarian.net/82729670/610125.patch
	NOTE: its not clear which version fixed this, but its present in the checked version 1.1.3-7
CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...)
	- clamav 0.97.3+dfsg-1 (low)
	[squeeze] - clamav 0.97.3+dfsg-1~squeeze1
CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c i ...)
	NOT-FOR-US: Logsurfer
CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in subr ...)
	- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
	[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
	- mplayer2 2.0-134-g84d8671-9 (bug #646937)
CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...)
	- ruby1.8 <removed> (low; bug #646020)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (low; bug #646020)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed> (low; bug #646020)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, there seems to be no patch upstream)
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player bef ...)
	- vlc 1.1.3-1
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622 (A Cross-Site Scripting (XSS) vulnerability exists in the admin login s ...)
	NOT-FOR-US: phorum
CVE-2011-3621 (A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_ ...)
	NOT-FOR-US: fluxbb
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the joini ...)
	- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the Li ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling ...)
	- atop 1.23-1.1 (low; bug #622794)
	[lenny] - atop 1.23-1+lenny1 (bug #622794)
	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...)
	- tahoe-lafs 1.8.3-1 (bug #641540)
CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...)
	- conky 1.8.0-1.1 (low; bug #612033)
	[squeeze] - conky 1.8.0-1+squeeze1
	[lenny] - conky 1.6.0-2+lenny1
CVE-2011-3615 (Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF)  ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-3614 (An Access Control vulnerability exists in the Facebook, Twitter, and E ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-3613 (An issue exists in Vanilla Forums before 2.0.17.9 due to the way cooki ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-3612 (Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in ...)
	NOT-FOR-US: UseBB
CVE-2011-3611 (A File Inclusion vulnerability exists in act parameter to admin.php in ...)
	NOT-FOR-US: UseBB
CVE-2011-3610 (A Cross-site Scripting (XSS) vulnerability exists in the Serendipity f ...)
	NOT-FOR-US: Serendipity plugin
CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3608
	REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...)
	{DSA-2405-1}
	- apache2 2.2.21-4
CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) bef ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
	NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72)
CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router adve ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.2 (bug #644614)
	[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...)
	- libxmlrpc3-java 3.1.3-1 (low)
	[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when  ...)
	- libcrypt-dsa-perl 1.17-3 (unimportant; bug #644189)
	NOTE: All supported Debian kernels have /dev/random, so severity unimportant
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin befo ...)
	- phppgadmin 5.0.3-1 (low; bug #644290)
	[squeeze] - phppgadmin 4.2.3-1.1squeeze1
	[lenny] - phppgadmin 4.2.2-1lenny1
CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for Perl ...)
	- libdigest-perl 1.17-1 (low; bug #644108)
	[squeeze] - libdigest-perl 1.16-1+squeeze1
	[lenny] - libdigest-perl 1.15-2+lenny1
	- perl 5.12.4-6 (low; bug #644108)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...)
	- polipo 1.0.4.1-1.2 (bug #644289)
	[squeeze] - polipo <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
CVE-2011-3595 (Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! t ...)
	NOT-FOR-US: Joomla!
CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in libp ...)
	- pidgin 2.10.1-1 (unimportant)
	[squeeze] - pidgin 2.7.3-1+squeeze2
	NOTE: relatively obscure client crash
CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in net ...)
	- linux-2.6 <not-affected> (RHEL6 only because of badly backported patches)
CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlin ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4. ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3590 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3589 (The Red Hat mkdumprd script for kexec-tools, as distributed in the kex ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3588 (The SSH configuration in the Red Hat mkdumprd script for kexec-tools,  ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone  ...)
	- zope2.10 <not-affected> (Introduced in 2.12)
	- zope2.12 2.12.20-2
CVE-2011-3586
	REJECTED
CVE-2011-3585 (Multiple race conditions in the (1) mount.cifs and (2) umount.cifs pro ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:4.5-1 (low)
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to  ...)
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
	[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
	[lenny] - typo3-src 4.2.5-1+lenny9
CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...)
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
CVE-2011-3582 (A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced E ...)
	NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal functio ...)
	{DSA-2353-1}
	- ldns 1.6.11-1 (bug #647297)
CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote att ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before 10 ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.p ...)
	- mantis 1.2.7-1
	[squeeze] - mantis 1.1.8+dfsg-10squeeze1
CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 do ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in N ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3572
	REJECTED
CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI)  ...)
	NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507.
CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3567
	REJECTED
CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows  ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1  ...)
	- glassfish <not-affected> (administration component not shipped)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=783897
CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3559 (Unspecified vulnerability in Oracle Communications Server 2.0; GlassFi ...)
	NOT-FOR-US: Oracle Communications Server, GlassFish Enterprise Server, Sun Java System App Server
CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - openjdk-6 <not-affected> (Hotspot version too old)
	[squeeze] - openjdk-6 <not-affected> (Hotspot version too old)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3543 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Oracle Solaris 11 Express
CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3540
	REJECTED
CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle Virtualiz ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2011-3537 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3536 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3535 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3534 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3533 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3532 (Unspecified vulnerability in the Oracle Agile Product Supplier Collabo ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2011-3531 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3529 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3528 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3527 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3526 (Unspecified vulnerability in the Siebel Core - UIF Server component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3525 (Unspecified vulnerability in the Application Express component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3524 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3522 (Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra SPAR ...)
	NOT-FOR-US: SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade
CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3520 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise PeopleTools
CVE-2011-3519 (Unspecified vulnerability in the Oracle Applications Framework compone ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3518 (Unspecified vulnerability in the Siebel Core - UIF Client component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3517 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2011-3515 (Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3514 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3512 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3511 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3509 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified compone ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3505
	REJECTED
CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly a ...)
	{DSA-2336-1}
	- libav 4:0.7.2-1 (bug #643859)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and pos ...)
	NOT-FOR-US: eSignal
CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote at ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub  ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attacker ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and  ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote at ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in Measure ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
	NOT-FOR-US: eSignal
CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
	NOT-FOR-US: Azeotech DAQFactory
CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and  ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft Sc ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ea ...)
	NOT-FOR-US: Rockwell RSLogix
CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows  ...)
	NOT-FOR-US: Equis MetaStock
CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel Plan ...)
	NOT-FOR-US: Carel PlantVisor
CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2011-3485
	RESERVED
CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server be ...)
	{DSA-2377-1}
	- cyrus-imapd-2.2 <unfixed>
	- cyrus-imapd-2.4 2.4.11-1
	- kolab-cyrus-imapd <removed>
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3480
	REJECTED
CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcA ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through 12.5 ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3477 (GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in S ...)
	NOT-FOR-US: Symantec
CVE-2011-3476
	REJECTED
CVE-2011-3475
	RESERVED
CVE-2011-3474
	RESERVED
CVE-2011-3473
	RESERVED
CVE-2011-3472
	RESERVED
CVE-2011-3471
	RESERVED
CVE-2011-3470
	RESERVED
CVE-2011-3469
	RESERVED
CVE-2011-3468
	RESERVED
CVE-2011-3467
	RESERVED
CVE-2011-3466
	RESERVED
CVE-2011-3465
	RESERVED
CVE-2011-3464 (Off-by-one error in the png_formatted_warning function in pngerror.c i ...)
	- libpng <not-affected> (Only affects libpng 1.5, which is only in experimental)
CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properl ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify the uniqu ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3461
	RESERVED
CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows re ...)
	NOT-FOR-US: QuickTime
CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows r ...)
	NOT-FOR-US: QuickTime
CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to u ...)
	NOT-FOR-US: QuickTime
CVE-2011-3457 (The OpenGL implementation in Apple Mac OS X before 10.7.3 does not pro ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3456
	RESERVED
CVE-2011-3455
	RESERVED
CVE-2011-3454
	RESERVED
CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows r ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3452 (Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3451
	RESERVED
CVE-2011-3450 (CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restri ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3449 (Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7 ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3448 (Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7. ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3447 (CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly con ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3446 (Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not pro ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3445
	RESERVED
CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3443 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webspecidied Safari webkit issue, likely a Apple dupe
CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of f ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate domain-n ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3440 (The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attac ...)
	{DSA-2350-1}
	- freetype 2.4.8-1 (bug #649122)
CVE-2011-3438 (WebKit, as used in Safari 5.0.6, allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS  ...)
	NOT-FOR-US: Apple Type Services (ATS) in Apple Mac OS
CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3435 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3434 (The WiFi component in Apple iOS before 5 stores WiFi credentials in an ...)
	NOT-FOR-US: WiFi component in Apple iOS
CVE-2011-3433
	RESERVED
CVE-2011-3432 (The UIKit Alerts component in Apple iOS before 5 allows remote attacke ...)
	NOT-FOR-US: UIKit Alerts component in Apple iOS
CVE-2011-3431 (The Home screen component in Apple iOS before 5 does not properly supp ...)
	NOT-FOR-US: Home screen component in Apple iOS
CVE-2011-3430 (The Settings component in Apple iOS before 5, when a configuration pro ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3429 (The Settings component in Apple iOS before 5 stores a cleartext parent ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3428 (Buffer overflow in QuickTime before 7.7.1 for Windows allows remote at ...)
	NOT-FOR-US: Apple Quicktime
CVE-2011-3427 (The Data Security component in Apple iOS before 5 and Apple TV before  ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3426 (Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3425
	RESERVED
CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in  ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer  ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in th ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
	{DSA-2395-1}
	- wireshark 1.6.2-1
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
CVE-2011-3484 (The unxorFrame function in epan/dissectors/packet-opensafety.c in the  ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-12.html
CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before 14.0.835. ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3419
	REJECTED
CVE-2011-3418
	REJECTED
CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable  ...)
	NOT-FOR-US: Microsoft .NET Framework
	NOTE: Might affect Mono, pinged maintainers
CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibili ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote atta ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitr ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3409
	REJECTED
CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the  ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3407
	REJECTED
CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode ...)
	NOT-FOR-US: Microsoft Active Directory
CVE-2011-3405
	REJECTED
CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Cont ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handl ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windo ...)
	NOT-FOR-US: Microsoft Media Player
CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly h ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3399
	REJECTED
CVE-2011-3398
	REJECTED
CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 a ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3395
	REJECTED
CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate Softw ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php i ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the control ...)
	NOT-FOR-US: Phorum
CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code t ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel b ...)
	- quassel 0.7.3-1 (low; bug #640960)
	[squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960)
	NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in IB ...)
	NOT-FOR-US: IBM OpenAdmin Too
CVE-2011-3350 (masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c ...)
	- masqmail 0.2.30-1 (low; bug #638002)
	[lenny] - masqmail <no-dsa> (no security issue by itself)
	[squeeze] - masqmail 0.2.27-1.1+squeeze1
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windo ...)
	{DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1 DLA-400-1 DLA-154-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
	- iceweasel <not-affected>
	NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	- lighttpd 1.4.30-1
	NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
	- curl 7.24.0-1
	NOTE: http://curl.haxx.se/docs/adv_20120124B.html
	- python2.6 2.6.8-0.1 (bug #684511)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.3~rc1-1
	- python3.1 <unfixed> (bug #678998)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3~rc1-1
	NOTE: http://bugs.python.org/issue13885
	NOTE: python3.1 is fixed starting 3.1.5
	- cyassl <removed>
	- gnutls26 <removed> (unimportant)
	- gnutls28 <unfixed> (unimportant)
	NOTE: No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
	- haskell-tls <unfixed> (unimportant)
	NOTE: No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	NOTE: matrixssl fix this upstream in 3.2.2
	- bouncycastle 1.49+dfsg-1
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
	NOTE: No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
	- nss 3.13.1.with.ckbi.1.88-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=665814
	NOTE: https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
	- polarssl <unfixed> (unimportant)
	NOTE: No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	- pound 2.6-2
	NOTE: Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
	- erlang 1:15.b-dfsg-1
	[squeeze] - erlang <no-dsa> (Minor issue)
	- asterisk 1:13.7.2~dfsg-1
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site t ...)
	NOT-FOR-US: Opera
CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authent ...)
	NOT-FOR-US: IBM Java
CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin pump  ...)
	NOT-FOR-US: Medtronic Paradigm wireless insulin pump
CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, a ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and ...)
	NOT-FOR-US: Sage
CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allow ...)
	NOT-FOR-US: Phorum
CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.1 ...)
	NOT-FOR-US: Phorum
CVE-2011-3380 (Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a deni ...)
	- openswan <not-affected> (vulnerable versions never uploaded to the archive)
CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __auto ...)
	- php5 5.3.9-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attack ...)
	- rpm 4.9.1.2-1 (low; bug #645325)
	[squeeze] - rpm 4.8.1-6+squeeze1
	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x be ...)
	{DSA-2420-1}
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.4-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat  ...)
	- tomcat7 7.0.22-1
CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not pro ...)
	{DSA-2401-1}
	- tomcat6 6.0.33-1
	- tomcat7 7.0.22-1
CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...)
	- apt <unfixed> (unimportant; bug #642480)
	NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...)
	NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in include/functio ...)
	NOT-FOR-US: PunBB
CVE-2011-3370 (statusnet before 0.9.9 has XSS ...)
	- statusnet <itp> (bug #491723)
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before 0. ...)
	- etherape 0.9.12-1 (low; bug #645324)
	[lenny] - etherape <no-dsa> (Minor issue)
	[squeeze] - etherape 0.9.8-1+squeeze1
CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...)
	{DSA-2405-1}
	- apache2 2.2.21-2 (medium)
	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font w ...)
	- arora <unfixed> (unimportant)
	NOTE: Requires CA compromise to exploit, browser still displays warning.
CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering ce ...)
	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298)
	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and poss ...)
	- kde4libs 4:4.7.2-1
	[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
	[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in setting ...)
	- network-manager-applet <not-affected> (ifcfg-rh plugin not built/included in Debian)
CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel be ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in commit 1bfe73c2)
CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavs ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC  ...)
	- backuppc 3.2.1-2 (bug #641450)
	[squeeze] - backuppc 3.1.0-9.1
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
	NOTE: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 an ...)
	{DSA-2324-1}
	- wireshark 1.6.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html
CVE-2011-3359 (The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux ker ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (b43 allocate recieve buffer is 2404 bytes, which is already larger than the upstream fix of increasing it to 2382 bytes)
CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in M ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (medium; bug #640297)
CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_defaults ...)
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
	[lenny] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...)
	- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...)
	{DSA-2389-1}
	- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...)
	NOT-FOR-US: Zikula
CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely  ...)
	- openvas-server <removed> (low; bug #641327)
	[squeeze] - openvas-server <no-dsa> (Minor issue)
	NOTE: openvas-scanner in experimental also affected according to #671327
CVE-2011-3349 (lightdm before 0.9.6 writes in .dmrc and Xauthority files using root p ...)
	- lightdm 0.9.6-1 (bug #639151)
CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...)
	- apache2 2.2.21-1
	[squeeze] - apache2 2.2.16-6+squeeze4
	[lenny] - apache2 <not-affected> (introduced in 2.2.12)
CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel pac ...)
	- linux-2.6 3.2-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-3346 (Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before ...)
	- qemu-kvm 0.15.1+dfsg-1 (bug #646118)
	[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ofa_ker ...)
	- ofa-kernel <itp> (bug #541849)
CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attacke ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 al ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: https://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remo ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center i ...)
	NOT-FOR-US: Sentinel HASP Run-time Environment
CVE-2011-3338
	RESERVED
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...)
	NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...)
	NOT-FOR-US: BSD
CVE-2011-3335
	RESERVED
CVE-2011-3334
	RESERVED
CVE-2011-3333
	RESERVED
CVE-2011-3332 (Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix  ...)
	NOT-FOR-US: Iceni Argus
CVE-2011-3331
	RESERVED
CVE-2011-3330 (Buffer overflow in the UnitelWay Windows Device Driver, as used in Sch ...)
	NOT-FOR-US: Schneider Electric
CVE-2011-3329
	RESERVED
CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color ...)
	- libpng <not-affected> (Introduced in 1.5.4, which was only in experimental and which has been fixed since then)
CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in bgp_ ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before 0.99 ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote attacker ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 impleme ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows re ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon  ...)
	NOT-FOR-US: Scadatec Limited Procyon SCADA
CVE-2011-3321 (Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loade ...)
	NOT-FOR-US: SIMATIC WinCC
CVE-2011-3320 (Cross-site scripting (XSS) vulnerability in the Web Administrator comp ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx Re ...)
	NOT-FOR-US: WebEx
CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software 1. ...)
	NOT-FOR-US: Cisco
CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution En ...)
	NOT-FOR-US: Cisco
CVE-2011-3316
	RESERVED
CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco
CVE-2011-3314
	RESERVED
CVE-2011-3313
	RESERVED
CVE-2011-3312
	RESERVED
CVE-2011-3311
	RESERVED
CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-3308
	RESERVED
CVE-2011-3307
	RESERVED
CVE-2011-3306
	RESERVED
CVE-2011-3305 (Directory traversal vulnerability in Cisco Network Admission Control ( ...)
	NOT-FOR-US: Cisco Network Admission Control
CVE-2011-3304 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3303 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3302 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3301 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3300 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3299 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3298 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the  ...)
	NOT-FOR-US: Cisco
CVE-2011-3297 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...)
	NOT-FOR-US: Cisco
CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 befo ...)
	NOT-FOR-US: Cisco
CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as us ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the admi ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Solu ...)
	NOT-FOR-US: Cisco
CVE-2011-3292
	RESERVED
CVE-2011-3291
	RESERVED
CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Orac ...)
	NOT-FOR-US: Cisco
CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect recursio ...)
	NOT-FOR-US: Cisco
CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x t ...)
	NOT-FOR-US: Cisco
CVE-2011-3286
	RESERVED
CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive  ...)
	NOT-FOR-US: Cisco
CVE-2011-3284
	RESERVED
CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a  ...)
	NOT-FOR-US: Cisco
CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...)
	NOT-FOR-US: Cisco
CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain H ...)
	NOT-FOR-US: Cisco
CVE-2011-3280 (Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 a ...)
	NOT-FOR-US: Cisco
CVE-2011-3279 (The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12 ...)
	NOT-FOR-US: Cisco
CVE-2011-3278 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3277 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3276 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1  ...)
	NOT-FOR-US: Cisco
CVE-2011-3275 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x throug ...)
	NOT-FOR-US: Cisco
CVE-2011-3274 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, 15 ...)
	NOT-FOR-US: Cisco
CVE-2011-3273 (Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based Fir ...)
	NOT-FOR-US: Cisco
CVE-2011-3272 (The IP Service Level Agreement (IP SLA) functionality in Cisco IOS 15. ...)
	NOT-FOR-US: Cisco
CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in Cisco  ...)
	NOT-FOR-US: Cisco
CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and  ...)
	NOT-FOR-US: Cisco
CVE-2011-3269 (Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allo ...)
	NOT-FOR-US: Lexmark
CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows conte ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Only affected 5.3.7)
	[lenny] - php5 <not-affected> (Only affected 5.3.7)
CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, w ...)
	{DSA-2408-1}
	- php5 5.3.7-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2011-3266 (The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and  ...)
	- wireshark 1.6.2-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the c ...)
	- zabbix 1:1.8.9-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive inform ...)
	- zabbix 1:1.8.6-1 (unimportant)
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Installation path is known anyway for the Debian package
CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows con ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-3261 (Double free vulnerability in OfficeImport in Apple iOS before 5 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3260 (Buffer overflow in OfficeImport in Apple iOS before 5 allows remote at ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3259 (The kernel in Apple iOS before 5 and Apple TV before 4.4 does not prop ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3258
	RESERVED
CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly hand ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3256 (FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5 ...)
	{DSA-2328-1}
	- freetype 2.4.7-1 (bug #646120)
CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspe ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS befo ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3253 (CalDAV in Apple iOS before 5 does not validate X.509 certificates for  ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, all ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to exe ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attacke ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attacker ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows rem ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 do ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final chara ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X  ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3240
	RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, whic ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, a ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-3231 (The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3230 (Apple Safari before 5.1.1 on Mac OS X does not enforce an intended pol ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3229 (Directory traversal vulnerability in Apple Safari before 5.1.1 allows  ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to e ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly handle e ...)
	NOT-FOR-US: libsecurity in Apple Mac OS X
CVE-2011-3226 (Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 se ...)
	NOT-FOR-US: Open Directory in Apple Mac OS X
CVE-2011-3225 (The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 doe ...)
	NOT-FOR-US: SMB File Server component in Apple Mac OS X
CVE-2011-3224 (The User Documentation component in Apple Mac OS X through 10.6.8 uses ...)
	NOT-FOR-US: User Documentation component in Apple Mac OS X
CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process UR ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, all ...)
	NOT-FOR-US: Apple CoreMedia
CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X thr ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to e ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly implement ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly prevent F ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3214 (IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a ...)
	NOT-FOR-US: IOGraphics in Apple Mac OS X
CVE-2011-3213 (The File Systems component in Apple Mac OS X before 10.7.2 does not pr ...)
	NOT-FOR-US: File Systems component in Apple Mac OS X
CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that  ...)
	NOT-FOR-US: CoreStorage in Apple Mac OS X
CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remo ...)
	{DSA-2302-1}
	- bcfg2 1.1.2-2 (bug #640028)
	NOTE: information as reported by maintainer
CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through  ...)
	- openssl 1.0.0e-1
	[lenny] - openssl 0.9.8g-15+lenny13
	[squeeze] - openssl 0.9.8o-4squeeze3
CVE-2011-3209 (The div_long_long_rem implementation in include/asm-x86/div64.h in the ...)
	- linux-2.6 2.6.26-1
CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c  ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initial ...)
	- openssl 1.0.0e-1
	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
	[lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
CVE-2011-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: RHQ
CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the Gophe ...)
	{DSA-2304-1}
	- squid3 3.1.15-1 (low; bug #639755)
	- squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbit ...)
	- hammerhead <removed> (bug #639890)
	[lenny] - hammerhead <no-dsa> (Minor issue)
	[squeeze] - hammerhead <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/826679
CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...)
	NOT-FOR-US: Jcow
CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...)
	NOT-FOR-US: Jcow
CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to  ...)
	- evolution <unfixed> (unimportant)
	NOTE: Any attacks still involve quite some social engineering
CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in to ...)
	- rsyslog 5.8.5-1 (low; bug #644611)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
	NOTE: off-by-one/-two limited to 0 or :0
CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain Technolo ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637584)
CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in  ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637537)
CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637487; bug #637498)
CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 use ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637485)
CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0. ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637477)
CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
CVE-2011-3193 (Heap-based buffer overflow in the Lookup_MarkMarkPos function in the H ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
	- pango1.0 1.28.3-1
	NOTE: affected code in pango1.0 removed earlier, but this is the version checked (lenny is affected)
CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2. ...)
	{DSA-2298-1}
	- apache2 2.2.19-2
CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifss ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-5
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0  ...)
	{DSA-2401-1}
	- tomcat6 6.0.35-1
	- tomcat7 7.0.21-1
	- tomcat5.5 <removed>
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, retur ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3 ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip ...)
	- rails <unfixed> (unimportant)
	NOTE: X-Forwarded-For header is user supplied (like User-Agent)
CVE-2011-3186 (CRLF injection vulnerability in actionpack/lib/action_controller/respo ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted rem ...)
	- pidgin <not-affected> (Windows-specific)
CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...)
	- pidgin 2.10.0-1 (unimportant)
	NOTE: Only exploitable by a malicious MSN server to crash the client
CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...)
	NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking fe ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.4-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 an ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
	NOT-FOR-US: Novell Messenger
CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
CVE-2011-3177 (The YaST2 network created files with world readable permissions which  ...)
	NOT-FOR-US: YaST
CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks  ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 Ac ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...)
	- libpam-unix2 <removed>
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645
	NOTE: Issue was not fixed up to the version removed from unstable.
	NOTE: Proposed update form SUSE: https://bugzilla.suse.com/attachment.cgi?id=441720
CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly oth ...)
	NOT-FOR-US: pure-FTPd add-on
CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earl ...)
	{DSA-2354-1}
	- cups 1.5.0-8
	NOTE: This ID is for an incomplete fix for CVE-2011-2896
CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP TCP ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3168 (Unspecified vulnerability in the POP and IMAP service implementations  ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3167 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3166 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3165 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3164 (Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure R ...)
	NOT-FOR-US: HP-UX
CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local user ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3160 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3159 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3158 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3157 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3156 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3155 (Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 throug ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1 ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows loca ...)
	- lightdm 1.0.6-2
CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87. ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3151 (The Ubuntu SELinux initscript before version 1:0.10 used touch to crea ...)
	NOT-FOR-US: Historic Ubuntu init script issue
CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly validat ...)
	- software-center <not-affected> (ubuntu-specific issue)
	NOTE: debian package does not contain the vulnerable purchaseview.py code, and probably won't ever as that's part of their commercial interface code
CVE-2011-3149 (The _expand_arg function in the pam_env module (modules/pam_env/pam_en ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in modules/ ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3147 (Versions of nova before 2012.1 could expose hypervisor host files to a ...)
	- nova 2012.1~e1-1
	NOTE: http://bazaar.launchpad.net/~hudson-openstack/nova/trunk/revision/1604
CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, ...)
	- librsvg 2.34.1-1
	[squeeze] - librsvg <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=658014
CVE-2011-3145 (When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreui ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems Clear ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA 2005,  ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in W ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for Invensys ...)
	NOT-FOR-US: Wonderware InBatch
CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX ...)
	NOT-FOR-US: IBM Web Application Firewall
CVE-2011-3139
	REJECTED
CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli Federated Ide ...)
	NOT-FOR-US: Tivoli
CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...)
	NOT-FOR-US: Tivoli
CVE-2011-3136 (Unspecified vulnerability in the Management Console in IBM Tivoli Fede ...)
	NOT-FOR-US: Tivoli
CVE-2011-3135 (Unspecified vulnerability in the Runtime in IBM Tivoli Federated Ident ...)
	NOT-FOR-US: Tivoli
CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3 ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0. ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3131 (Xen 4.1.1 and earlier allows local guest OS kernels with control of a  ...)
	{DSA-2582-1}
	- xen 4.1.2-1
CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before  ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3129 (The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 be ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached att ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rend ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attacke ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, a ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
	NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010
CVE-2011-3121
	RESERVED
CVE-2011-3120
	REJECTED
CVE-2011-3119
	REJECTED
CVE-2011-3118
	REJECTED
CVE-2011-3117
	REJECTED
CVE-2011-3116
	REJECTED
CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome be ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not pr ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality specific to Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 3.8.9.20-2 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3107 (Google Chrome before 19.0.1084.52 does not properly implement JavaScri ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3106 (The WebSockets implementation in Google Chrome before 19.0.1084.52 doe ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3105 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows remote atta ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does not prop ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084 ...)
	{DSA-2479-1}
	- libxml2 2.7.8.dfsg-9.1 (bug #674191)
	NOTE: http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate  ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 20.0.1132.21~r139451-1
CVE-2011-3100 (Google Chrome before 19.0.1084.46 does not properly draw dash paths, w ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3099 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3098 (Google Chrome before 19.0.1084.46 on Windows uses an incorrect search  ...)
	- chromium-browser <not-affected> (Windows-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3097 (The PDF functionality in Google Chrome before 19.0.1084.46 allows remo ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3096 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on L ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3095 (The OGG container in Google Chrome before 19.0.1084.46 allows remote a ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3094 (Google Chrome before 19.0.1084.46 does not properly handle Tibetan tex ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3093 (Google Chrome before 19.0.1084.46 does not properly handle glyphs, whi ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3092 (The regex implementation in Google V8, as used in Google Chrome before ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3091 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3089 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3088 (Google Chrome before 19.0.1084.46 does not properly draw hairlines, wh ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3087 (Google Chrome before 19.0.1084.46 does not properly perform window nav ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3086 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allo ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3085 (The Autofill feature in Google Chrome before 19.0.1084.46 does not pro ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3084 (Google Chrome before 19.0.1084.46 does not use a dedicated process for ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3083 (browser/profiles/profile_impl_io_data.cc in Google Chrome before 19.0. ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3082
	RESERVED
CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome  ...)
	{DSA-3260-1}
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/
CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 all ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3075 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3074 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3073 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3072 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3071 (Use-after-free vulnerability in the HTMLMediaElement implementation in ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3070 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 all ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3069 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3068 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3067 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass t ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3066 (Skia, as used in Google Chrome before 18.0.1025.151, does not properly ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3065 (Skia, as used in Google Chrome before 18.0.1025.142, allows remote att ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3064 (Use-after-free vulnerability in Google Chrome before 18.0.1025.142 all ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 18.0.1025.142~r129054-1
CVE-2011-3063 (Google Chrome before 18.0.1025.142 does not properly validate the rend ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before 18. ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509 certi ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text fragm ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3059 (Google Chrome before 18.0.1025.142 does not properly handle SVG text e ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote  ...)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does not req ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3054 (The WebUI privilege implementation in Google Chrome before 17.0.963.83 ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3053 (Use-after-free vulnerability in Google Chrome before 17.0.963.83 allow ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3052 (The WebGL implementation in Google Chrome before 17.0.963.83 does not  ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3051 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3050 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3049 (Google Chrome before 17.0.963.83 does not properly restrict the extens ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, ...)
	{DSA-2446-1}
	- libpng 1.2.49-1 (bug #667475)
CVE-2011-3047 (The GPU process in Google Chrome before 17.0.963.79 allows remote atta ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3046 (The extension subsystem in Google Chrome before 17.0.963.78 does not p ...)
	- chromium-browser 17.0.963.78~r125577-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3045 (Integer signedness error in the png_inflate function in pngrutil.c in  ...)
	{DSA-2439-1}
	- libpng 1.2.47-2 (bug #665208; high)
CVE-2011-3044 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3043 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3042 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3041 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3040 (Google Chrome before 17.0.963.65 does not properly handle text, which  ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3039 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3038 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3037 (Google Chrome before 17.0.963.65 does not properly perform casts of un ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3036 (Google Chrome before 17.0.963.65 does not properly perform a cast of a ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3035 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3034 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3033 (Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65,  ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3032 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 allow ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3031 (Use-after-free vulnerability in the element wrapper in Google V8, as u ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3030
	RESERVED
CVE-2011-3029
	RESERVED
CVE-2011-3028
	RESERVED
CVE-2011-3027 (Google Chrome before 17.0.963.56 does not properly perform a cast of a ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before 17.0.963.5 ...)
	{DSA-2410-1}
	- libpng 1.2.46-5 (high; bug #660026)
CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, w ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a de ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3023 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3022 (translate/translate_manager.cc in Google Chrome before 17.0.963.56 and ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3021 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3020 (Unspecified vulnerability in the Native Client validator implementatio ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3019 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3018 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows  ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3017 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3016 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 allow ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before 1 ...)
	- chromium-browser <not-affected> (PDF functionality not built)
CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3012 (The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremu ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle  ...)
	NOT-FOR-US: CA ARCserve D2D
CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5. ...)
	- twiki <removed>
CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon forking, wh ...)
	- ruby1.8 1.8.7.352-1
	[squeeze] - ruby1.8 1.8.7.302-2squeeze2
CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL) Gateway 1. ...)
	NOT-FOR-US: Avaya Secure Access Link Gateway
CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint Pr ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3006 (The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS E ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3005 (Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunder ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3004 (The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey b ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3003 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attac ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3002 (Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefo ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey b ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2997 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 6)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox 6)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 6)
	- iceape <not-affected> (Only affects Firefox 6)
CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x b ...)
	- icedove <not-affected> (Only affects MacOS)
	- xulrunner <not-affected> (Only affects MacOS)
	- iceweasel <not-affected> (Only affects MacOS)
	- iceape <not-affected> (Only affects MacOS)
CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2994
	RESERVED
CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla Fire ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader imp ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANG ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x bef ...)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3 ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12,  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20,  ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup fun ...)
	- icedove <not-affected> (Only affects Windows)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain  ...)
	{DSA-2322-1}
	- bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x befo ...)
	- bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2 ...)
	- bugzilla 3.6.1.0-0.1 (low)
	NOTE: Fixed in 3.5.1, but 3.6.1 was first fixed upload to archive
CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in mapsymbo ...)
	- mapserver 6.0.1-1
	[lenny] - mapserver <not-affected> (Vulnerable code not present)
	[squeeze] - mapserver <not-affected> (Vulnerable code not present)
CVE-2011-2974
	REJECTED
CVE-2011-2973
	REJECTED
CVE-2011-2972
	REJECTED
CVE-2011-2971
	REJECTED
CVE-2011-2970
	REJECTED
CVE-2011-2969
	REJECTED
CVE-2011-2968
	REJECTED
CVE-2011-2967
	REJECTED
CVE-2011-2966
	REJECTED
CVE-2011-2965
	REJECTED
CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 al ...)
	{DSA-2380-1}
	- foomatic-filters 4.0.9-1
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: Fixed in foomatic-filters 4.0.8
CVE-2011-2963 (TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not  ...)
	NOT-FOR-US: Progea Movicon
CVE-2011-2962 (Multiple stack-based buffer overflows in Invensys Wonderware Informati ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2011-2961 (Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetP ...)
	NOT-FOR-US: Sunway pNetPower
CVE-2011-2960 (Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceContr ...)
	NOT-FOR-US: Sunway ForceControl
CVE-2011-2959 (Stack-based buffer overflow in the Open Database Connectivity (ODBC) s ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS)
CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXo ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnosti ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Diagnostics Viewer
CVE-2011-2956 (AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authenti ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2011-XXXX [rtkit: failure to drop supplemental groups]
	- rtkit 0.10-2
CVE-2011-XXXX [minissdpd multiple issues]
	- minissdpd 1.0.20110729-1 (bug #635836)
CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 1 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlaye ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, R ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks RealPl ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11. ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader befor ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in libpu ...)
	- pidgin 2.10.0-1 (bug #638709)
	[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
	[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in net/bridge/br_ ...)
	- linux-2.6 <not-affected> (RHEL-specific backport issue)
CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platfor ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrar ...)
	- stunnel4 3:4.42-1 (bug #638758)
	[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
	[lenny] - stunnel4 <not-affected> (Only 4.4x affected)
CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in th ...)
	- perl 5.12.4-4 (low; bug #637376)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	- libencode-perl 2.44-1 (low)
CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php  ...)
	- mantis 1.2.6-1 (bug #638321)
	[squeeze] - mantis <not-affected> (Only affects Mantis 1.1)
	[lenny] - mantis <not-affected> (Only affects Mantis 1.1)
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages functional ...)
	- roundcube 0.5.4+dfsg-1 (low; bug #641996)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...)
	- elgg <itp> (bug #526197)
CVE-2011-2935 (Elgg through 1.7.10 has XSS ...)
	- elgg <itp> (bug #526197)
CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...)
	{DSA-2655-1}
	- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in a ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name method  ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2929 (The template selection functionality in actionpack/lib/action_view/tem ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux kerne ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6,  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
	RESERVED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...)
	NOT-FOR-US: Cumin
CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...)
	- foomatic-filters 4.0.12-1 (low)
	[squeeze] - foomatic-filters 4.0.5-6+squeeze2
CVE-2011-2923 (foomatic-rip filter, all versions, used insecurely creates temporary f ...)
	- foomatic-filters <unfixed> (unimportant)
	NOTE: debug mode-only
CVE-2011-2922 (ktsuss versions 1.4 and prior spawns the GTK interface to run as root. ...)
	- ktsuss <removed>
CVE-2011-2921 (ktsuss versions 1.4 and prior has the uid set to root and does not dro ...)
	- ktsuss <removed>
CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6,  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in  ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does n ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS 4 ...)
	NOT-FOR-US: Mambo
CVE-2011-2916 (qtnx 0.9 stores non-custom SSH keys in a world-readable configuration  ...)
	- qtnx <removed> (low; bug #637439)
	[squeeze] - qtnx <no-dsa> (Minor issue)
CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams. ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in src ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in src/load_wav.c ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2910 (The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check  ...)
	- ax25-tools 0.0.8-13.2 (low; bug #638198)
	[lenny] - ax25-tools <no-dsa> (Minor issue)
	[squeeze] - ax25-tools <no-dsa> (Minor issue)
CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c  ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console (jm ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource  ...)
	- torque 2.4.15+dfsg-1
	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906 (** DISPUTED ** Integer signedness error in the pmcraid_ioctl_passthrou ...)
	NOT-FOR-US: ** REJECT **
CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in too ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix befor ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow attack ...)
	- tcptrack 1.4.2-1 (unimportant; bug #551092)
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-1 ...)
	- xpdf 3.02-19 (low; bug #635849)
	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
	[squeeze] - xpdf 3.02-12+squeeze1
CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows  ...)
	- xen <not-affected> (Only affects Xen <= 3.3)
	- xen-3 <removed>
CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c  ...)
	NOT-FOR-US: Mongoose
CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic ...)
	- foomatic-gui 0.7.9.5 (low)
	- system-config-printer <not-affected> (Vulnerable code not present; bug #639243)
	[squeeze] - system-config-printer <not-affected> (Vulnerable code not present)
	[lenny] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not pr ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
CVE-2011-2897 (gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initiali ...)
	- gdk-pixbuf <not-affected> (This only applies to the old standalone copy shipped until Lenny)
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the  ...)
	{DSA-2426-1 DSA-2354-1}
	- cups 1.5.0-8
	- gimp 2.6.11-5 (bug #643753)
CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile ...)
	{DSA-2293-1}
	- libxfont 1:1.4.4-1
CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3. ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-a ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a fr ...)
	NOT-FOR-US: Joomla!
CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla!
CVE-2011-2890 (The MediaViewMedia class in administrator/components/com_media/views/m ...)
	NOT-FOR-US: Joomla!
CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...)
	NOT-FOR-US: Joomla!
CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ca ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2886 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2885 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a den ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2884 (Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Ga ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control i ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 h ...)
	- chromium-browser <not-affected> (chromium uses libv8 system copy)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95667
	NOTE: http://trac.webkit.org/changeset/95689
	NOTE: http://trac.webkit.org/changeset/95728
CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object li ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94984
CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95488
CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, w ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94508
CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 allo ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/95600
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (libv8 issue)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ope ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle  ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2865
	RESERVED
CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan cha ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2863 (Insufficient policy enforcement in V8 in Google Chrome prior to 14.0.0 ...)
	- chromium-browser 14.0.835.163~r101024-1
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in  ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for non-g ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ar ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/93514
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading S ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94109
	NOTE: http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before 14.0.83 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, whic ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer chara ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 all ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome b ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93521
CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 allo ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2845 (Google Chrome before 15.0.874.102 does not properly handle history dat ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media buffe ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does no ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage co ...)
	- chromium-browser <not-affected> (pdf plugin)
	- webkit <not-affected>
CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote attacker ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90164
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux d ...)
	- chromium-browser <not-affected> (Pdf plugin)
CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME  ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and PI ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers t ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before  ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2832
	RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not prop ...)
	NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platfo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows remote ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/r91738
	NOTE: http://trac.webkit.org/r91739
	NOTE: http://trac.webkit.org/changeset/92744
CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 allo ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly parse U ...)
	- chromium-browser <not-affected> (windows only)
	- webkit <not-affected>
CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before  ...)
	{DSA-2394-1}
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2812
	RESERVED
CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2810
	REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2808 (A stale layout root is set as an input element in WebKit in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2807 (Incorrect handling of timer information in Timer.cpp in WebKit in Goog ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle  ...)
	- chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass th ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle nested func ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia paths, ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does not prop ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
	- libv8 3.4
	[squeeze] - libv8 <not-affected>
	NOTE: Bug was introduced in http://code.google.com/p/v8/source/detail?r=8224
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain po ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/91044
	NOTE: http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict access to ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome before  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to functions  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform text itera ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (icu issue)
	NOTE: ICU bug only in debug build
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allo ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address re-entranc ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the speech-inpu ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2785 (The extensions implementation in Google Chrome before 13.0.782.107 doe ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to obtain se ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in angleproject)
CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that developer-mode  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before 13.0.782.107  ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2781
	RESERVED
CVE-2011-2780 (Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0  ...)
	NOT-FOR-US: Chyrp
CVE-2011-2779 (Windows Event Log SmartConnector in HP ArcSight Connector Appliance be ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remo ...)
	{DSA-2363-1}
	- tor 0.2.2.35-1
CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier  ...)
	- acpid 1:2.0.14-1
	[lenny] - acpid <not-affected> (Vulnerable code not present)
	[squeeze] - acpid 1:2.0.7-1squeeze3
CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0 might ...)
	{DSA-2383-1}
	- super 3.30.0-6
CVE-2011-2775
	RESERVED
CVE-2011-2774 (The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1  ...)
	- mahara 1.4.1-1
	[squeeze] - mahara <not-affected> (Vulnerable code not present)
	[lenny] - mahara <not-affected> (Vulnerable code not present)
CVE-2011-4118 (Mahara before 1.4.1, when MNet (aka the Moodle network feature) is use ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
	NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
CVE-2011-2773 (Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2772 (The get_dataroot_image_path function in lib/file.php in Mahara before  ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2771 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1 ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html ...)
	{DSA-2335-1}
	- man2html 1.6g-6
CVE-2011-2769 (Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE a ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends a TL ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2767 (mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl ...)
	{DLA-1507-1}
	- libapache2-mod-perl2 2.0.10-3 (bug #644169)
	[stretch] - libapache2-mod-perl2 2.0.10-2+deb9u1
	NOTE: https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=126984
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1623265#c3
CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by  ...)
	{DSA-2327-1}
	- libfcgi-perl 0.73-2 (bug #607479)
	[lenny] - libfcgi-perl <not-affected> (Introduced in 0.70)
CVE-2011-2765 (pyro before 3.15 unsafely handles pid files in temporary directory loc ...)
	- pyro 1:3.14-1 (low; bug #631912)
	[lenny] - pyro <no-dsa> (Minor issue)
	[squeeze] - pyro <no-dsa> (Minor issue)
	NOTE: https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena 0.8.5-5+squeeze1
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) all ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page g ...)
	- chromium-browser 14.0.835.157~r99685-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
	NOT-FOR-US: Brocade BigIron RX
CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM Tivo ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Serve ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build 801 ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine  ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in Squirrel ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote atta ...)
	NOT-FOR-US: Parodia
CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ES ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...)
	NOT-FOR-US: Google Picasa
CVE-2011-2746 (Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in  ...)
	- otrs2 2.4.7-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
	NOT-FOR-US: Chyrp
CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows remo ...)
	NOT-FOR-US: Chyrp
CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and e ...)
	NOT-FOR-US: Chyrp
CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firef ...)
	NOT-FOR-US: EMC RSA Key Manager
CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x befo ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor  ...)
	NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution
CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to re ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative crede ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4. ...)
	NOT-FOR-US: EMC AutoStart
CVE-2011-2734
	REJECTED
CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware Spr ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Sp ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023,  ...)
	{DSA-2504-1}
	- libspring-2.5-java <unfixed> (bug #677814)
CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 t ...)
	- commons-daemon 1.0.7-1
	[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2  ...)
	- perl 5.14.2-1 (unimportant)
	NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3 ...)
	NOT-FOR-US: Tribiq CMS
CVE-2011-2726 (An access bypass issue was found in Drupal 7.x before version 7.5. If  ...)
	- drupal7 7.6-1
CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows remo ...)
	- kdeutils 4:4.6.5-4 (low; bug #635541)
	[lenny] - kdeutils <no-dsa> (Minor issue)
	[squeeze] - kdeutils 4:4.4.5-1+squeeze1
CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs  ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://web.archive.org/web/20111209193822/http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the L ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Lin ...)
	- hplip 3.11.10-1 (bug #635549; low)
	[squeeze] - hplip 3.10.6-2+squeeze0
	[lenny] - hplip <not-affected> (Vulnerable code not present)
CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in libc ...)
	- clamav 0.97.2+dfsg-1 (bug #635599)
	[squeeze] - clamav 0.97.2+dfsg-1~squeeze1
CVE-2011-2720 (The autocompletion functionality in GLPI before 0.80.2 does not blackl ...)
	- glpi 0.80.2-1 (bug #635544; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2011-2719 (libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3 ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2718 (Multiple directory traversal vulnerabilities in the relational schema  ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2717 (The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011- ...)
	NOT-FOR-US: udhcp6c
CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...)
	- busybox 1:1.20.0-3 (unimportant; bug #635548)
	NOTE: the default action script of busybox is not vulnerable to this attack
	NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...)
	NOT-FOR-US: Drupal data module
CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...)
	NOT-FOR-US: Drupal data module
CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...)
	{DSA-2315-1}
	- libreoffice 1:3.4.3-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo functio ...)
	NOT-FOR-US: cgit
CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges,  ...)
	- libgssglue 0.4-1 (low; bug #670256)
	[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
	NOTE: Our mount.nfs does not link against libgssglue,
	NOTE: so we do not appear to be affected directly.
CVE-2011-2708
	REJECTED
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...)
	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...)
	NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby  ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
	- ruby1.9.1 1.9.3~preview1-1 (low)
CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before  ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13,  ...)
	- eglibc 2.13-10
	[squeeze] - eglibc <not-affected> (ssse3 optimizations not included in squeeze version)
	- glibc <not-affected> (ssse3 optimizations not included)
	NOTE: http://web.archive.org/web/20110824011938/http://www.nodefense.org:80/eglibc.txt
	NOTE: fixed well before 2.13-10, but that is the present testing version that was available to check
CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OC ...)
	- freeradius <not-affected> (Introduced in 2.1.11, even sid ships 2.1.10+dfsg-3+b2)
CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not genera ...)
	- linux-2.6 3.0.0-2
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2698 (Off-by-one error in the elem_cell_id_aux function in epan/dissectors/p ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 all ...)
	{DSA-2380-1}
	- hplip 3.10.6-2 (bug #635549; medium)
	NOTE: hplip might have been fixed earlier than stable, current versions use foomatic-rip
	NOTE: from foomatic-filters: /usr/lib/cups/filter/foomatic-rip
	- foomatic-filters 4.0
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: hplip includes local copy of the Perl version. It needs to be checked, whether
	NOTE: it's modified somehow
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers t ...)
	{DSA-2288-1}
	- libsndfile 1.0.25-1
CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel b ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2693 (The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red  ...)
	NOTE: Duplicate of CVE-2011-2521
CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1. ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (high; bug #633871)
CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel befo ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
	[lenny] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_e ...)
	{DSA-2279-1}
	- libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637)
CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended node_ ...)
	NOTE: http://drupal.org/node/1168756
	- drupal7 7.2-1 (bug #633385)
	- drupal6 6.22-1
	[squeeze] - drupal6 6.18-1squeeze1
CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, wh ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in Lib ...)
	{DSA-2275-1}
	- libreoffice 1:3.3.3-1
	- openoffice.org 1:3.3.0-1
	[lenny] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722df ...)
	- foo2zjs 20110722dfsg-1 (low; bug #633870)
	[lenny] - foo2zjs <no-dsa> (Minor issue)
	[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to random.or ...)
	- reseed <removed>
	[lenny] - reseed <no-dsa> (Minor issue)
CVE-2011-2682 (The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4. ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2681 (IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly h ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2680 (Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x befor ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2679 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Acc ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2678 (The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platf ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2011-2677 (Cybozu Office before 8.0.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-2676 (The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A- ...)
	NOT-FOR-US: A-Form
CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 al ...)
	NOT-FOR-US: Enkai-kun
CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to the mem ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 a ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.9 ...)
	NOT-FOR-US: SemanticScuttle
CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...)
	NOT-FOR-US: Megalith
CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2669 (Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2668 (Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the  ...)
	- firefox <not-affected> (Fixed before initial upload renamed as src:firefox)
	- firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr)
CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Sec ...)
	NOT-FOR-US: CA Gateway Security for HTTP
CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open S ...)
	- asterisk 1:1.8.3.3-1
	[squeeze] - asterisk <no-dsa> (minor issue; can be addressed through configuration)
CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...)
	- asterisk 1:1.8.4.3-1 (bug #631445)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / Pro ...)
	NOT-FOR-US: Check Point Multi-Domain Management
CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell GroupWi ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell  ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in No ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before 0.5.1-55. ...)
	- vpnc <not-affected>
	NOTE: This only affects the SUSE packaging.
CVE-2011-2659
	RESERVED
CVE-2011-2658 (The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Con ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2657 (Directory traversal vulnerability in the LaunchProcess function in the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld M ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager 1.1.2 bef ...)
	NOT-FOR-US: Novell Cloud Manager
CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ZE ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2651 (Unspecified vulnerability in the file browser in Kiwi before 3.74.2, a ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2650 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2649 (Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows at ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2648 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2647 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2646 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2645 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2644 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2643 (Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x befor ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2642 (Multiple cross-site scripting (XSS) vulnerabilities in the table Print ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1
CVE-2011-XXXX [stardict: minor information disclosure]
	- stardict 3.0.1-5 (low; bug #632260)
	[squeeze] - stardict <no-dsa> (minor information disclosure)
	[lenny] - stardict <no-dsa> (minor information disclosure)
CVE-2011-2641 (Opera 11.11 allows remote attackers to cause a denial of service (appl ...)
	NOT-FOR-US: Opera
CVE-2011-2640 (Opera before 11.10 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2639 (Opera before 11.10 does not properly handle hidden animated GIF images ...)
	NOT-FOR-US: Opera
CVE-2011-2638 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2637 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2636 (Unspecified vulnerability in Opera before 11.10 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2635 (The Cascading Style Sheets (CSS) implementation in Opera before 11.10  ...)
	NOT-FOR-US: Opera
CVE-2011-2634 (Opera before 11.10 allows remote attackers to hijack (1) searches and  ...)
	NOT-FOR-US: Opera
CVE-2011-2633 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2632 (Opera before 11.11 does not properly handle destruction of a Silverlig ...)
	NOT-FOR-US: Opera
CVE-2011-2631 (The Cascading Style Sheets (CSS) implementation in Opera before 11.11  ...)
	NOT-FOR-US: Opera
CVE-2011-2630 (Opera before 11.11 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Opera
CVE-2011-2629 (Unspecified vulnerability in Opera before 11.11 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2628 (Opera before 11.11 does not properly implement FRAMESET elements, whic ...)
	NOT-FOR-US: Opera
CVE-2011-2627 (Unspecified vulnerability in the DOM implementation in Opera before 11 ...)
	NOT-FOR-US: Opera
CVE-2011-2626 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2625 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2624 (Opera before 11.50 allows user-assisted remote attackers to cause a de ...)
	NOT-FOR-US: Opera
CVE-2011-2623 (Unspecified vulnerability in the SVG BiDi implementation in Opera befo ...)
	NOT-FOR-US: Opera
CVE-2011-2622 (Unspecified vulnerability in the Web Workers implementation in Opera b ...)
	NOT-FOR-US: Opera
CVE-2011-2621 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2620 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2619 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2618 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-2617 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2616 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2615 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2614 (The SVG implementation in Opera before 11.50 allows remote attackers t ...)
	NOT-FOR-US: Opera
CVE-2011-2613 (The Array.prototype.join method in Opera before 11.50 allows remote at ...)
	NOT-FOR-US: Opera
CVE-2011-2612 (Unspecified vulnerability in Opera before 11.50 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-2611 (Unspecified vulnerability in the printing functionality in Opera befor ...)
	NOT-FOR-US: Opera
CVE-2011-2610 (Unspecified vulnerability in Opera before 11.50 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-2609 (Opera before 11.50 does not properly restrict data: URIs, which makes  ...)
	NOT-FOR-US: Opera
CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Ag ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2607 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2606 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2605 (CRLF injection vulnerability in the nsCookieService::SetCookieStringIn ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2604 (The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote atta ...)
	NOT-FOR-US: Windows XP
CVE-2011-2603 (The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote attacke ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2602 (The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows re ...)
	NOT-FOR-US: Windows XP
CVE-2011-2601 (The GPU support functionality in Mac OS X does not properly restrict r ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2600 (The GPU support functionality in Windows XP does not properly restrict ...)
	NOT-FOR-US: Windows XP
CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as a WebGL ...)
	- chromium-browser <unfixed> (unimportant)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote attacker ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x  ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2596
	RESERVED
CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 14 ...)
	NOT-FOR-US: ACDSee FotoSlate
CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other  ...)
	NOT-FOR-US: KMPlayer
	NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX contro ...)
	NOT-FOR-US: Citrix Access Gateway Enterprise Edition Plug-in
CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom Acti ...)
	NOT-FOR-US: ActiveX control for Citrix Access Gateway
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow remot ...)
	NOT-FOR-US: Provideo ActiveX
CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010  ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2589 (Heap-based buffer overflow in the SendLogAction method in the UUPlayer ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in libav ...)
	- vlc 1.1.11-1 (bug #633675)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
	- vlc 1.1.11-1 (bug #633674)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows r ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remo ...)
	NOT-FOR-US: Cisco CCX
CVE-2011-2582
	RESERVED
CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2580
	RESERVED
CVE-2011-2579
	RESERVED
CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to caus ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/ ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-2576
	RESERVED
CVE-2011-2575
	RESERVED
CVE-2011-2574
	RESERVED
CVE-2011-2573
	RESERVED
CVE-2011-2572
	RESERVED
CVE-2011-2571
	RESERVED
CVE-2011-2570
	RESERVED
CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing Sys ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2568
	RESERVED
CVE-2011-2567
	RESERVED
CVE-2011-2566
	RESERVED
CVE-2011-2565
	RESERVED
CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, for ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (ak ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2559
	RESERVED
CVE-2011-2558
	RESERVED
CVE-2011-2557
	RESERVED
CVE-2011-2556
	RESERVED
CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a defau ...)
	NOT-FOR-US: Cisco TelePresence Recording Server
CVE-2011-2554
	RESERVED
CVE-2011-2553
	RESERVED
CVE-2011-2552
	RESERVED
CVE-2011-2551
	RESERVED
CVE-2011-2550
	RESERVED
CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco  ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-2548
	RESERVED
CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security app ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on C ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2545 (Cross-site scripting (XSS) vulnerability in the SIP implementation on  ...)
	NOT-FOR-US: Cisco SPA
CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Int ...)
	NOT-FOR-US: Cisco
CVE-2011-2542
	RESERVED
CVE-2011-2541
	RESERVED
CVE-2011-2540
	RESERVED
CVE-2011-2539
	RESERVED
CVE-2011-2538 (Cisco Video Communications Server (VCS) before X7.0.3 contains a comma ...)
	- plone3 <removed>
CVE-2011-2537
	RESERVED
CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7]
	- movabletype-opensource 4.3.7+dfsg-1 (bug #631437)
CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x bef ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.4~dfsg-1 (bug #632029)
CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in net/ipv4/netfi ...)
	- linux-2.6 2.6.32-34 (low)
CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows lo ...)
	- dbus 1.3.2~git20100715.821f99c-1 (unimportant)
	NOTE: Compile-time only
CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x before 0.8. ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect d ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware Instal ...)
	NOT-FOR-US: EDS Hardware Installation tool
CVE-2011-2535 (chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x b ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631448)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2529 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x bef ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631446)
CVE-2011-2528 (Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x ...)
	- plone3 <removed>
CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and earli ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
	- kvm <not-affected> (Vulnerable code not present)
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7 (bug #634992)
	- tomcat7 7.0.19-1 (bug #634992)
	- tomcat5.5 <removed> (bug #634992)
CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux kernel b ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.35-1
CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in libso ...)
	{DSA-2369-1}
	- libsoup2.4 2.34.3-1 (bug #635837)
CVE-2011-2523 (vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backd ...)
	- vsftpd <not-affected> (backdoored version was never in the Debian archive)
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Samb ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2521 (The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c i ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickl ...)
	NOT-FOR-US: system-config-firewall
CVE-2011-2519 (Xen in the Linux kernel, when running a guest on a host without hardwa ...)
	- xen-3 3.2.1-2
	NOTE: Possibly fixed earlier than 3.2.1-2, but that's the version in oldstable, which
	NOTE: was checked to contain http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
	- xen <not-affected> (Only affects older Xen 3 releases)
CVE-2011-2518 (The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux  ...)
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux kerne ...)
	{DSA-2303-1}
	- linux-2.6 2.6.39-3 (unimportant)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Requires CAP_NET_ADMIn to exploit
CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML Security f ...)
	{DSA-2277-1}
	- xml-security-c 1.6.1-1 (low; bug #632973)
CVE-2011-2515 (PackageKit 0.6.17 allows installation of unsigned RPM packages as thou ...)
	- packagekit 0.6.17-1
CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6  ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2513 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6  ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.2-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not proper ...)
	{DSA-2270-1}
	- qemu-kvm 0.14.1+dfsg-2 (bug #631975)
	- kvm <removed>
	[lenny] - kvm <not-affected> (Vulnerability not present)
CVE-2011-2511 (Integer overflow in libvirt before 0.9.3 allows remote authenticated u ...)
	{DSA-2280-1}
	- libvirt 0.9.2-7 (bug #633630)
CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature  ...)
	- dokuwiki 0.0.20110525a-1 (low; bug #631818)
	[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
	[lenny] - dokuwiki 0.0.20080505-4+lenny3
CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
	NOT-FOR-US: Joomla!
CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in  ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2507 (libraries/server_synchronize.lib.php in the Synchronize implementation ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (unimportant)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: neutralized by Suhosin patch
CVE-2011-2506 (setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2  ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2505 (libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2504 (Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf  ...)
	- x11-apps 7.7~1 (low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in the s ...)
	{DSA-2348-1}
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Signed modules not yet supported)
CVE-2011-2502 (runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun ...)
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Affected option introduced in 1.4)
	[squeeze] - systemtap <not-affected> (Affected option introduced in 1.4)
CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before 1. ...)
	{DSA-2287-1}
	- libpng 1.2.44-3 (bug #632786)
CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c in nf ...)
	- nfs-utils 1:1.2.4-1 (bug #633155)
	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
	NOT-FOR-US: Mambo CMS
CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
CVE-2011-2497 (Integer underflow in the l2cap_config_req function in net/bluetooth/l2 ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3
CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in the L ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly r ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local users t ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2493 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel be ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
	[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not pr ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS clie ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1
CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not chec ...)
	{DSA-2281-1}
	- opie <removed> (bug #631345)
CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 a ...)
	{DSA-2281-1}
	- opie <removed> (bug #631344)
CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
	NOT-FOR-US: Joomla!
CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...)
	NOT-FOR-US: Apache CXF
CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...)
	- nspluginwrapper <unfixed> (bug #671846)
	[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk- ...)
	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
	[squeeze] - gdk-pixbuf <no-dsa> (Minor issue)
	[lenny] - gdk-pixbuf <no-dsa> (Minor issue)
CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux kerne ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3 (low)
CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ...)
	{DSA-2399-1 DSA-2340-1}
	- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in initial release in 2007)
	- php-suhosin <not-affected> (bug #631283; that portion is not used since PHP 5.3)
	[lenny] - php-suhosin <unfixed> (bug #631283)
	- postgresql-8.4 8.4.9-1 (bug #631285)
	- postgresql-9.0 9.0.5-1 (bug #631285)
	- postgresql-9.1 9.1~rc1-1
	- php5 5.3.6-13 (bug #631347)
	- libxcrypt 1:2.4-1.1 (bug #679628)
	[squeeze] - libxcrypt <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/ ...)
	- linux-2.6 <not-affected> (RHEL-specific regression)
CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace  ...)
	- tomcat7 7.0.19-1
CVE-2011-2480 (Information Disclosure vulnerability in the 802.11 stack, as used in F ...)
	- kfreebsd-9 9.0~svn223502-1 (bug #631160)
	- kfreebsd-8 8.2-3 (bug #631161)
	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1
	- kfreebsd-7 <removed>
CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent hu ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry in Ske ...)
	NOT-FOR-US: Google SketchUp
CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2469
	RESERVED
CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise Securit ...)
	NOT-FOR-US: Likewise
CVE-2011-2466
	RESERVED
CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8)
	[lenny] - bind9 <not-affected> (Only affects 9.8)
CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ...)
	{DSA-2272-1}
	- bind9 1:9.8.1.dfsg-1 (high)
CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and Acr ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and ...)
	NOT-FOR-US: Adobe Flex
CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 a ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x befo ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows  ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows  ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on W ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier  ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reade ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x befo ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3. ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2430 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2429 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2428 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2427 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2426 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM)  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote  ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to ex ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2418
	REJECTED
CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2413
	RESERVED
CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) Esse ...)
	NOT-FOR-US: HP Business Service Automation
CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x th ...)
	NOT-FOR-US: HP NonStop Servers
CVE-2011-2410 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application i ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application i ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2407 (Unspecified vulnerability in HP OpenView Performance Insight 5.3, 5.31 ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2406 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance In ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware befor ...)
	NOT-FOR-US: HP ProLiant SL Advanced Power Manager
CVE-2011-2404 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care S ...)
	NOT-FOR-US: HP Easy Printer Care Software
CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network Automation 7.2x ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x all ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, an ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2399 (Unspecified vulnerability in the Media Management Daemon (mmd) in HP D ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, B ...)
	NOT-FOR-US: HP-UX
CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote  ...)
	NOT-FOR-US: Iron Mountain Connected Backup
CVE-2011-2396
	RESERVED
CVE-2011-2394
	RESERVED
CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
	- kfreebsd-7 <removed> (low)
	- kfreebsd-8 <removed> (low)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	- kfreebsd-9 <removed> (low; bug #684072)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-10 <unfixed> (unimportant)
	[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
	NOTE: Starting with stretch kfreebsd is no longer supported
CVE-2011-2392
	RESERVED
CVE-2011-2391 (The IPv6 implementation in the kernel in Apple iOS before 7 allows rem ...)
	NOT-FOR-US: Apple iOS
CVE-2011-2390
	RESERVED
CVE-2011-2389
	RESERVED
CVE-2011-2388
	RESERVED
CVE-2011-2387
	RESERVED
CVE-2011-2386 (VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey befo ...)
	NOT-FOR-US: VisiWave Site Survey
CVE-2011-2385 (The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in  ...)
	- otrs2 <not-affected> (does not include iPhoneHandle package)
CVE-2011-2384
	RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x  ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4. ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22. ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird befor ...)
	- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceape <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- icedove <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
CVE-2011-2376 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2375 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 5.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 5.0, not yet in unstable)
CVE-2011-2374 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x  ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7. ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox be ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x and above)
	- iceweasel 5.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 4.x and above)
	- iceape <not-affected> (Only affects Firefox 4.x and above)
	- icedove <not-affected> (Only affects Firefox 4.x and above)
CVE-2011-2369 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x throug ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2368 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2367 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2366 (Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbir ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2365 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
CVE-2011-2364 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	- xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel <not-affected> (Only affects Firefox >= 3.6)
	- iceape <not-affected> (Only affects Firefox >= 3.6)
	- icedove <not-affected> (Only affects Firefox >= 3.6)
CVE-2011-2363 (Use-after-free vulnerability in the nsSVGPointList::AppendElement func ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonke ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is pro ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes d ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension insta ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading f ...)
	NOT-FOR-US: Android
CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2355
	RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2353 (Use after free vulnerability in documentloader in WebKit in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88584
	NOTE: http://trac.webkit.org/changeset/88549
CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not properly ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88411
	NOTE: http://trac.webkit.org/changeset/88434
CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an i ...)
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading S ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88448
CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 allo ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: introduced in http://trac.webkit.org/changeset/77740
	NOTE: http://trac.webkit.org/changeset/87827
CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 does not ...)
	- chromium-browser <not-affected> (linux version is not affected)
	- webkit <not-affected>
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext H ...)
	NOT-FOR-US: Android SDK
CVE-2011-2343 (The Bluetooth stack in Android before 2.3.6 allows a physically proxim ...)
	NOT-FOR-US: Android
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
	RESERVED
CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2337 (A wrong type is used for a return value from strlen in WebKit in Googl ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2336 (An issue exists in WebKit in Google Chrome before Blink M12. when clea ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2335 (A double-free vulnerability exists in WebKit in Google Chrome before B ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2334 (Use after free vulnerability exists in WebKit in Google Chrome before  ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-2333
	RESERVED
CVE-2011-2329 (The rampart_timestamp_token_validate function in util/rampart_timestam ...)
	- rampart 1.3.0-3 (low; bug #631221)
	[squeeze] - rampart <no-dsa> (Minor issue)
CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified compone ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2326 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2325 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2324 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus Ma ...)
	NOT-FOR-US: Oracle Thesaurus Management System
CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2321 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2319 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2317 (Unspecified vulnerability in the EnterpriseOne Tools component in Orac ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2316 (Unspecified vulnerability in the Siebel Apps - Marketing component in  ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-2315 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2011-2314 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2313 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2312 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2311 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2310 (Unspecified vulnerability in the Oracle Waveset component in Oracle Su ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2309 (Unspecified vulnerability in the Health Sciences - Oracle Clinical, Re ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-2308 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2307 (Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SP ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authen ...)
	NOT-FOR-US: Oracle Linux-specific feature
CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local use ...)
	- virtualbox-ose <not-affected> (Only affects 4.x)
	- virtualbox 4.0.10-dfsg-1
CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2303 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2302 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle Datab ...)
	NOT-FOR-US: Oracle Database
CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4 ...)
	- virtualbox-guest-additions-iso 4.0.10-1 (bug #635276)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
CVE-2011-2299 (Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M50 ...)
	NOT-FOR-US: Oracle SPARC Enterprise
CVE-2011-2298 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2297 (Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local u ...)
	NOT-FOR-US: Oracle Solaris Cluster
CVE-2011-2296 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2295 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2294 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2293 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2292 (Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows lo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2291 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2290 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2289 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2288 (Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM)  ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2287 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2286 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows r ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2285 (Unspecified vulnerability in Oracle Solaris 10 allows local users to a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2284 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2283 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2282 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2281 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2280 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2279 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2276
	REJECTED
CVE-2011-2275 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2274 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2273 (Unspecified vulnerability in the Agile Core Technology component in Or ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-2272 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component  ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library com ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2270
	REJECTED
CVE-2011-2269
	REJECTED
CVE-2011-2268
	REJECTED
CVE-2011-2267 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2266
	REJECTED
CVE-2011-2265
	REJECTED
CVE-2011-2264 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2263 (Unspecified vulnerability in Sun Integrated Lights Out Manager in Orac ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2011-2261 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2260 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2259 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2258 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2257 (Unspecified vulnerability in the Database Target Type Menus component  ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2256
	REJECTED
CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in O ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2254
	REJECTED
CVE-2011-2253 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2252 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2251 (Unspecified vulnerability in the Oracle Secure Backup component in Ora ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2250 (Unspecified vulnerability in the PeopleSoft Enterprise FIN component i ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2249 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2248 (Unspecified vulnerability in the SQL Performance Advisories/UIs compon ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2247
	REJECTED
CVE-2011-2246 (Unspecified vulnerability in the Business Intelligence component in Or ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2245 (Unspecified vulnerability in the Solaris component in Oracle Sun Produ ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2244 (Unspecified vulnerability in the Security Framework component in Oracl ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2243 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2242 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2241 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2240 (Unspecified vulnerability in the Oracle Universal Installer component  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2239 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2238 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2236
	REJECTED
CVE-2011-2235
	REJECTED
CVE-2011-2234
	REJECTED
CVE-2011-2233
	REJECTED
CVE-2011-2232 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2230 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2229
	REJECTED
CVE-2011-2228
	REJECTED
CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as use ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studi ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2224 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2223 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2222 (Session fixation vulnerability in WebAdmin in the Mobility Pack before ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2221 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1 ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter E ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) tsgetx71ex5 ...)
	NOT-FOR-US: VMware
CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux k ...)
	{DSA-2389-1 DSA-2310-1}
	- linux-2.6 2.6.39-3
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
	- kvm <removed>
CVE-2011-2207 (dirmngr before 2.1.0 improperly handles certain system calls, which al ...)
	- dirmngr <unfixed> (unimportant; bug #627377)
	NOTE: Negligible impact
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
	NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity  ...)
	- prosody 0.7.0-1 (low; bug #579087)
	[squeeze] - prosody <no-dsa> (Minor issue)
	[lenny] - prosody <no-dsa> (Minor issue)
CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7 ...)
	{DSA-2401-1}
	- tomcat5.5 <removed> (low; bug #632882)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.32-5 (low; bug #632882)
	[lenny] - tomcat6 <no-dsa> (Minor issue)
	[squeeze] - tomcat6 <no-dsa> (Minor issue)
	- tomcat7 7.0.16-3 (low; bug #632882)
CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when untaint ...)
	- libdata-formvalidator-perl 4.66-3 (low; bug #629511)
	[lenny] - libdata-formvalidator-perl <no-dsa> (Minor issue)
	[squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1
CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ( ...)
	- dbus 1.4.12-1 (low; bug #629938)
	[squeeze] - dbus 1.2.24-4+squeeze1
	[lenny] - dbus <no-dsa> (Minor issue)
CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...)
	- rails <not-affected> (Affected plugin not installed, see bug #634990)
CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-2195
	RESERVED
CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue  ...)
	{DSA-2329-1}
	- torque 2.4.15+dfsg-1 (bug #635342)
CVE-2011-2192 (The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10. ...)
	{DSA-2271-1}
	- curl 7.21.6-2 (high; bug #631615)
CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in C ...)
	- cherokee <removed> (low; bug #661993)
	[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does n ...)
	- linux-2.6 2.6.35-1 (low)
	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	[squeeze] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	- vsftpd 2.3.4-1 (bug #629373)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
	NOTE: this is technically a kernel bug. however this has been workarounded specifically
	NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1
	NOTE: for details
CVE-2011-2187 (xscreensaver before 5.14 crashes during activation and leaves the scre ...)
	- xscreensaver 5.14-1 (bug #627382)
	[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
CVE-2011-2186
	REJECTED
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC)  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really  ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2177 (OpenOffice.org v3.3 allows execution of arbitrary code with the privil ...)
	NOT-FOR-US: Claimed older OpenOffice vulnerability, which was never disclosed
CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the auth_a ...)
	- network-manager 0.9.0-1 (low; bug #631520)
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user a ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...)
	- icinga 1.4.1-1
	[squeeze] - icinga <no-dsa> (Minor issue)
	- nagios3 3.4.1-1
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ( ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in arch/alp ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2209 (Integer signedness error in the osf_sysinfo function in arch/alpha/ker ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2210 (The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the Linu ...)
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2211 (The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux ker ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2203 (The hfs_find_init function in the Linux kernel 2.6 allows local users  ...)
	- linux-2.6 3.1.1-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...)
	{DSA-2266-1}
	- php5 5.3.6-12
CVE-2011-2199 (Buffer overflow in tftp-hpa before 5.1 allows remote attackers to caus ...)
	- tftp-hpa 5.1-1 (low)
	[squeeze] - tftp-hpa <no-dsa> (Minor issue)
	NOTE: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
CVE-2011-2198 (The "insert-blank-characters" capability in caps.c in gnome-terminal ( ...)
	- vte 1:0.28.1-1 (low; bug #629688)
	[lenny] - vte <no-dsa> (Minor issue)
	[squeeze] - vte 1:0.24.3-3
CVE-2011-2185 (Fabric before 1.1.0 allows local users to overwrite arbitrary files vi ...)
	- fabric 1.1.2-1 (low; bug #629003)
	[squeeze] - fabric <no-dsa> (Minor issue)
CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway service ...)
	NOT-FOR-US: Sybase OneBridge Mobile Data Suite
CVE-2011-2474 (Directory traversal vulnerability in the HTTP Server in Sybase EAServe ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-2473 (The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and ear ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2472 (Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2471 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users  ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2468 (Directory traversal vulnerability in the web interface in AnyMacro Mai ...)
	NOT-FOR-US: AnyMacro Mail System G4X
CVE-2011-2395 (The Neighbor Discovery (ND) protocol implementation in Cisco IOS on un ...)
	NOT-FOR-US: Cisco
CVE-2011-2383 (Microsoft Internet Explorer 9 and earlier does not properly restrict c ...)
	NOT-FOR-US: Microsoft
CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91 allows remo ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88071
CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 bet ...)
	NOT-FOR-US: Microsoft
CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote  ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: execScript removed in libv8 3.2 branch
CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media pla ...)
	{DSA-2257-1}
	- vlc 1.1.10-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: https://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ti ...)
	- cherokee 1.0.14-1 (low; bug #647205)
	[squeeze] - cherokee 1.0.8-5+squeeze1
	[lenny] - cherokee <no-dsa> (Minor issue)
	NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during entity ...)
	- lua-expat 1.2.0-1 (low; bug #629225)
	[squeeze] - lua-expat 1.2.0-0squeeze1
	[lenny] - lua-expat <no-dsa> (Minor issue)
CVE-2011-2184 (The key_replace_session_keyring function in security/keys/process_keys ...)
	- linux-2.6 2.6.39-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.c in  ...)
	{DSA-2389-1}
	- linux-2.6 2.6.39-3 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center (IMC)  ...)
	NOT-FOR-US: HP Intelligent Management Center (IMC)
CVE-2011-2330 (Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1,  ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to cause a de ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-2215 (Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2 ...)
	NOT-FOR-US: WalRack
CVE-2011-2214 (Unspecified vulnerability in the Open Database Connectivity (ODBC) com ...)
	NOT-FOR-US: 7T Interactive Graphical SCADA System
CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c in W ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in epan/tvbuf ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (bug #630159)
CVE-2011-2173 (The implementation of OutputMediator objects in IBM WebSphere Portal 6 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2172 (Cross-site scripting (XSS) vulnerability in the search center in IBM W ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2171 (Unspecified vulnerability in the dbugs package in Google Chrome OS bef ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2170 (Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabl ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2169 (Google Chrome OS before R12 0.12.433.38 Beta allows local users to gai ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2168 (Multiple integer overflows in the glob implementation in libc in OpenB ...)
	NOT-FOR-US: OpenBSD
CVE-2011-2165 (The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not pro ...)
	NOT-FOR-US: WatchGuard XCS
CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel b ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-2
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in con ...)
	- nagios3 3.2.3-3 (bug #629127)
	[lenny] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	[squeeze] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	[lenny] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	NOTE: http://tracker.nagios.org/view.php?id=224
CVE-2011-2178 (The virSecurityManagerGetPrivateData function in security/security_man ...)
	- libvirt 0.9.1-2 (bug #629128)
	[squeeze] - libvirt <not-affected> (Introduced in 0.8.8)
	[lenny] - libvirt <not-affected> (Introduced in 0.8.8)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769
	NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...)
	- asterisk 1:1.8.4.2-1 (bug #629130)
	[lenny] - asterisk <not-affected> (Only affects 1.8)
	[squeeze] - asterisk <not-affected> (Only affects 1.8)
	NOTE: http://downloads.digium.com/pub/security/AST-2011-007.html
CVE-2011-XXXX [unspecified security vulnerabilities]
	- movabletype-opensource 4.3.6+dfsg-1 (bug #627936)
	[squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2
	[lenny] - movabletype-opensource 4.2.3-1+lenny3
CVE-2011-2164 (Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4  ...)
	NOT-FOR-US: Photoshop
CVE-2011-2163 (Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Syste ...)
	NOT-FOR-US: IBM Systems Director
CVE-2011-2162 (Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-1198
CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg before  ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-0723
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2157 (The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSett ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2156 (The SmarterTools SmarterStats 6.0 web server allows remote attackers t ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2155 (Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2154 (login.aspx in the SmarterTools SmarterStats 6.0 web server does not in ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2153 (Login.aspx in the SmarterTools SmarterStats 6.0 web server supports UR ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2152 (The SmarterTools SmarterStats 6.0 web server generates web pages conta ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2151 (The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSetting ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2150 (The SmarterTools SmarterStats 6.0 web server does not properly validat ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2149 (Multiple SQL injection vulnerabilities in the SmarterTools SmarterStat ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2148 (Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server all ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1) /var/run ...)
	- openswan <not-affected> (In Debian no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions, bug #628449)
CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631507)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Wor ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631508)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-2144 (The eDocument Conversion Actions implementation in IBM Datacap Taskmas ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2143 (IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authenti ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2142 (The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before  ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2141 (SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, M ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 bef ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, all ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Su ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Ma ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2129
	REJECTED
CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows att ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before 11.6.0 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shoc ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave P ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before 11.6.0.6 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote at ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe S ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player befor ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player bef ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow  ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on W ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x be ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2093 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2092 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and e ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2091 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2090
	RESERVED
CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the Versio ...)
	NOT-FOR-US: ICONICS BizViz, GENESIS32
CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymp ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2087 (Multiple cross-site scripting (XSS) vulnerabilities in component handl ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2086
	RESERVED
CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in Best Pra ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 all ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical  ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT 3.x bef ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for inventiv ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allo ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it  ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 SP ...)
	NOT-FOR-US: Historical Chrome issue on Windows
CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922  ...)
	NOT-FOR-US: Skype
CVE-2011-2073
	RESERVED
CVE-2011-2072 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x thro ...)
	NOT-FOR-US: Cisco
CVE-2011-2071
	RESERVED
CVE-2011-2070
	RESERVED
CVE-2011-2069
	RESERVED
CVE-2011-2068
	RESERVED
CVE-2011-2067
	RESERVED
CVE-2011-2066
	RESERVED
CVE-2011-2065
	RESERVED
CVE-2011-2064 (Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services Ga ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2063
	RESERVED
CVE-2011-2062
	RESERVED
CVE-2011-2061
	RESERVED
CVE-2011-2060 (The platform-sw component on Cisco Adaptive Security Appliances (ASA)  ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-2059 (The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote attac ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2058 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2057 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2056
	RESERVED
CVE-2011-2055
	RESERVED
CVE-2011-2054 (A vulnerability in the Cisco ASA that could allow a remote attacker to ...)
	NOT-FOR-US: Cisco
CVE-2011-2053
	RESERVED
CVE-2011-2052
	RESERVED
CVE-2011-2051
	RESERVED
CVE-2011-2050
	RESERVED
CVE-2011-2049
	RESERVED
CVE-2011-2048
	RESERVED
CVE-2011-2047
	RESERVED
CVE-2011-2046
	RESERVED
CVE-2011-2045
	RESERVED
CVE-2011-2044
	RESERVED
CVE-2011-2043
	RESERVED
CVE-2011-2042 (The Sybase SQL Anywhere database component in Cisco CiscoWorks Common  ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure  ...)
	NOT-FOR-US: Cisco
CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...)
	NOT-FOR-US: Cisco
CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (for ...)
	NOT-FOR-US: Cisco
CVE-2011-2038
	RESERVED
CVE-2011-2037
	RESERVED
CVE-2011-2036
	RESERVED
CVE-2011-2035
	RESERVED
CVE-2011-2034
	RESERVED
CVE-2011-2033
	RESERVED
CVE-2011-2032
	RESERVED
CVE-2011-2031
	RESERVED
CVE-2011-2030
	RESERVED
CVE-2011-2029
	RESERVED
CVE-2011-2028
	RESERVED
CVE-2011-2027
	RESERVED
CVE-2011-2026
	RESERVED
CVE-2011-2025
	RESERVED
CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative passwo ...)
	NOT-FOR-US: Cisco
CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in Squi ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c i ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3  ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine befo ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 o ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-2017
	REJECTED
CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows Meetin ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2015
	REJECTED
CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, Acti ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows Vis ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2012 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1,  ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese  ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in Microso ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and  ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2007 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and  ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2006
	REJECTED
CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2003 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2002 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2,  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and access me ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1994
	REJECTED
CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attacker ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2;  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Offic ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in O ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1985 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Off ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize  ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1981
	REJECTED
CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2 ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objec ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly valid ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Co ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer Control  ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing compone ...)
	NOT-FOR-US: Microsoft
CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1973
	REJECTED
CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not pro ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1,  ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 do ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1965 (Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1964 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1963 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1962 (Microsoft Internet Explorer 6 through 9 does not properly handle unspe ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1961 (The telnet URI handler in Microsoft Internet Explorer 6 through 9 does ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1960 (Microsoft Internet Explorer 6 through 9 does not properly implement Ja ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before 1 ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows user-assis ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the D ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect point ...)
	- wireshark 1.4.6-1 (unimportant)
	[lenny] - wireshark <not-affected> (Affects 1.4.5 only)
	[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
	RESERVED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote attackers  ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1951 (lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global fl ...)
	- syslog-ng 3.2.4-1 (low)
	[squeeze] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...)
	- plone3 <removed>
CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in Pr ...)
	- plone3 <removed>
CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allo ...)
	- plone3 <removed>
CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time a ...)
	- fetchmail 6.3.22-1 (unimportant)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2011-01.txt
CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but pr ...)
	NOT-FOR-US: libgnomesu
CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and  ...)
	{DSA-2309-1}
	- openssl 1.0.0e-1 (low)
CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x  ...)
	{DSA-2255-1}
	- libxml2 2.7.8.dfsg-3 (bug #628537)
CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in t ...)
	- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
	RESERVED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...)
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.4.x only)
	[squeeze] - phpmyadmin <not-affected> (3.4.x only)
CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3. ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.3.x+ only)
	[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
CVE-2011-1939 (SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...)
	- zendframework 1.11.6-1 (low)
	[squeeze] - zendframework <no-dsa> (Minor issue)
CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ext/sock ...)
	{DSA-2399-1}
	- php5 5.3.6-13 (low)
	[lenny] - php5 <not-affected> (The Lenny version doesn't use memcpy)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier a ...)
	- webmin <removed>
CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization extens ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d94372 ...)
	- libpcap 1.1.1-4 (low; bug #623868)
	[squeeze] - libpcap 1.1.1-2+squeeze1
	[lenny] - libpcap <not-affected>
	NOTE: <878vsbyviu.fsf@silenus.orebokech.com>
CVE-2011-1934 (lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1. ...)
	- lilo 23.1-2 (low; bug #615103)
	[squeeze] - lilo <not-affected> (Introduced in 23.1)
	[lenny] - lilo <not-affected> (Introduced in 23.1)
CVE-2011-1933 (SQL injection vulnerability in Jifty::DBI before 0.68. ...)
	- libjifty-dbi-perl 0.68-1 (low; bug #622919)
	[squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in Wi ...)
	- widelands 1:15-3 (low; bug #617960)
	[lenny] - widelands <no-dsa> (Minor issue)
CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg bef ...)
	- libav 4:0.6.2-3 (bug #624339)
	- ffmpeg <not-affected> (vulnerability introduced in 0.6)
	- ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
CVE-2011-1930 (In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /t ...)
	- klibc 1.5.22-1 (low)
	[squeeze] - klibc 1.5.20-1+squeeze1
	[lenny] - klibc 1.5.12-2lenny1
CVE-2011-1929 (lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2. ...)
	{DSA-2252-1}
	- dovecot 1:2.0.13-1 (bug #627443)
	NOTE: [lenny] - dovecot <not-affected> (Vulnerability introduced in 1.1)
	NOTE: <e15277de7326d4d7f8b560cd853e1a12@muenster.org> claims lenny is affected
CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache Portable Run ...)
	{DSA-2237-2}
	- apr 1.4.5-1 (bug #627182)
CVE-2011-1927 (The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel b ...)
	- linux-2.6 2.6.39-1 (high)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not ...)
	{DSA-2258-1 DSA-2242-1}
	- cyrus-imapd-2.2 2.2.13p1-11 (bug #627081)
	- cyrus-imapd-2.4 2.4.7-1
	- kolab-cyrus-imapd 2.2.13p1-0.1 (bug #629350)
CVE-2011-1925 (nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote ...)
	- nbd 1:2.9.22-1 (bug #627042)
	[wheezy] - nbd <not-affected>
	[squeeze] - nbd <not-affected>
	[lenny] - nbd <not-affected>
CVE-2011-1924 (Buffer overflow in the policy_summarize function in or/policies.c in T ...)
	- tor 0.2.1.30-1
	[squeeze] - tor <no-dsa> (Only affects the central Tor directory servers)
	[lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 (The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL be ...)
	- polarssl 0.14.3-1 (low; bug #616114)
	[squeeze] - polarssl <no-dsa> (Minor issue)
CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functiona ...)
	- unbound 1.4.10-1 (unimportant)
	[lenny] - unbound 1.4.6-1~lenny2 (unimportant)
	[squeeze] - unbound 1.4.6-1+squeeze2 (unimportant)
	NOTE: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt
	NOTE: asserts not enabled in Debian build
CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111  ...)
	- pmake 1.111-3 (low; bug #626673)
	[squeeze] - pmake 1.111-2+squeeze1
	[lenny] - pmake 1.111-1+lenny1
CVE-2011-1919 (Multiple stack-based buffer overflows in GE Intelligent Platforms Prof ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1918 (Stack-based buffer overflow in the Data Archiver service in GE Intelli ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1917
	RESERVED
CVE-2011-1916
	RESERVED
CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution ...)
	NOT-FOR-US: Enspire Distribution Management Solution
CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Se ...)
	NOT-FOR-US: ActiveX
CVE-2011-1913 (SQL injection vulnerability in the login form in the web interface in  ...)
	NOT-FOR-US: Mercator SENTINEL
CVE-2011-1912
	RESERVED
CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 ...)
	NOT-FOR-US: JasperReports Server
CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ...)
	{DSA-2244-1}
	- bind9 1:9.8.1.dfsg-1 (high)
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
	RESERVED
CVE-2011-1908 (Integer overflow in the Type 1 font decoder in the FreeType engine in  ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging S ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint M ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint M ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web Studi ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-1899 (Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0. ...)
	NOT-FOR-US: CA eHealth
CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough  ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	[lenny] - xen-3 <not-affected>
CVE-2011-1897 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1896 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unifie ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access Gat ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and S ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoi ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...)
	NOT-FOR-US: MS Windows
CVE-2011-1887 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 a ...)
	NOT-FOR-US: MS Windows
CVE-2011-1886 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does ...)
	NOT-FOR-US: MS Windows
CVE-2011-1885 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1884 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1883 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1882 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1881 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1880 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1878 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1877 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1876 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1875 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1874 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: MS Windows
CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Win ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 all ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1871 (Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows  ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2011-1870 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...)
	NOT-FOR-US: MS Windows
CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft Windows  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-XXXX [fglrx-driver xauth cookie leak]
	- fglrx-driver 1:11-6-3 (low; bug #625868)
	[squeeze] - fglrx-driver <no-dsa> (Non-free not supported)
	[lenny] - fglrx-driver <no-dsa> (Non-free not supported)
CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8.0)
	[lenny] - bind9 <not-affected> (Only affects 9.8.0)
CVE-2011-1765 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, w ...)
	- mediawiki <not-affected> (Incomplete fix was never released for Debian, neither in sid, nor oldstable/stable)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1766 (includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogi ...)
	- mediawiki <not-affected> (Vulnerable code not present, planned next upload will skip it)
	[lenny] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access  ...)
	NOT-FOR-US: iNodeMngChecker.exe of HP Intelligent Management Center
CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView Sto ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP OpenVi ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, 7 ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and  ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP Intellig ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent Manage ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe  ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0 ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management Ce ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1847 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows  ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows  ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in Micros ...)
	NOT-FOR-US: Silverlight
CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows remot ...)
	NOT-FOR-US: Silverlight
CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remot ...)
	- tinyproxy 1.8.2-2 (unimportant; bug #627503)
	[squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant)
	NOTE: Only exploitable through config files, which are under admin control
CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before 0 ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in Mojo ...)
	{DSA-2239-1}
	- libmojolicious-perl 1.12-1
CVE-2011-1840 (The MartiniCreations PassmanLite Password Manager application before 1 ...)
	NOT-FOR-US: MartiniCreations PassmanLite Password Manager for Android
CVE-2011-1839 (IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirec ...)
	NOT-FOR-US: IBM Rational Build Forge 7.1.0
CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.p ...)
	- twiki <removed>
CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in e ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not es ...)
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <not-affected> (Vulnerable code not present)
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-1835 (The encrypted private-directory setup process in utils/ecryptfs-setup- ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in ...)
	{DSA-2443-1}
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
	- linux-2.6 3.1.1-1
	NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place
CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not pr ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1830 (Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga ...)
	- ekiga <not-affected> (Vulnerable code not in a released version)
	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 (EKIGA_3_3_0)
	NOTE: Introduced by: https://gitlab.gnome.org/GNOME/ekiga/commit/87d3a0824b373a3d16e9198540174ce16e4ab3db (EKIGA_3_3_0)
CVE-2011-1829 (APT before 0.8.15.2 does not properly validate inline GPG signatures,  ...)
	- apt 0.8.15.2
	[squeeze] - apt <not-affected> (Vulnerable code not present)
	[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce int ...)
	NOT-FOR-US: usb-creator, Ubuntu-specific package
CVE-2011-XXXX [spip DoS]
	- spip 2.1.11-0.1
	[squeeze] - spip 2.1.1-3squeeze1
CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network Extend ...)
	NOT-FOR-US: Check Point
CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot  ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the Administrat ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not prop ...)
	NOT-FOR-US: Opera
CVE-2011-1823 (The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 tru ...)
	NOT-FOR-US: Android
CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 b ...)
	NOT-FOR-US: Tivoli
CVE-2011-1821 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 o ...)
	NOT-FOR-US: Tivoli
CVE-2011-1820 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010,  ...)
	NOT-FOR-US: Tivoli
CVE-2011-1819 (Google Chrome before 12.0.742.91 allows remote attackers to perform un ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google Chrome befo ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86725
CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement history d ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google Chrome b ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86507
CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to inject scr ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions specific)
CVE-2011-1814 (Google Chrome before 12.0.742.91 attempts to read data from an uniniti ...)
	- chromium-browser <not-affected> (chromium pdiflugin)
	- webkit <not-affected> (chromium pdf plugin)
CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement the frame ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to bypass int ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1811 (Google Chrome before 12.0.742.91 does not properly handle a large numb ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome befor ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/83345
CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in Google Ch ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80890
CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91 allow ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84096
	NOTE: http://trac.webkit.org/changeset/84098
	NOTE: http://trac.webkit.org/changeset/84119
CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs, which ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the GPU c ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1805 (Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote at ...)
	- chromium-browser 11.0.696.65~r84435-1
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86448
CVE-2011-1803 (An issue exists in third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1802 (WebKit in Google Chrome before Blink M11 and M12 does not properly han ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows r ...)
	- chromium-browser 11.0.696.71~r86024-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/85977
CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in WebCor ...)
	- chromium-browser 11.0.696.68~r84545-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of va ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.68~r84545-1
CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	{DSA-2245-1}
	- chromium-browser 12.0.742.91~r87961-1
CVE-2011-1796 (Use-after-free vulnerability in the FrameView::calculateScrollbarModes ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84300
CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement function i ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83690
CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function in platf ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84422
CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Goog ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85406
CVE-2011-1792
	RESERVED
CVE-2011-1791
	RESERVED
CVE-2011-1790
	RESERVED
CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package  ...)
	NOT-FOR-US: vSphere
CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Up ...)
	NOT-FOR-US: vCenter
CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File System (H ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631506)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 be ...)
	NOT-FOR-US: Likewise
CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to  ...)
	NOT-FOR-US: VMware
CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and e ...)
	- keepalived 1:1.2.2-2 (low; bug #626281)
	[lenny] - keepalived <no-dsa> (Minor issue)
	[squeeze] - keepalived 1:1.1.20-1+squeeze1
CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in file-p ...)
	{DSA-2426-1}
	- gimp 2.6.11-3 (bug #629830)
CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows ...)
	- systemtap 1.6-1 (bug #628819)
	[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
	[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
CVE-2011-1780 (The instruction emulation in Xen 3.0.3 allows local SMP guest users to ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5  ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (vulnerable code not present in 2.x series)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_d ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel b ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx i ...)
	- tigervnc <not-affected> (Fixed before initial release in Debian)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff
CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security sett ...)
	NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
	NOTE: https://www.openwall.com/lists/oss-security/2011/05/09/4
CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when  ...)
	NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
	- libstruts1.2-java <not-affected> (xwork introduced in 2.x)
CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before 2 ...)
	- linux-2.6 2.6.38-4
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-1770 (Integer underflow in the dccp_parse_options function (net/dccp/options ...)
	{DSA-2240-1}
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit e77b8363b2ea7c0d89919547c1a8b0562f298b57)
CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is ena ...)
	- systemtap 1.6-1 (unimportant; bug #628819)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
	NOTE: http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
	NOTE: a DoS with a very limited exploitation possibility
CVE-2011-1768 (The tunnels implementation in the Linux kernel before 2.6.34, when tun ...)
	{DSA-2264-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is co ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...)
	{DSA-2232-1}
	- exim4 4.75-3 (high; bug #624670)
	[lenny] - exim4 <not-affected> (vulnerable code not present)
CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU user ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1762
	RESERVED
CVE-2011-1761 (Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1 (low; bug #625966)
CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users  ...)
	{DSA-2254-2 DSA-2254-1}
	- oprofile 0.9.6-1.2 (medium; bug #624212)
CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in arch/arm/kerne ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in Sy ...)
	- sssd <not-affected> (Only affects version 1.5+)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867
	NOTE: http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a
CVE-2011-1757 (DJabberd 0.84 and earlier does not properly detect recursion during en ...)
	NOTE: DJabberd
CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly ...)
	{DSA-2250-1}
	- citadel 8.04-1 (medium)
CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during entit ...)
	- jabberd2 2.2.8-2.1 (medium)
CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion durin ...)
	{DSA-2249-1}
	- jabberd14 1.6.1.1-5.1
CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and ...)
	{DSA-2248-1}
	- ejabberd 2.1.6-2.1 (medium)
CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Managem ...)
	{DSA-2241-1}
	- qemu-kvm 0.14.1+dfsg-1
	- kvm <undetermined>
CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver (hw/virt ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.ns ...)
	- nfs-utils 1:1.2.3-3 (low; bug #629420)
	[squeeze] - nfs-utils 1:1.2.2-4squeeze2
	[lenny] - nfs-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before 2 ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not pr ...)
	- linux-2.6 <removed> (unimportant)
	NOTE: Can only be triggered with root equivalent privs -> non-issue
CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_ ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in drivers/ ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1744 (EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin  ...)
	NOT-FOR-US: EMC
CVE-2011-1743 (Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 b ...)
	NOT-FOR-US: EMC
CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account cred ...)
	NOT-FOR-US: EMC
CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbir ...)
	NOT-FOR-US: OpenText Hummingbird Client Connector
CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authen ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...)
	NOT-FOR-US: FreeBSD mountd
CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Dev ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1737 (Multiple cross-site scripting (XSS) vulnerabilities in the Email appli ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client Servi ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13,  ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13,  ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9 ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3  ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rht ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_di ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in php/partie_administ ...)
	NOT-FOR-US: WebJaxe
CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x b ...)
	{DSA-2233-1}
	- postfix 2.8.3-1
	NOTE: http://www.postfix.org/CVE-2011-1720.html
CVE-2011-1719 (Multiple stack-based buffer overflows in the Web Viewer ActiveX contro ...)
	NOT-FOR-US: ActiveX
CVE-2011-1718 (The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 be ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-1716 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in X ...)
	- xymon 4.3.7-1
	[wheezy] - xymon <no-dsa> (Minor issue)
	[squeeze] - xymon <no-dsa> (Minor issue)
CVE-2011-1717 (Skype for Android stores sensitive user data without encryption in sql ...)
	NOT-FOR-US: Skype for Android
CVE-2011-1715 (Directory traversal vulnerability in framework/source/resource/qx/test ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1714 (Cross-site scripting (XSS) vulnerability in framework/source/resource/ ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, allo ...)
	NOT-FOR-US: Microsoft
CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.c ...)
	- iceweasel 4.0.1-1 (unimportant)
CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in No ...)
	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell XTier fram ...)
	NOT-FOR-US: Novell XTier
CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, ena ...)
	- gdm3 <not-affected> (Vulnerable code patched out in Debian package in sid, patched in 3.0.4 experimental)
	- gdm <not-affected> (Vulnerable code not present)
CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client bef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client befo ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1698
	RESERVED
CVE-2011-1697
	RESERVED
CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager (a ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-1695
	RESERVED
CVE-2011-1694
	RESERVED
CVE-2011-1693
	RESERVED
CVE-2011-1692
	RESERVED
CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in t ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82222
CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8 ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1689 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical  ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1688 (Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1687 (Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1686 (Multiple SQL injection vulnerabilities in Best Practical Solutions RT  ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through 4. ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x b ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
	- phplist <itp> (bug #612288)
CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4. ...)
	{DSA-2218-1}
	- vlc 1.1.8-3 (medium)
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	[squeeze] - vlc 1.1.3-1squeeze5
	NOTE: CVE id requested
CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-t ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (low; bug #623968)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ loc ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the  ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to app ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lo ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
	NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983
CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the /etc/mt ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attacke ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attacker ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...)
	NOT-FOR-US: Dell KACE K2000 Systems Deployment Appliance
CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in app/controllers/todos_cont ...)
	NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
	NOT-FOR-US: InTerra
CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom  ...)
	NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web Conte ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows  ...)
	NOT-FOR-US: Anzeigenmarkt
CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive informat ...)
	NOT-FOR-US: Metaways Tine
CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with insu ...)
	NOT-FOR-US: PHPBoost
CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in the Translation Man ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1663 (SQL injection vulnerability in the Translation Management module 6.x b ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management mod ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_ ...)
	NOT-FOR-US: Node Quick Find module for Drupal
CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamic ...)
	NOT-FOR-US: GrapeCity Data Dynamics Reports
CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-2
	- glibc 2.13-8
	[lenny] - glibc <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expan ...)
	- eglibc 2.13-33 (low; bug #672119)
	[squeeze] - eglibc <not-affected>
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions i ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: safe mode not supported
CVE-2011-1656
	RESERVED
CVE-2011-1655 (The management.asmx module in the Management Web Service in the Unifie ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in CA.I ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control  ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1652 (** DISPUTED ** The default configuration of Microsoft Windows 7 immedi ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2011-1651 (Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when ...)
	NOT-FOR-US: Cisco
CVE-2011-1650
	RESERVED
CVE-2011-1649 (The Internet Streamer application in Cisco Content Delivery System (CD ...)
	NOT-FOR-US: Cisco
CVE-2011-1648
	RESERVED
CVE-2011-1647 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1646 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1645 (The web management interface on the Cisco RVS4000 Gigabit Security Rou ...)
	NOT-FOR-US: Cisco
CVE-2011-1644
	RESERVED
CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager)  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1642
	RESERVED
CVE-2011-1641
	RESERVED
CVE-2011-1640 (The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1639
	RESERVED
CVE-2011-1638
	RESERVED
CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...)
	NOT-FOR-US: Cisco
CVE-2011-1636
	RESERVED
CVE-2011-1635
	RESERVED
CVE-2011-1634
	RESERVED
CVE-2011-1633
	RESERVED
CVE-2011-1632
	RESERVED
CVE-2011-1631
	RESERVED
CVE-2011-1630
	RESERVED
CVE-2011-1629
	RESERVED
CVE-2011-1628
	RESERVED
CVE-2011-1627
	RESERVED
CVE-2011-1626
	RESERVED
CVE-2011-1625 (Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link switchi ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1624 (Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience Engine  ...)
	NOT-FOR-US: Cisco
CVE-2011-1622
	RESERVED
CVE-2011-1621
	RESERVED
CVE-2011-1620
	RESERVED
CVE-2011-1619
	RESERVED
CVE-2011-1618
	RESERVED
CVE-2011-1617
	RESERVED
CVE-2011-1616
	RESERVED
CVE-2011-1615
	RESERVED
CVE-2011-1614
	RESERVED
CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) softw ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2011-1612
	RESERVED
CVE-2011-1611
	RESERVED
CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1609 (SQL injection vulnerability in Cisco Unified Communications Manager (a ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1608
	RESERVED
CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified Communications Mana ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM, formerl ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software be ...)
	NOT-FOR-US: Cisco
CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones ...)
	NOT-FOR-US: Cisco
CVE-2011-1601
	RESERVED
CVE-2011-1600
	RESERVED
CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x befor ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2 ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
	REJECTED
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in disk. ...)
	- rdesktop 1.7.0-1 (low; bug #623552)
	[squeeze] - rdesktop <no-dsa> (Minor issue)
	[lenny] - rdesktop <no-dsa> (Minor issue)
CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Netwo ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x b ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in epan/dissectors/p ...)
	- wireshark 1.4.5-1
	[squeeze] - wireshark <not-affected> (Only affects 1.4.x)
	[lenny] - wireshark <not-affected> (Only affects 1.4.x)
CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x befor ...)
	{DSA-2274-1}
	- wireshark 1.4.5-1 (unimportant)
CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before 1.1 ...)
	{DSA-2221-1}
	- libmojolicious-perl 1.16-1
CVE-2011-1588 (Thunar before 1.3.1 could crash when copy and pasting a file name with ...)
	- thunar <not-affected> (Introduced in 1.2, only in experimental)
	NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, w ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1586 (Directory traversal vulnerability in the KGetMetalink::File::isValidNa ...)
	- kdenetwork 4:4.6.3-1
	[squeeze] - kdenetwork 4:4.4.5-2+squeeze1
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kerne ...)
	{DSA-2240-1}
	- linux-2.6 <removed> (unimportant)
	NOTE: an exploitation requires the ability to run mount.cifs w/ root privs
CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media Ma ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xe ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servl ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1581 (The bond_select_queue function in drivers/net/bonding/bond_main.c in t ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, w ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in fs/partitio ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1576 (The Generic Receive Offload (GRO) implementation in the Linux kernel 2 ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-5
	[lenny] - linux-2.6 <not-affected> (Code not present)
	NOTE: "...code path in question is no longer reachable..." not sure when this was fixed
CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
	- pure-ftpd 1.0.30-1 (low)
	[squeeze] - pure-ftpd 1.0.28-3+squeeze1
	[lenny] - pure-ftpd <no-dsa> (Minor issue)
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in l ...)
	{DSA-2226-1}
	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when addip ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34
	NOTE: http://xorl.wordpress.com/2011/05/08/cve-2011-1573-linux-kernel-sctp-initinit-ack-length-miscalculation/
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8170c35e738d62e9919ce5b109cf4ed66e9
CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands (ADC)  ...)
	{DSA-2215-1}
	- gitolite 1.5.7-2
	NOTE: https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
	NOTE: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
	[squeeze] - gitolite 1.5.4-2+squeeze1
CVE-2011-1571 (Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1570 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1569 (download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obta ...)
	NOT-FOR-US: Douran Portal
CVE-2011-1568 (Format string vulnerability in the logText function in shmemmgr9.dll i ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1567 (Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11 ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1566 (Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier  ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1565 (Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063  ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1564 (Multiple integer overflows in the HMI application in DATAC RealFlex Re ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1563 (Multiple stack-based buffer overflows in the HMI application in DATAC  ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1562 (Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attacker ...)
	NOT-FOR-US: Ecava IntegraXor HMI
CVE-2011-1561 (The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, whe ...)
	NOT-FOR-US: IBM AIX 6.1
CVE-2011-1560 (solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x  ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1559 (Unspecified vulnerability in the IBM Web Interface for Content Managem ...)
	NOT-FOR-US: IBM WEBi
CVE-2011-1558 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Int ...)
	NOT-FOR-US: IBM WEBi
CVE-2011-XXXX [drupal6-mod-tagadelic XSS]
	- drupal6-mod-tagadelic 1.3-1 (low)
	NOTE: DRUPAL-SA-CONTRIB-2011-013
CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remot ...)
	NOT-FOR-US: ICloudCenter ICJobSite
CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Ap ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3. ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xp ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ direc ...)
	- cobbler <not-affected> (bug #796151; perms different on Debian)
	NOTE: /var/log/cobbler is set to cobbler:cobbler and daemon runs as root
CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses r ...)
	- logrotate <not-affected> (SuSE-specific, see CVE-2011-1548 for Debian)
CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses root privi ...)
	- logrotate <not-affected> (Gentoo-specific, see CVE-2011-1548 for Debian)
CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root p ...)
	- logrotate 3.7.8-6
CVE-2011-1547 (Multiple stack consumption vulnerabilities in the kernel in NetBSD 4.0 ...)
	NOT-FOR-US: NetBSD
CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Ap ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control  ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1544 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1543 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight  ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1542 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8 ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack ( ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1536 (Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, 5 ...)
	NOT-FOR-US: HP Performance Insight
CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linu ...)
	NOT-FOR-US: HP Insight Control
CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart D ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP Photo ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1530 (The process_tgs_req function in do_tgs_req.c in the Key Distribution C ...)
	- krb5 1.10+dfsg~alpha1-7
	[squeeze] - krb5 <not-affected> (Only affecs 1.9 and higher)
	[lenny] - krb5 <not-affected> (Only affecs 1.9 and higher)
CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center (KDC ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center (K ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerber ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <not-affected> (Introduced in 1.9)
	[lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Application ...)
	{DSA-2283-1}
	- krb5-appl 1:1.0.1-1.1
CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer  ...)
	NOT-FOR-US: RealPlayer
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI p ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.c ...)
	- nagios3 3.2.3-3 (bug #629127)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[lenny] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - icinga <no-dsa> (Minor issue)
	[lenny] - icinga <no-dsa> (Minor issue)
	NOTE: http://tracker.nagios.org/view.php?id=207
CVE-2011-1522 (Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\ ...)
	{DSA-2223-1}
	- doctrine 1.2.4-1 (bug #622674)
CVE-2011-1520 (The default configuration of the server console in IBM Lotus Domino do ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 7.x an ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1518 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...)
	{DSA-2231-1}
	- otrs2 2.4.10+dfsg1-1
CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x befo ...)
	{DLA-25-1}
	- python3.1 <removed> (bug #628453)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2-3
	- python2.7 2.7.1-7
	- python2.6 2.6.7-1 (bug #628455)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue11662
CVE-2011-XXXX [htmlpurifier various]
	- php-htmlpurifier 4.3.0+dfsg1-1 (unimportant)
	- mahara 1.2.5-1
	[lenny] - mahara 1.0.4-4+lenny10
	NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
	NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself
	NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara)
CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service c ...)
	NOT-FOR-US: SAP
CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS 0.7.24 ...)
	NOT-FOR-US: e107
CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used i ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in  ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in Manag ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk P ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly  ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1 ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and Mail ...)
	NOT-FOR-US: Kerio
CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 serv ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1504 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community E ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1503 (The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x a ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1502 (Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1501
	REJECTED
CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict  ...)
	- pithos 0.3.8-1 (low)
CVE-2011-1499 (acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting s ...)
	{DSA-2222-1}
	- tinyproxy 1.8.2-2 (bug #621493)
	[lenny] - tinyproxy <not-affected> (Vulnerable code not present)
CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...)
	- httpcomponents-client 4.1.1-1 (bug #628727)
	[squeeze] - httpcomponents-client 4.0.1-1squeeze1
	NOTE: http://seclists.org/oss-sec/2011/q2/188
	NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
CVE-2011-1497
	RESERVED
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
	{DSA-2212-1}
	- tmux 1.4-6 (bug #620304)
	NOTE: CVE id requested
CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earl ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/m ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1493 (Array index error in the rose_parse_national function in net/rose/rose ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not prop ...)
	- roundcube 0.5.1-1
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly han ...)
	- roundcube 0.5.1-1 (low)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1490 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1489 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1488 (A memory leak in rsyslog before 5.7.6 was found in the way deamon proc ...)
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1487 (The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.1 ...)
	{DSA-2265-1}
	- perl 5.10.1-20 (unimportant; bug #622817)
	NOTE: http://nntp.perl.org/group/perl.perl5.porters/171010
CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error report ...)
	{DSA-2280-1}
	- libvirt 0.9.0-1 (low; bug #623222)
	[lenny] - libvirt <no-dsa> (Minor issue)
CVE-2011-1485 (Race condition in the pkexec utility and polkitd daemon in PolicyKit ( ...)
	{DSA-2319-1}
	- policykit-1 0.101-4 (bug #644500)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise ...)
	NOT-FOR-US: JBoss Enterprise Web Platform
CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in mainfile ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration backend ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1479 (Double free vulnerability in the inotify subsystem in the Linux kernel ...)
	- linux-2.6 2.6.38-4
	[lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
	[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
CVE-2011-1478 (The napi_reuse_skb function in net/core/dev.c in the Generic Receive O ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the Linu ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not p ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474 (A locally locally exploitable DOS vulnerability was found in pax-linux ...)
	NOT-FOR-US: PaX hardening patch
	NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
	NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456
	NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically p ...)
	NOT-FOR-US: Nokia E75 phone
CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP b ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent attacke ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 mig ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: under normal conditions the amount of memory leaked is insignificant
CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfm ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: Only triggerable with malicious script
CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: null pointer deref because of int overflow. Fix has a bug
CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in Goo ...)
	- chromium-browser <not-affected> (only the dev version was affected)
	- webkit <not-affected> (chromium specific)
CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the p ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: ini setting needs to be modified.
CVE-2011-1463
	RESERVED
CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1461
	RESERVED
CVE-2011-1460 (WebKit in Google Chrome before Blink M11 contains a bad cast to Render ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1459 (The WebKit::WebPluginContainerImpl::handleEvent function in Google Chr ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1458
	RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, w ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF document ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling functionality in G ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83209
CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file dialog ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in Googl ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82088
CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform height calc ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81786
CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle drop-down li ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81851
CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to spoof the  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG document ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	- webkit <not-affected> (chromium sandbox)
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement layering, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82624
CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle mutation eve ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81611
CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a cast of a ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80773
	NOTE: http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 allow ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	NOTE: http://trac.webkit.org/changeset/84009
CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly isolate re ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to bypass the ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81399
CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57 allow r ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/79462
CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly interact w ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement the tabs  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1434 (Google Chrome before 11.0.696.57 does not ensure thread safety during  ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in Open Ti ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligible security impact
CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly  ...)
	NOT-FOR-US: SCO SCOoffice Server
CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the net ...)
	- qmail <removed> (unimportant; bug #652378)
	NOTE: The TLS patch is shipped in the source package, but it's not applied
	- netqmail <not-affected> (Doesn't include the TLS patch)
CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and  ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
	- mutt 1.5.21-5 (low; bug #619216)
	[squeeze] - mutt 1.5.20-9+squeeze2
	[lenny] - mutt <no-dsa> (Minor issue)
	NOTE: http://dev.mutt.org/trac/ticket/3506
CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
	{DSA-2598-1}
	- weechat 0.3.5-1
CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 5. ...)
	NOT-FOR-US: Kodak InSite
CVE-2011-1426 (The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 thr ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in  ...)
	{DSA-2219-1}
	- xmlsec1 1.2.14-1.1 (bug #620560)
	NOTE: http://www.aleksey.com/xmlsec/news.html
CVE-2011-1424 (The default configuration of ExShortcut\Web.config in EMC SourceOne Em ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention ( ...)
	NOT-FOR-US: RSA Data Loss Prevention Enterprise Manager
CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave F ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the  ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC p ...)
	NOT-FOR-US: EMC Data Protection Advisor Collector
CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security constrai ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in t ...)
	NOT-FOR-US: Apple iOS
CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: QuickLook,
CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0 ...)
	NOT-FOR-US: BlackBerry
CVE-2011-1415
	REJECTED
CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as u ...)
	NOT-FOR-US: TIBCO tibbr
CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in Wo ...)
	- openarena <not-affected> (Vulnerable code not present, the version in sid uses ioquake3)
	- ioquake3 1.36+svn1946-4
CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...)
	{DSA-2284-1}
	- opensaml2 2.4.3-1
CVE-2011-1410
	RESERVED
CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly othe ...)
	{DSA-2259-1}
	- fex 20110610-1
CVE-2011-1408 (ikiwiki before 3.20110608 allows remote attackers to hijack root's tty ...)
	- ikiwiki 3.20110608 (low)
	[squeeze] - ikiwiki <no-dsa> (Minor issue)
CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for  ...)
	{DSA-2236-1}
	- exim4 4.76-1
	[lenny] - exim4 <not-affected> (Vulnerable code not present)
CVE-2011-1406 (Mahara before 1.3.6 does not properly handle an https URL in the wwwro ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses t ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implem ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intend ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber  ...)
	{DSA-2214-1}
	- ikiwiki 3.20110328
CVE-2011-1400 (The default configuration of the shell_escape_commands directive in co ...)
	{DSA-2198-1}
	- tex-common 2.09
CVE-2011-1399
	RESERVED
CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5. ...)
	- php5 5.4.0~rc5-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
	NOT-FOR-US: IBM Tivoli
CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo A ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1394 (IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1,  ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in the s ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1391 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1390 (SQL injection vulnerability in the Maintenance tool in IBM Rational Cl ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-1389 (Multiple directory traversal vulnerabilities in the vendor daemon in R ...)
	NOT-FOR-US: Telelogic License Server
CVE-2011-1388 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll i ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1387
	RESERVED
CVE-2011-1386 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Iden ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2011-1385 (IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote att ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1384 (The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd prog ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1383
	RESERVED
CVE-2011-1382
	RESERVED
CVE-2011-1381 (Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before ...)
	NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2011-1380
	RESERVED
CVE-2011-1379
	RESERVED
CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM gr ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1377 (The Web Services Security component in the Web Services Feature Pack b ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1376 (iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.4 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_ ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...)
	NOT-FOR-US: Appe QuickTime
CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the  ...)
	NOT-FOR-US: IBM DB2
CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries wit ...)
	NOT-FOR-US: IBM web interface to tape libraries
CVE-2011-1371 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM W ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1370 (The default configuration of the Sametime configuration servlet (SCS)  ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2011-1369
	RESERVED
CVE-2011-1368 (The JavaServer Faces (JSF) application functionality in IBM WebSphere  ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1367 (Unspecified vulnerability in the File Load feature in IBM Rational App ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1366 (Unspecified vulnerability in the Import feature in IBM Rational AppSca ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1365
	RESERVED
CVE-2011-1364 (Cross-site request forgery (CSRF) vulnerability in _ah/admin/interacti ...)
	NOT-FOR-US: Goole App Engine Python SDK
CVE-2011-1363
	RESERVED
CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1361
	RESERVED
CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2011-1359 (Directory traversal vulnerability in the administration console in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1358
	RESERVED
CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2011-1356 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1355 (Open redirect vulnerability in IBM WebSphere Application Server (WAS)  ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1354
	RESERVED
CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Window ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-1352 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to gai ...)
	NOT-FOR-US: Anroid
CVE-2011-1351
	RESERVED
CVE-2011-1350 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to obt ...)
	NOT-FOR-US: Android
CVE-2011-1349
	RESERVED
CVE-2011-1348
	RESERVED
CVE-2011-1347 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1346 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows  ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIb ...)
	NOT-FOR-US: Tivoli
CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in skins/plone_templates/defa ...)
	- plone3 <removed>
CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance be ...)
	NOT-FOR-US: Google Search Appliance
CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows loc ...)
	NOT-FOR-US: XnView
CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Opera
CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to e ...)
	NOT-FOR-US: ALZip
CVE-2011-1335 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8  ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-1334 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Ga ...)
	NOT-FOR-US: Cybozu
CVE-2011-1333 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu ...)
	NOT-FOR-US: Cybozu
CVE-2011-1332 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 throug ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2011-1331 (JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitar ...)
	NOT-FOR-US: JustSystems Ichitaro Products
CVE-2011-1330 (Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 P ...)
	NOT-FOR-US: WeblyGo
CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restri ...)
	NOT-FOR-US: WalRack
CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows ...)
	NOT-FOR-US: RADVISION iVIEW Suite
CVE-2011-1327 (The Keystroke Encryption feature in Trend Micro Internet Security 2009 ...)
	NOT-FOR-US: Trend Micro Internet Security
CVE-2011-1326 (Unspecified vulnerability on the La Fonera+ router with firmware befor ...)
	NOT-FOR-US: La Fonera+ router
CVE-2011-1325 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11 ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-1324 (Multiple cross-site request forgery (CSRF) vulnerabilities in the mana ...)
	NOT-FOR-US: Buffalo routers
CVE-2011-1323 (Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6. ...)
	NOT-FOR-US: Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers
CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the We ...)
	NOT-FOR-US: WebSphere
CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM We ...)
	NOT-FOR-US: WebSphere
CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) 6.1.0 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...)
	NOT-FOR-US: WebSphere
CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaS ...)
	NOT-FOR-US: WebSphere
CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport comp ...)
	NOT-FOR-US: WebSphere
CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application Serve ...)
	NOT-FOR-US: WebSphere
CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere Ap ...)
	NOT-FOR-US: WebSphere
CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) 6. ...)
	NOT-FOR-US: WebSphere
CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application Serv ...)
	NOT-FOR-US: WebSphere
CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) befor ...)
	NOT-FOR-US: WebSphere
CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere Applicat ...)
	NOT-FOR-US: WebSphere
CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: WebSphere
CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation Verificat ...)
	NOT-FOR-US: WebSphere
CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before 7.0.0.1 ...)
	NOT-FOR-US: WebSphere
CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google Chro ...)
	NOT-FOR-US: Google ChromeOS
CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/76713
CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57 allows r ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle floating obj ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80682
CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome before  ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google Chrome befor ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1300 (The Program::getActiveUniformMaxLength function in libGLESv2/Program.c ...)
	NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
CVE-2011-1299
	RESERVED
CVE-2011-1298 (An Integer Overflow exists in WebKit in Google Chrome before Blink M11 ...)
	NOTE: Historic webkit/Chromium issues
CVE-2011-1297
	RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, w ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80520
CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari  ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/80487
CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle Cascading S ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in G ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/80797
CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in Goo ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/79808
CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base string ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) Bl ...)
	{DSA-2192-1}
	- chromium-browser 10.0.648.133~r77742-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port
	NOTE: http://trac.webkit.org/changeset/80787
CVE-2011-1289
	RESERVED
CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1287
	RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1285 (The regular-expression functionality in Google Chrome before 10.0.648. ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) i ...)
	NOT-FOR-US: MS Windows
CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1282 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...)
	NOT-FOR-US: MS Windows
CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 200 ...)
	NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio
CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly valid ...)
	NOT-FOR-US: Microsoft Excel, Office
CVE-2011-1277 (Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Forma ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1276 (Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; O ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1275 (Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and Ope ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1274 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1273 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1272 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1,  ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows r ...)
	NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft
CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in Microsof ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1265 (The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Win ...)
	NOT-FOR-US: MS Windows
CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory Certifica ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1263 (Cross-site scripting (XSS) vulnerability in the logon page in Remote D ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1259
	REJECTED
CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows remot ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementa ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and  ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1247 (Untrusted search path vulnerability in the Microsoft Active Accessibil ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content setting ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict script  ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce intended doma ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1243 (The Windows Messenger ActiveX control in msgsc.dll in Microsoft Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1242 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1241 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1240 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1239 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1238 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1237 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1236 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1235 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1234 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1233 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1232 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1231 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1230 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1229 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1228 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1227 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1226 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1225 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-XXXX [dokuwiki ACL bypass]
	- dokuwiki 0.0.20101107a-1 (low)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
	[lenny] - dokuwiki <no-dsa> (Minor issue)
CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not u ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the backu ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control i ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivo ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
	RESERVED
CVE-2011-1218 (Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lot ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1217 (Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lo ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1216 (Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used i ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1215 (Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used  ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1214 (Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used  ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1213 (Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lot ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1212
	RESERVED
CVE-2011-1211
	RESERVED
CVE-2011-1210
	RESERVED
CVE-2011-1209 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 bef ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1208 (IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3 ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1207 (The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX  ...)
	NOT-FOR-US: IBM Rational System
CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in I ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational Commo ...)
	NOT-FOR-US: IBM Rational ClearCase, ClearQuest
CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/79810
	NOTE: very hard to merge: needs introduction of ScopedEventQueue.cpp
CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG cursors ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79476
CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 a ...)
	- libxslt 1.1.26-7 (low; bug #617413)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <no-dsa> (minor issue)
	- iceweasel 3.5.19-1
	[squeeze] - iceweasel <no-dsa> (minor issue)
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[squeeze] - iceape <no-dsa> (minor issue)
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
	[squeeze] - libxslt 1.1.26-6+squeeze1
	[lenny] - libxslt <no-dsa> (minor issue)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome before  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (losecontext not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/78921
CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a cast of  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78744
CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle DataView ob ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in libv8 bindings)
	NOTE: https://trac.webkit.org/changeset/78738
CVE-2011-1198 (The video functionality in Google Chrome before 10.0.648.127 allows re ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav <not-affected> (Specific to ffmpeg-mt)
CVE-2011-1197 (Google Chrome before 10.0.648.127 does not properly perform table pain ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79734
CVE-2011-1196 (The OGG container implementation in Google Chrome before 10.0.648.127  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav 4:0.7.1-1
	- ffmpeg-debian <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
	- ffmpeg <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before 10.0.648. ...)
	- chromium-browser 10.0.648.127~r76697-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/77049
	NOTE: http://trac.webkit.org/changeset/77329
	NOTE: popup blocker bypass not treated as a security issue
CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle Un ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific code)
	NOTE: http://trac.webkit.org/changeset/76732
CVE-2011-1191 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 allo ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not yet present)
	NOTE: http://trac.webkit.org/changeset/76652
CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 al ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77563
CVE-2011-1189 (Google Chrome before 10.0.648.127 does not properly perform box layout ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79689
CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter nod ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass th ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- icedove 17.0.2-1 (low)
	[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceweasel 12.0-1 (bug #703071)
	[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceape <removed> (low)
	[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle pa ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1) navigation and  ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/74853
CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat  ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does no ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users t ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-1181 [missing error handling in linux netdev]
	REJECTED
CVE-2011-1180 (Multiple stack-based buffer overflows in the iriap_getvaluebyclass_ind ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
	- gimp 2.6.10-1
	NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
	RESERVED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk  ...)
	{DSA-2202-1}
	- apache2 2.2.17-2 (bug #618857; medium)
	[lenny] - apache2 <not-affected> (different source package in lenny: apache2-mpm-itk)
	- apache2-mpm-itk <removed>
	[lenny] - apache2-mpm-itk <not-affected> (bug was introduced later, in 2.2.11-01)
CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before  ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x bef ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in sound/pci/asihpi ...)
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError f ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in ...)
	{DSA-2210-1}
	- tiff 3.9.4-9 (bug #619614)
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a d ...)
	{DSA-2337-1}
	- xen 4.1.0-1
	- xen-3 <removed>
CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens po ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the state ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel  ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1162 (The tpm_read function in the Linux kernel 2.6 does not properly clear  ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-1161
	REJECTED
CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel be ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in  ...)
	{DSA-2362-1}
	- acpid 1:2.0.9-1
	[lenny] - acpid <no-dsa> (Minor issue)
CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120304003020/https://code.google.com/p/feedparser/issues/detail?id=255
CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120211010803/https://code.google.com/p/feedparser/issues/detail?id=254
CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or python-feedp ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20130326201801/http://code.google.com/p/feedparser/issues/detail?id=91
CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier  ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier  ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ex ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1152
	REJECTED
CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and  ...)
	NOT-FOR-US: Joomla!
CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re paramete ...)
	NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system pro ...)
	NOT-FOR-US: Android
CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP 5.3 ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) decode ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1 (bug #614580)
CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly restri ...)
	{DSA-2194-1}
	- libvirt 0.8.8-3 (low; bug #617773)
	[lenny] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
CVE-2011-1145 (The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a pos ...)
	- unixodbc 2.2.14p2-3 (low; bug #617655)
	[squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	[lenny] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	NOTE: http://seclists.org/oss-sec/2011/q1/446
CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to overwrit ...)
	- php5 <not-affected> (incomplete fix never used in Debian packages)
CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in  ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through 1.2.14 ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1140 (Multiple stack consumption vulnerabilities in the dissect_ms_compresse ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through 1 ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpa ...)
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, doe ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews function in M ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines Forum (SM ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2 ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstat ...)
	NOT-FOR-US: VMware Workstation
CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, whi ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code introduced in commit 75823)
	NOTE: http://trac.webkit.org/changeset/78775
CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 allow ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to  ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote att ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port (s/logicalBottom/bottom)
	NOTE: http://trac.webkit.org/changeset/77565
CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows re ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (webgl support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77956
CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device or ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (device orientation code/support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77418
CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ele ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77144
CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML docume ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77262
CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG animatio ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77548
CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, whic ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76915
CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, whic ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state)
	NOTE: http://trac.webkit.org/changeset/77141
CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not pr ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG renderi ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms con ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: needs port (s/FormAssociatedElement/HTMLFormElement)
	NOTE: http://trac.webkit.org/changeset/77114
CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76828
CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in Ca ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76728
CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement JavaScrip ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows r ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76205
CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allo ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare E ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1103 (The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before ho ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1102 (Cross-site scripting (XSS) vulnerability in the WebReporting module in ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1101 (Multiple unspecified vulnerabilities in a third-party component of the ...)
	NOT-FOR-US: Citrix License Management Console
CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...)
	- pixelpost <removed>
CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick P ...)
	NOT-FOR-US: FocalMedia.Net Quick Polls
CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in logr ...)
	- logrotate 3.8.0-1 (low)
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ownershi ...)
	- rsync 3.0.8 (low; bug #621866)
	[squeeze] - rsync <no-dsa> (Minor issue)
CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services (JB ...)
	NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or  ...)
	- glibc 2.13-16
	[lenny] - glibc <no-dsa> (Minor issue)
	- eglibc 2.13-16
	[squeeze] - eglibc 2.11.3-2
	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not  ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
	- kdelibs <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/oss-sec/2011/q1/434
CVE-2011-1093 (The dccp_rcv_state_process function in net/dccp/input.c in the Datagra ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows conte ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
	NOTE: http://seclists.org/oss-sec/2011/q1/430
CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 t ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ker ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13  ...)
	- glibc 2.13-8
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-1
	NOTE: http://seclists.org/oss-sec/2011/q1/368
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annota ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assiste ...)
	- vlc 1.1.10-1 (low; bug #616156)
	[squeeze] - vlc <no-dsa> (Minor issue)
	[lenny] - vlc <no-dsa> (Minor issue)
	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
	NOTE: obscure exploit scenario
CVE-2011-1086 (Cross-site scripting (XSS) vulnerability in admin/system.html in Openf ...)
	NOT-FOR-US: openfiler
CVE-2011-1085 (CSRF vulnerability in Smoothwall Express 3. ...)
	NOT-FOR-US: smoothwall
CVE-2011-1084 (A cross-site scripting (XSS) vulnerability in Smoothwall Express 3. ...)
	NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
	- linux-2.6 3.2.9-1 (low)
	[squeeze] - linux-2.6 2.6.32-47
CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file des ...)
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attack ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the Linu ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Lin ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva  ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows re ...)
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1075
	RESERVED
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users  ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIB ...)
	- glibc 2.11.2-12
	- eglibc 2.11.2-12 (bug #615120)
	[squeeze] - eglibc 2.11.3-2
CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are sent ...)
	- v86d 0.1.10-1 (low; bug #619404)
	[squeeze] - v86d 0.1.9-1+squeeze1
	[lenny] - v86d 0.1.5.2-1+lenny1
CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...)
	NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1. ...)
	NOT-FOR-US: Microsoft Windows Azure SDK
CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not  ...)
	NOT-FOR-US: s389 LDAP server
CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2 ...)
	NOT-FOR-US: Messaging module for Drupal
CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX con ...)
	NOT-FOR-US: PIPI Player
CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 ...)
	NOT-FOR-US: Qi Bo CMS
CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design P ...)
	NOT-FOR-US: Cherry-Design Photopad
CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in include/html/he ...)
	NOT-FOR-US: TaskFreak!
CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1060 (SQL injection vulnerability in the member function in classes/member.p ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as us ...)
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77705
CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
	{DSA-2321-1}
	- moin 1.9.3-3
CVE-2011-1057
	REJECTED
CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
	NOT-FOR-US: Metasploit Framework
CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS  ...)
	NOT-FOR-US: Lingxia I.C.E CMS
CVE-2011-1054 (Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1053 (Unspecified vulnerability in the Mach-O input file loader in Hex-Rays  ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1052 (Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pr ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1051 (Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Ra ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1050 (Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown  ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1049 (Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5. ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1048 (SQL injection vulnerability in product.php in MihanTools 1.33 allows r ...)
	NOT-FOR-US: MihanTools
CVE-2011-1047 (Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka F ...)
	NOT-FOR-US: VastHTML Forum Server
CVE-2011-1046 (IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used  ...)
	NOT-FOR-US: FileNet P8 Content Engine
CVE-2011-1045 (Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 thr ...)
	NOT-FOR-US: Rendition Engine
CVE-2011-XXXX [pam_pgsql overflow]
	- pam-pgsql 0.7.1-5 (bug #603436)
	[lenny] - pam-pgsql 0.6.3-2+lenny1
	[squeeze] - pam-pgsql 0.7.1-4+squeeze1
CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 2.6.26-26lenny2
CVE-2011-1043
	RESERVED
CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...)
	NOT-FOR-US: flimflam in Google Chrome OS
CVE-2011-1041
	RESERVED
CVE-2011-1040
	RESERVED
CVE-2011-1039
	RESERVED
CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in t ...)
	NOT-FOR-US: Lotus Sametime
CVE-2011-1037
	RESERVED
CVE-2011-1036 (The XML Security Database Parser class in the XMLSecDB ActiveX control ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to m ...)
	NOT-FOR-US: PivotX
CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Bui ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ( ...)
	NOT-FOR-US: IBM
CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0 ...)
	NOT-FOR-US: IBM
CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier  ...)
	- feh 1.12-1 (low)
	[lenny] - feh <no-dsa> (Minor issue)
	[squeeze] - feh <no-dsa> (Minor issue)
CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...)
	NOT-FOR-US: IBM
CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert  ...)
	NOT-FOR-US: IBM
CVE-2011-1028 (The $smarty.template variable in Smarty3 allows attackers to possibly  ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in cg ...)
	NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache A ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require  ...)
	- openldap 2.4.25-1 (unimportant; bug #617606)
	[squeeze] - openldap 2.4.23-7.1
	NOTE: NBD backend disabled in Debian builds
CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-sl ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1023 (The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel befo ...)
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrul ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1 (bug #615987)
CVE-2011-1021 (drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local use ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and earl ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1
CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before 2.6 ...)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.32)
	- linux-2.6 2.6.38-1 (unimportant)
	NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine
	NOTE: grained security capability models, and an attacker can only load modules from
	NOTE: /lib/modules, which is only writable with root privs
CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbit ...)
	{DSA-2182-1}
	- logwatch 7.3.6.cvs20090906-2 (bug #615995)
CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in fs/partitio ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not pr ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in P ...)
	{DLA-25-1}
	- python2.6 2.6.8-1 (low; bug #614860)
	[wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	[lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: Python 2.7 and 3.1 are fixed
	NOTE: http://bugs.python.org/issue2254
CVE-2011-1014
	REJECTED
CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) driver ...)
	- linux-2.6 2.6.38-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1012 (The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare in ce ...)
	NOT-FOR-US: seunshare
CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/mac.c i ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...)
	- request-tracker3.8 3.8.10-1 (bug #614576)
	[squeeze] - request-tracker3.8 3.8.8-7+squeeze1
	[lenny] - request-tracker3.6 3.6.7-5+lenny6
CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain redi ...)
	- request-tracker3.6 <removed> (unimportant)
	- request-tracker3.8 3.8.10-1 (unimportant)
	NOTE: A physically proximate attacker can do far more damage anyway
CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in tools/ ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1
CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through  ...)
	- ruby1.8 1.8.7.334-1 (bug #615517)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <not-affected>
	- ruby1.9.1 <not-affected>
CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-4 ...)
	- ruby1.8 1.8.7.334-1 (bug #615518)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (bug #615519)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.180-1 (bug #615519)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, patch would change behaviour and might break things)
CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in  ...)
	- clamav 0.97+dfsg-1 (low)
	[squeeze] - clamav 0.97+dfsg-2~squeeze1 (bug #617444)
	[lenny] - clamav <end-of-life>
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=2486
	NOTE: http://web.archive.org/web/20110304224953/http://git.clamav.net:80/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remo ...)
	{DSA-2174-1}
	- avahi 0.6.28-4 (bug #614785)
	NOTE: duped with CVE-2011-0634
CVE-2011-1001 (dexdump in Android SDK before 2.3 does not properly perform structural ...)
	NOT-FOR-US: Android SDK
CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0 ...)
	{DSA-2169-1}
	- telepathy-gabble 0.9.15-2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
CVE-2011-0999 (mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not preven ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in 2.6.38-rc5)
CVE-2011-0998
	RESERVED
CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV befo ...)
	{DSA-2217-1 DSA-2216-1}
	- isc-dhcp 4.1.1-P1-16.1 (bug #621099)
	- dhcp3 <removed>
CVE-2011-XXXX [isc-dhcp: omapi dos]
	- isc-dhcp <not-affected> (only affects 4.2.0)
	- dhcp3 <not-affected> (only affects 4.2.0)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/4820
	NOTE: inrodroduced in 4.2.0 and fixed in 4.2.1
CVE-2011-0996 (dhcpcd before 5.2.12 allows remote attackers to execute arbitrary comm ...)
	- dhcpcd <not-affected> (old shell quoting code is not vulnerable)
	NOTE: Debian's dhcpcd.sh is not vulnerable.
CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...)
	- ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw)
CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (N ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable postgr ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1  ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1  ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy method i ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and S ...)
	- pure-ftpd <not-affected> (SUSE-specific)
CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple IPv6 implementation
CVE-2011-XXXX [kfreebsd dos]
	- kfreebsd-8 8.2-1 (low; bug #613312; bug #611476)
	[squeeze] - kfreebsd-8 8.1+dfsg-8
	[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
	- kfreebsd-7 <removed>
	[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
CVE-2011-1133 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1134 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1135 (Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity pa ...)
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d a ...)
	{DSA-2185-1}
	- proftpd-dfsg 1.3.3d-4 (bug #616179)
	[lenny] - proftpd-dfsg <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
	NOTE: http://www.exploit-db.com/exploits/16129/
CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}]
	- smarty3 3.0.8-1 (unimportant)
	- smarty <removed> (unimportant)
	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
	NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7)
	NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems
CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAd ...)
	{DSA-2167-1}
	- phpmyadmin 4:3.3.9.2-1
CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...)
	- phpmyadmin 4:3.3.9.2-1 (unimportant)
	NOTE: Path disclosure; paths in Debian are public info already
CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process term ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, whi ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (doesn't include v8 code)
	NOTE: http://trac.webkit.org/changeset/76264
	NOTE: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous blo ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code not yet present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows ...)
	- chromium-browser 9.0.597.98~r74359-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76990
CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event handli ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76708
CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Office Excel 2003
CVE-2011-0979 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0978 (Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0977 (Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 S ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0976 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in  ...)
	NOT-FOR-US: BMC PATROL
CVE-2011-0974
	RESERVED
CVE-2011-0973
	RESERVED
CVE-2011-0972
	RESERVED
CVE-2011-0971
	RESERVED
CVE-2011-0970
	RESERVED
CVE-2011-0969
	RESERVED
CVE-2011-0968
	RESERVED
CVE-2011-0967
	RESERVED
CVE-2011-0966 (Directory traversal vulnerability in cwhp/auditLog.do in the Homepage  ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0965
	RESERVED
CVE-2011-0964
	RESERVED
CVE-2011-0963 (The default configuration of the RADIUS authentication feature on the  ...)
	NOT-FOR-US: Cisco Network Access Control (NAC) Guest Server
CVE-2011-0962 (Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.n ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0961 (Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in t ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0960 (Multiple SQL injection vulnerabilities in Cisco Unified Operations Man ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0959 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified O ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0958
	RESERVED
CVE-2011-0957
	RESERVED
CVE-2011-0956
	RESERVED
CVE-2011-0955
	RESERVED
CVE-2011-0954
	RESERVED
CVE-2011-0953
	RESERVED
CVE-2011-0952
	RESERVED
CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control Syst ...)
	NOT-FOR-US: Cisco ACS
CVE-2011-0950
	RESERVED
CVE-2011-0949 (Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does no ...)
	NOT-FOR-US: Cisco
CVE-2011-0948
	RESERVED
CVE-2011-0947
	RESERVED
CVE-2011-0946 (The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0945 (Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0944 (Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause  ...)
	NOT-FOR-US: Cisco
CVE-2011-0942
	RESERVED
CVE-2011-0941 (Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before  ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-0940
	RESERVED
CVE-2011-0939 (Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS X ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0938
	RESERVED
CVE-2011-0937
	RESERVED
CVE-2011-0936
	RESERVED
CVE-2011-0935 (The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent perm ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0934
	RESERVED
CVE-2011-0933
	RESERVED
CVE-2011-0932
	RESERVED
CVE-2011-0931
	RESERVED
CVE-2011-0930
	RESERVED
CVE-2011-0929
	RESERVED
CVE-2011-0928
	RESERVED
CVE-2011-0927
	RESERVED
CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Deskt ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisc ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0924 (The client in HP Data Protector does not verify the contents of files  ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0923 (The client in HP Data Protector does not properly validate EXEC_CMD ar ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0922 (The client in HP Data Protector allows remote attackers to execute arb ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data Protector ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain unsupported con ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP ser ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service in IBM ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attacke ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus Domino al ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP implementation in  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation  ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0912 (Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...)
	NOT-FOR-US: zikula
CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it e ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0. ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows r ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0907
	RESERVED
CVE-2011-0906
	RESERVED
CVE-2011-0905 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0904 (The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0903 (Multiple directory traversal vulnerabilities in AR Web Content Manager ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java Service in  ...)
	NOT-FOR-US: SunOS
CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote functio ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function (src/sup ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging  ...)
	NOT-FOR-US: AES module for Drupal
CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i  ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 all ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on  ...)
	NOT-FOR-US: HP-UX
CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms allo ...)
	NOT-FOR-US: HP Operations
CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX ...)
	NOT-FOR-US: HP Operations
CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8. ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2011-0890 (HP Discovery &amp; Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.6 ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...)
	NOT-FOR-US: HP Client Automation Enterprise
CVE-2011-0888
	RESERVED
CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast Business  ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web  ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0884 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0883 (Unspecified vulnerability in the Oracle Containers for J2EE component  ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0882 (Unspecified vulnerability in the Content Management component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0881 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0880 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0879 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0878
	REJECTED
CVE-2011-0877 (Unspecified vulnerability in the Instance Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console component  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0875 (Unspecified vulnerability in the EMCTL component in Oracle Database Se ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0874
	REJECTED
CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: OpenJDK on Microsoft Windows
CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0870 (Unspecified vulnerability in the Schema Management component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment ( ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0861 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0860 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Upd ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0859 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0858 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0857 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0856 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA thro ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0855 (Unspecified vulnerability in the InForm component in Oracle Industry A ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-0854 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0853 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Bun ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0852 (Unspecified vulnerability in the Security Management component in Orac ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0851 (Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bund ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0850 (Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 Bund ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0849 (Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 al ...)
	NOT-FOR-US: Oracle Java Dynamic Management Kit
CVE-2011-0848 (Unspecified vulnerability in the Security Framework component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0847 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0846 (Unspecified vulnerability in the Oracle Sun Java System Access Manager ...)
	NOT-FOR-US: Oracle Sun Java System Access Manager Policy Agent
CVE-2011-0845 (Unspecified vulnerability in the Database Control component in Oracle  ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2011-0844 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java Syste ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0843 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0842
	REJECTED
CVE-2011-0841 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0840 (Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools  ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise PeopleTools
CVE-2011-0839 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0838 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0837 (Unspecified vulnerability in the Agile Technology Platform component i ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-0836 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0835 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0834 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0833 (Unspecified vulnerability in the Siebel CRM Core component in Oracle S ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0832 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0831 (Unspecified vulnerability in the Enterprise Config Management componen ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0830 (Unspecified vulnerability in the Event Management component in Oracle  ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0829 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0828 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0827 (Unspecified vulnerability in the PeopleSoft Enterprise component in Or ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0826 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle # ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0825 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0824 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0823 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0822 (Unspecified vulnerability in the Streams, AQ &amp; Replication Mgmt co ...)
	NOT-FOR-US: Oracle Database Serve
CVE-2011-0821 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0820 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows  ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0819 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0818 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0816 (Unspecified vulnerability in the CMDB Metadata &amp; Instance APIs com ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0813 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0812 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0811 (Unspecified vulnerability in the Enterprise Config Management componen ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0810 (Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0809 (Unspecified vulnerability in the Web ADI component in Oracle E-Busines ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0808 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0807 (Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2. ...)
	NOT-FOR-US: Oracle Sun GlassFish Enterprise Server
CVE-2011-0806 (Unspecified vulnerability in the Network Foundation component in Oracl ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0805 (Unspecified vulnerability in the UIX component in Oracle Database Serv ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0804 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0803 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0801 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows l ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0800 (Unspecified vulnerability in the Solaris component in Oracle Solaris 8 ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0799 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0798 (Unspecified vulnerability in the Portal component in Oracle Fusion Mid ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0797 (Unspecified vulnerability in the Applications Install component in Ora ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0796 (Unspecified vulnerability in the Applications Install component in Ora ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0795 (Unspecified vulnerability in the Single Sign On component in Oracle Fu ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0794 (Unspecified vulnerability in the Oracle Outside In Technology componen ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0793 (Unspecified vulnerability in the Database Vault component in Oracle Da ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0792 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0791 (Unspecified vulnerability in the Application Object Library component  ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0790 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local user ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0789 (Unspecified vulnerability in the Oracle HTTP Server component in Oracl ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0787 (Unspecified vulnerability in the Application Service Level Management  ...)
	NOT-FOR-US: Oracle
CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0785 (Unspecified vulnerability in the Oracle Help component in Oracle Datab ...)
	NOT-FOR-US: Oracle
CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote attack ...)
	- chromium-browser 9.0.597.84~r72991-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows us ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2011-0781 (Google Chrome before 9.0.597.84 does not properly handle autofill prof ...)
	- chromium-browser 9.0.597.84~r72991-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-0780 (The PDF event handler in Google Chrome before 9.0.597.84 does not prop ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (chromium specific)
CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a missing key ...)
	{DSA-2192-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and dr ...)
	{DSA-2188-1 DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71925
CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/72230
CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on Mac O ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2011-XXXX [evince segfault]
	- evince 2.30.3-1
	[lenny] - evince <unfixed> (bug #612668)
CVE-2011-XXXX [php-gettext XSS]
	- php-gettext <unfixed> (unimportant)
	NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html
	NOTE: Vulnerable code only in examples/
CVE-2011-1136 (In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user  ...)
	- tesseract 2.04-2.1 (low; bug #612032)
	[squeeze] - tesseract 2.04-2+squeeze1
	[lenny] - tesseract 2.03-2+lenny1 (bug #612032)
CVE-2011-XXXX [aptitude tempfile]
	- aptitude 0.6.3-4 (low; bug #612034)
	[squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034)
	[lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034)
CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attacker ...)
	NOT-FOR-US: PivotX
CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive inform ...)
	NOT-FOR-US: PivotX
CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in pivotx/modules/module_imag ...)
	NOT-FOR-US: PivotX
CVE-2011-0772 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, a ...)
	NOT-FOR-US: PivotX
CVE-2011-0771 (The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not v ...)
	NOT-FOR-US: Janrain Engage Drupal module
CVE-2011-0770 (Cross-site scripting (XSS) vulnerability in Windows Event Log SmartCon ...)
	NOT-FOR-US: Windows Event Log SmartConnector
CVE-2011-0769
	RESERVED
CVE-2011-0768
	RESERVED
CVE-2011-0767 (Cross-site scripting (XSS) vulnerability in the management GUI in the  ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-0766 (The random number generator in the Crypto application before 2.0.2.2,  ...)
	- erlang 1:14.b.3-dfsg-1 (low; bug #628456)
	[squeeze] - erlang 1:14.a-dfsg-3squeeze1
	NOTE: http://www.kb.cert.org/vuls/id/178990
	NOTE: https://github.com/erlang/otp/commit/f228601de45c5
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
	NOT-FOR-US: pWhois Layer Four Traceroute
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...)
	{DSA-2388-1}
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
	- t1lib 5.1.2-3.3
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: http://www.toucan-system.com/advisories/tssa-2011-01.txt
CVE-2011-0763
	RESERVED
CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
	{DSA-2305-1}
	- vsftpd 2.3.4-1 (bug #622741)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of se ...)
	- perl 5.12.0-1 (unimportant; bug #628817)
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...)
	NOT-FOR-US: WP Related Posts plugin for WordPress
CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the conf ...)
	NOT-FOR-US: Recaptcha plugin for WordPress
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8. ...)
	NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0756 (The application server in Trustwave WebDefend Enterprise before 5.0 us ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might mak ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ex ...)
	- php5 <not-affected> (Only affects PHP on Windows)
CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a user ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the  ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) b ...)
	NOT-FOR-US: Nostromo webserver
CVE-2011-0750
	RESERVED
CVE-2011-0749
	RESERVED
CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList  ...)
	- phplist <itp> (bug #612288)
CVE-2011-0747
	RESERVED
CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in Forms/PortForwardin ...)
	NOT-FOR-US: ZyXEL O2 DSL Router
CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct requ ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-0744
	RESERVED
CVE-2011-0743
	RESERVED
CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management ...)
	NOT-FOR-US: Novell ZENworks Handheld Management
CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution  ...)
	NOT-FOR-US: ModX
CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slas ...)
	- magpierss 0.72-10 (low; bug #611940)
	[squeeze] - magpierss 0.72-8+squeeze1
	[lenny] - magpierss 0.72-5+lenny1
CVE-2011-0739 (The deliver function in the sendmail delivery agent (lib/mail/network/ ...)
	NOT-FOR-US: Ruby mail gem
CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through 5.0.2 ...)
	NOT-FOR-US: MyProxy
CVE-2011-0737 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote a ...)
	NOT-FOR-US: Adobe Coldfusion
CVE-2011-0736 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web app ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before 9. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal ( ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component in IB ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0730 (Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in Ubu ...)
	- eucalyptus <not-affected> (It was once removed from archive, then re-added as 3.1.0)
CVE-2011-0729 (dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py in Lo ...)
	- loggerhead 1.18.1-1 (low)
	[squeeze] - loggerhead <no-dsa> (Minor issue)
CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to ch ...)
	{DSA-2205-1}
	- gdm3 2.30.5-9
	- gdm <not-affected> (Affected code was introduced in 2.28)
CVE-2011-0726 (The do_task_stat function in fs/proc/array.c in the Linux kernel befor ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 2.6.26-26lenny3
	[squeeze] - linux-2.6 2.6.32-32
CVE-2011-0725 (Absolute path traversal vulnerability in the org.debian.apt.UpdateCach ...)
	- aptdaemon 0.43+bzr707-1
	[squeeze] - aptdaemon <not-affected> (Introduced in 0.33)
CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctl ...)
	- italc <not-affected> (Only Edubuntu Live DVD affected)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864
	NOTE: http://web.archive.org/web/20140817234205/https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
CVE-2011-0723 (FFmpeg 0.5.x, as used in MPlayer and other products, allows remote att ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows rem ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in sh ...)
	{DSA-2164-1}
	- shadow 1:4.1.4.2+svn3283-3
	[lenny] - shadow <not-affected> (Vulnerable code not present)
CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga,  ...)
	- plone3 <removed>
CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 d ...)
	{DSA-2175-1}
	- samba 2:3.5.7~dfsg-1
CVE-2011-0718 (Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay a ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0717 (Session fixation vulnerability in Red Hat Network (RHN) Satellite Serv ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0716 (The br_multicast_add_group function in net/bridge/br_multicast.c in th ...)
	- linux-2.6 2.6.38-1 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in A ...)
	{DSA-2181-1}
	- subversion 1.6.16dfsg-1
CVE-2011-0714 (Use-after-free vulnerability in a certain Red Hat patch for the RPC se ...)
	- linux-2.6 <not-affected> (This issue only affects Red Hat Enterprise Linux 6)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144
	NOTE: http://seclists.org/oss-sec/2011/q1/438
CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 t ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB audio fu ...)
	{DSA-2310-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the Linux k ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux k ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms p ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py  ...)
	{DSA-2170-1}
	- mailman 1:2.1.14-1
	NOTE: patch http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
	NOTE: present in 2.1.14 and earlier
	NOTE: http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html
CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in Open ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.7-1
CVE-2011-0705
	REJECTED
CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote a ...)
	NOT-FOR-US: 389 Directory Server
CVE-2011-0703 (In gksu-polkit before 0.0.3, the source file for xauth may contain arb ...)
	- gksu-polkit <removed> (bug #684489)
	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
	- feh 1.12-1 (low; bug #612035)
	[squeeze] - feh <no-dsa> (Minor issue)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress before 3. ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...)
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 <not-affected> (code introduced in .37)
	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
	[lenny] - linux-2.6 <not-affected> (code introduced in .37)
CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2 ...)
	- python-django <not-affected> (Windows-specific)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4  ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly val ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand drive ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 1 ...)
	NOT-FOR-US: RealPlayer
CVE-2011-0693
	RESERVED
CVE-2011-0692
	RESERVED
CVE-2011-0691
	RESERVED
CVE-2011-0690
	RESERVED
CVE-2011-0689
	RESERVED
CVE-2011-0688 (Intel Alert Management System (aka AMS or AMS2), as used in Symantec A ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2011-0687 (Opera before 11.01 does not properly implement Wireless Application Pr ...)
	NOT-FOR-US: Opera
CVE-2011-0686 (Unspecified vulnerability in Opera before 11.01 allows remote attacker ...)
	NOT-FOR-US: Opera
CVE-2011-0685 (The Delete Private Data feature in Opera before 11.01 does not properl ...)
	NOT-FOR-US: Opera
CVE-2011-0684 (Opera before 11.01 does not properly handle redirections and unspecifi ...)
	NOT-FOR-US: Opera
CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera: URLs,  ...)
	NOT-FOR-US: Opera
CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01 allows rem ...)
	NOT-FOR-US: Opera
CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML implementation in  ...)
	NOT-FOR-US: Opera
CVE-2011-0680 (data/WorkingMessage.java in the Mms application in Android before 2.2. ...)
	NOT-FOR-US: Mms for Android
CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in Lomte ...)
	NOT-FOR-US: Lomtec ActiveWeb Professional
CVE-2011-0677 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0676 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0675 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0674 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0673 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0672 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0669
	REJECTED
CVE-2011-0668
	RESERVED
CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0666 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5. ...)
	NOT-FOR-US: Microsoft JScript
CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Se ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 200 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0659
	REJECTED
CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in VBS ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Wind ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 20 ...)
	NOT-FOR-US: Microsoft
CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 fo ...)
	NOT-FOR-US: Microsoft
CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the Comm ...)
	NOT-FOR-US: Windows 2003
CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 all ...)
	NOT-FOR-US: Look 'n' Stop Firewall
CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs Iconfid ...)
	NOT-FOR-US: Iconfidant SSL Server (VxWorks OS)
CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone Security  ...)
	NOT-FOR-US: Greenbone Security Manager appliance
CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through ...)
	NOT-FOR-US: TIBCO Rendezvous
CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote  ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and ...)
	NOT-FOR-US: EMC
CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows rem ...)
	NOT-FOR-US: PHPLOWBIDS
CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remot ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0644 (SQL injection vulnerability in include/admin/model_field.class.php in  ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in admin/conf_users_ed ...)
	NOT-FOR-US: PHP Link Directory
CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in news/admin.php in N ...)
	NOT-FOR-US: N-13 News
CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin. ...)
	NOT-FOR-US: StatPressCN Wordpress Plugin
CVE-2011-0640 (The default configuration of udev on Linux does not warn the user befo ...)
	NOTE: Not much that could sensibly be fixed here
CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling additio ...)
	NOT-FOR-US: Mac OS X
CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling addi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a time ...)
	NOT-FOR-US: AIX
CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA C ...)
	NOT-FOR-US: NVIDIA CUDA Toolkit
CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier a ...)
	NOT-FOR-US: Simploo
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
	NOTE: Not packaged in Debian, separate package Shibboleth IdP
	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1 ...)
	{DSA-2196-1}
	- maradns 1.4.03-1.1 (bug #610834)
CVE-2011-0634
	REJECTED
CVE-2011-0633 (The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW ...)
	- libwww-perl 6.01-1 (low; bug #669126)
	[squeeze] - libwww-perl <no-dsa> (Minor issue)
CVE-2011-0632
	RESERVED
CVE-2011-0631
	RESERVED
CVE-2011-0630
	RESERVED
CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion 8. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0628 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0626 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0625 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0624 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0623 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0622 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0621 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0620 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0619 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0618 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows,  ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0617
	REJECTED
CVE-2011-0616
	REJECTED
CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow re ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0614 (Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote atta ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0613 (Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and  ...)
	NOT-FOR-US: RoboHelp
CVE-2011-0612 (Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, all ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-0611 (Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player / Acrobat Reader
CVE-2011-0610 (The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlie ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0601
	REJECTED
CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x  ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0597
	REJECTED
CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10. ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 a ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 throu ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe ColdFu ...)
	NOT-FOR-US: ColdFusion
CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 throug ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0579 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 all ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0576
	REJECTED
CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before 10.2. ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0573 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0572 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0567 (AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x befor ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0 ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x b ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0559 (Adobe Flash Player before 10.2.152.26 allows attackers to execute arbi ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows attac ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows re ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 al ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0554 (The management console in Symantec IM Manager before 8.4.18 allows rem ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0553 (SQL injection vulnerability in the management console in Symantec IM M ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0552 (Multiple cross-site scripting (XSS) vulnerabilities in the management  ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0551 (Cross-site request forgery (CSRF) vulnerability in the Web Interface i ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0550 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Interfa ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in Sym ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Aut ...)
	NOT-FOR-US: Lotus Freelance Graphics
CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Admi ...)
	NOT-FOR-US: Veritas
CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not vali ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in Syman ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-0544 (phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag. ...)
	- phpbb3 3.0.7-PL1-5 (low; bug #612477)
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier,  ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / bef ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot  ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0540
	REJECTED
CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7,  ...)
	- openssh 1:5.8p1-2
	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees a ...)
	{DSA-2201-1}
	- wireshark 1.4.3-3 (low; bug #613202)
CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) languages/Language ...)
	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in c ...)
	- eglibc 2.11.2-8 (bug #600667)
	- glibc <not-affected> (Lenny version not affected)
CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...)
	NOT-FOR-US: zikula
CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not en ...)
	{DSA-2160-1}
	- tomcat5.5 <not-affected> (Vulnerable code not present)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 throu ...)
	NOT-FOR-US: Apache Continuum
CVE-2011-0532 (The (1) backup and restore scripts, (2) main initialization script, an ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media play ...)
	{DSA-2159-1}
	- vlc 1.1.7-1 (medium)
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the server ...)
	{DSA-2183-1}
	- nbd 1:2.9.16-8 (bug #611187)
	[etch] - nbd <not-affected> (reintroduced in 2.9.0)
CVE-2011-0529 (Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to m ...)
	- weborf 0.12.5-1
CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node r ...)
	- puppet 2.6.2-3
	[lenny] - puppet <not-affected> (Only affects 2.6.x)
CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0 ...)
	NOT-FOR-US: VMware vFabric tc Server
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forum ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0525 (Batavi before 1.0 has CSRF. ...)
	NOT-FOR-US: Batavi
CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read while  ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in th ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gal ...)
	NOT-FOR-US: Gallarific
CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS F ...)
	NOT-FOR-US: LotusCMS
CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and e ...)
	NOT-FOR-US: Winlog Pro
CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site  ...)
	NOT-FOR-US: BetMore Site Suite
CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2  ...)
	NOT-FOR-US: Kingsoft AntiVirus
CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows rem ...)
	NOT-FOR-US: HP Data Protector Manager
CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows lo ...)
	NOT-FOR-US: SecurStar DriveCrypt
CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2011-0511 (SQL injection vulnerability in the allCineVid component (com_allcinevi ...)
	NOT-FOR-US: Joomla! component
CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing Sy ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...)
	NOT-FOR-US: Vaadin
CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in system/modules/comments/Co ...)
	NOT-FOR-US: Contao CMS
CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 (3.1.7.1 ...)
	NOT-FOR-US: Blackmoon FTP
	NOTE: Windows-only
CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax De ...)
	NOT-FOR-US: AxDCMS
CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1,  ...)
	NOT-FOR-US: Zwii
CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1 ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1 ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player 200 ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and Vid ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versio ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, a ...)
	NOT-FOR-US: Nokia Multimedia Player
CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ES ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ES ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in main/uti ...)
	{DSA-2171-1}
	- asterisk 1:1.6.2.9-2+squeeze1 (bug #610487)
CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Mana ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require authentica ...)
	NOT-FOR-US: Objectivity/DB
CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)
	NOT-FOR-US: NTWebServer
CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows man-in ...)
	NOT-FOR-US: ICQ
CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
	NOT-FOR-US: IBM Cognos
CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remo ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote at ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2 ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to L ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-XXXX [multiple spip issues]
	- spip 2.1.1-3 (bug #609212; bug #610016)
CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75082
	NOTE: http://trac.webkit.org/changeset/75084
CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/74787
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-5
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/74779
CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS befo ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFm ...)
	{DSA-2306-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (webm not supported yet)
	- ffmpeg-debian <not-affected> (webm not supported yet)
	- libav 4:0.6.1-1 (bug #610550)
CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74636
CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (chromium specific)
CVE-2011-0476 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 allo ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0475 (Use-after-free vulnerability in Google Chrome before 8.0.552.237 and C ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74574
CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73927
	NOTE: http://trac.webkit.org/changeset/73937
CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237  ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73559
	NOTE: http://trac.webkit.org/changeset/73620
CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do n ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0469 (Code injection in openSUSE when running some source services used in t ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=679325
	NOTE: Main fix: https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a
	NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...)
	NOT-FOR-US: SUSE Studio Onsite
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
	{DSA-2213-1}
	- x11-xserver-utils 7.6+2 (low; bug #621423)
	NOTE: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
	NOTE: low as this is not enabled in a standard setup
CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...)
	NOT-FOR-US: Novell Vibe OnPrem
CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Or ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page  ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 i ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0460 (The init script in kbd, possibly 1.14.1 and earlier, allows local user ...)
	- kbd <not-affected> (SUSE-specific)
CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault W ...)
	NOT-FOR-US: Cyber-Ark
CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in G ...)
	NOT-FOR-US: Google Picasa
CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier al ...)
	NOT-FOR-US: e107
CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier al ...)
	- otrs2 2.4.5-1
CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 an ...)
	NOT-FOR-US: Things BBS
CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
	NOT-FOR-US: PPP Access Concentrator
CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not requir ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper
CVE-2011-0452 (Untrusted search path vulnerability in the script function in Lunascap ...)
	NOT-FOR-US: Lunascape
CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) data/Smarty ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not proper ...)
	NOT-FOR-US: Opera
CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3. ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to hel ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter  ...)
	NOT-FOR-US: VMware
CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
	- wireshark <not-affected> (Only affects Wireshark 1.4, fixed in experimental)
CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-l ...)
	- wireshark 1.2.11-6
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2,  ...)
	NOT-FOR-US: tinyBB
CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to t ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0441 (The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows lo ...)
	{DSA-2195-1}
	- php5 5.3.6-1 (bug #618489)
	NOTE: Debian-specific
CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7  ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0438 (nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success co ...)
	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation i ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain Te ...)
	{DSA-2179-1}
	- dtc 0.32.10-1 (bug #614302)
CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require authen ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ( ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in afmparse.c in  ...)
	{DSA-2388-1}
	- evince 2.32.0-1 (bug #614668)
	[squeeze] - evince 2.30.3-2+squeeze1
	- vftool 2.0alpha-4.1 (low; bug #614669)
	[squeeze] - vftool 2.0alpha-4+squeeze1
	[lenny] - vftool 2.0alpha-3+lenny1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=643882
CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in t ...)
	{DSA-2177-1}
	- pywebdav 0.9.4-3
CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel  ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4.14,  ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0429
	RESERVED
CVE-2011-0428 (Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow re ...)
	- ikiwiki 3.20110122
	[squeeze] - ikiwiki 3.20100815.5
	[lenny] - ikiwiki <not-affected> (Vulnerable code not present)
	NOTE: https://ikiwiki.info/security/#index38h2
CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0 ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0425
	RESERVED
CVE-2011-0424
	RESERVED
CVE-2011-0423 (The PolyVision RoomWizard with firmware 3.2.3 has a default password o ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2011-0422
	RESERVED
CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip extensio ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
	- libzip 0.10-1 (low)
	[squeeze] - libzip <no-dsa> (Minor issue)
	NOTE: http://hg.nih.at/libzip/?fd=13654bfdc88c;file=lib/zip_name_locate.c
CVE-2011-0420 (The grapheme_extract function in the Internationalization extension (I ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension added in 5.3)
	NOTE: Only triggerable through malicious script
	NOTE: http://svn.php.net/viewvc?view=revision&revision=306449
CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in apr_f ...)
	{DSA-2237-2}
	- apr 1.4.4-1 (low)
CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in Net ...)
	- pure-ftpd 1.0.32-1 (unimportant)
	NOTE: The attack could not be reproduced on Linux. The upstream change from 1.0.32
	NOTE: only disables GLOB_BRACE, possibly to protect installations with a vulnerable libc
CVE-2011-0417
	RESERVED
CVE-2011-0416
	RESERVED
CVE-2011-0415
	RESERVED
CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ...)
	{DSA-2208-1}
	- bind9 1:9.7.3.dfsg-1 (bug #601830)
	[lenny] - bind9 <not-affected> (Introduced in 9.7.1)
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...)
	{DSA-2184-1}
	- isc-dhcp 4.1.1-P1-16 (bug #611217)
	- dhcp3 <not-affected> (vuln code introduced in 4.0)
	- dhcp <not-affected> (vuln code introduced in 4.0)
	NOTE: maintainer is aware
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413
CVE-2011-0412 (Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unenc ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x befo ...)
	{DSA-2233-1}
	- postfix 2.8.0-1 (bug #617849)
	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
	NOTE: http://www.postfix.org/CVE-2011-0411.html
	NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for networ ...)
	NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
	RESERVED
CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cau ...)
	- libpng <not-affected> (vulnerable code introduced in 1.5.0, not packaged)
CVE-2011-0407 (SQL injection vulnerability in the store function in _phenotype/system ...)
	NOT-FOR-US: Phenotype CMS
CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6. ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView 4.2.3 an ...)
	- phpgedview <removed>
CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.0 ...)
	NOT-FOR-US: NetSupport Manager Agent for Linux
CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, ...)
	NOT-FOR-US: ImgBurn
CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted rem ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored un ...)
	- piwik <itp> (bug #506933)
CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the se ...)
	- piwik <itp> (bug #506933)
CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form insi ...)
	- piwik <itp> (bug #506933)
CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...)
	- piwik <itp> (bug #506933)
CVE-2011-0397
	RESERVED
CVE-2011-0396 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0395 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0394 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0393 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...)
	NOT-FOR-US: Cisco
CVE-2011-0392 (Cisco TelePresence Recording Server devices with software 1.6.x do not ...)
	NOT-FOR-US: Cisco
CVE-2011-0391 (Cisco TelePresence Recording Server devices with software 1.6.x allow  ...)
	NOT-FOR-US: Cisco
CVE-2011-0390 (The XML-RPC implementation on Cisco TelePresence Multipoint Switch (CT ...)
	NOT-FOR-US: Cisco
CVE-2011-0389 (Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0. ...)
	NOT-FOR-US: Cisco
CVE-2011-0388 (Cisco TelePresence Recording Server devices with software 1.6.x and Ci ...)
	NOT-FOR-US: Cisco
CVE-2011-0387 (The administrative web interface on Cisco TelePresence Multipoint Swit ...)
	NOT-FOR-US: Cisco
CVE-2011-0386 (The XML-RPC implementation on Cisco TelePresence Recording Server devi ...)
	NOT-FOR-US: Cisco
CVE-2011-0385 (The administrative web interface on Cisco TelePresence Recording Serve ...)
	NOT-FOR-US: Cisco
CVE-2011-0384 (The Java Servlet framework on Cisco TelePresence Multipoint Switch (CT ...)
	NOT-FOR-US: Cisco
CVE-2011-0383 (The Java Servlet framework on Cisco TelePresence Recording Server devi ...)
	NOT-FOR-US: Cisco
CVE-2011-0382 (The CGI subsystem on Cisco TelePresence Recording Server devices with  ...)
	NOT-FOR-US: Cisco
CVE-2011-0381 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0380 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0379 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 serie ...)
	NOT-FOR-US: Cisco
CVE-2011-0378 (The XML-RPC implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0377 (Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x  ...)
	NOT-FOR-US: Cisco
CVE-2011-0376 (The TFTP implementation on Cisco TelePresence endpoint devices with so ...)
	NOT-FOR-US: Cisco
CVE-2011-0375 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0374 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0373 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0372 (The CGI implementation on Cisco TelePresence endpoint devices with sof ...)
	NOT-FOR-US: Cisco
CVE-2011-0371
	RESERVED
CVE-2011-0370
	RESERVED
CVE-2011-0369
	RESERVED
CVE-2011-0368
	RESERVED
CVE-2011-0367
	RESERVED
CVE-2011-0366
	RESERVED
CVE-2011-0365
	RESERVED
CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2 ...)
	NOT-FOR-US: Cisco Security Agent Management
CVE-2011-0363
	RESERVED
CVE-2011-0362
	RESERVED
CVE-2011-0361
	RESERVED
CVE-2011-0360
	RESERVED
CVE-2011-0359
	RESERVED
CVE-2011-0358
	RESERVED
CVE-2011-0357
	RESERVED
CVE-2011-0356
	RESERVED
CVE-2011-0355 (Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through  ...)
	NOT-FOR-US: Cisco
CVE-2011-0354 (The default configuration of Cisco Tandberg C Series Endpoints, and Ta ...)
	NOT-FOR-US: Cisco
CVE-2011-0353
	RESERVED
CVE-2011-0352 (Buffer overflow in the web-based management interface on the Cisco Lin ...)
	NOT-FOR-US: Linksys router
CVE-2011-0351
	RESERVED
CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 o ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to t ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in MSHTM ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0345 (Directory traversal vulnerability in the NMS server in Alcatel-Lucent  ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in t ...)
	NOT-FOR-US: Unified Maintenance Tool
CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in  ...)
	NOT-FOR-US: InduSoft ISSymbol ActiveX
CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in apps/moz ...)
	NOT-FOR-US: MuPDF plug-in for Firefox
CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol. ...)
	NOT-FOR-US: ISSymbol.ocx
CVE-2011-0339
	RESERVED
CVE-2011-0338
	RESERVED
CVE-2011-0337
	RESERVED
CVE-2011-0336
	RESERVED
CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (G ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf func ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom b ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the Honeywell ...)
	NOT-FOR-US: Honeywell ScanServer
CVE-2011-0330 (The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx  ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0329 (Directory traversal vulnerability in the GetData method in the Dell De ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0328
	RESERVED
CVE-2011-0327
	RESERVED
CVE-2011-0326
	RESERVED
CVE-2011-0325
	RESERVED
CVE-2011-0324 (Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro Acti ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other ver ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0. ...)
	NOT-FOR-US: EMC RSA Access Manager Server
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attacker ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0316 (The Administrative Console component in IBM WebSphere Application Serv ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web C ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0314 (Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0313
	RESERVED
CVE-2011-0312
	RESERVED
CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IB ...)
	NOT-FOR-US: IBM Java
CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0309
	RESERVED
CVE-2011-0308
	RESERVED
CVE-2011-0307
	RESERVED
CVE-2011-0306
	RESERVED
CVE-2011-0305
	RESERVED
CVE-2011-0304
	RESERVED
CVE-2011-0303
	RESERVED
CVE-2011-0302
	RESERVED
CVE-2011-0301
	RESERVED
CVE-2011-0300
	RESERVED
CVE-2011-0299
	RESERVED
CVE-2011-0298
	RESERVED
CVE-2011-0297
	RESERVED
CVE-2011-0296
	RESERVED
CVE-2011-0295
	RESERVED
CVE-2011-0294
	RESERVED
CVE-2011-0293
	RESERVED
CVE-2011-0292
	RESERVED
CVE-2011-0291 (The BlackBerry PlayBook service on the Research In Motion (RIM) BlackB ...)
	NOT-FOR-US: BlackBarry PlayBook
CVE-2011-0290 (The BlackBerry Collaboration Service in Research In Motion (RIM) Black ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2011-0289
	RESERVED
CVE-2011-0288
	RESERVED
CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in Rese ...)
	NOT-FOR-US: BlackBerry products
CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the Blac ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2011-XXXX
	- xdigger <removed> (bug #609096)
	[lenny] - xdigger 1.0.10-13+lenny1
	NOTE: CVE ID requested
CVE-2011-XXXX [Crash with long HOME environment variable]
	- toppler 1.1.4-2 (unimportant; bug #608979)
	NOTE: Negligible privilege escalation
CVE-2011-XXXX [Crash with long HOME environment variable]
	- lbreakout2 <unfixed> (unimportant; bug #608980)
	NOTE: sgid games is dropped before buffer overflow
CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
	- libggi <removed> (bug #608981)
	[squeeze] - libggi <no-dsa> (Minor issue)
CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeB ...)
	- syslog-ng 3.1.3-2 (bug #608491)
	[lenny] - syslog-ng <not-affected> (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway)
CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing  ...)
	- krb5 1.9.1+dfsg-1 (bug #622681)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (see below)
	NOTE: 1.6 is not affected: While the error case in the process_chpw_request()
	NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error
	NOTE: path in its caller will not free() that pointer (the invalid pointer
	NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later.
	NOTE: Those later releases add support for password changing over TCP, and
	NOTE: the error path in the TCP handling code is what frees the
	NOTE: uninitialized pointer. (Clarification by Tom Yu)
CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in do_as_re ...)
	- krb5 1.8.3+dfsg-6 (low; bug #618517)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 all ...)
	- krb5 <not-affected> (Only affects 1.9.x)
	[squeeze] - krb5 <no-dsa> (minor issue)
	[lenny] - krb5 <no-dsa> (minor issue)
CVE-2011-0282 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x t ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2011-0281 (The unparse implementation in the Key Distribution Center (KDC) in MIT ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power Manage ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91. ...)
	NOT-FOR-US: HP Multifunction Peripheral
CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 an ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power Manager (H ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 c ...)
	NOT-FOR-US: HP OpenView Performance Insight Server
CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6 ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell  ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote attacker ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network N ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manage ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service  ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ovweb ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView N ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to execu ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote a ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in Apple  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows al ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers  ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote attack ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0243
	RESERVED
CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 all ...)
	NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0239
	RESERVED
CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0236
	RESERVED
CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services (A ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not pr ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x befor ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2 ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ...)
	{DSA-2294-1}
	- freetype 2.4.6-1 (bug #635871)
CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted multicast DNS p ...)
	NOT-FOR-US: Apple
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same O ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts tha ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote  ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly addr ...)
	NOT-FOR-US: ImageIO in Apple Safari
CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ha ...)
	NOT-FOR-US: CFNetwork in Apple Safari
CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows re ...)
	NOT-FOR-US: QuickTime in Apple Mac OS
CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to e ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartex ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8  ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server compo ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X bef ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows r ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry containi ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a de ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4. ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allow ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other vers ...)
	{DSA-2210-1}
	- tiff 3.9.4-7
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used  ...)
	{DSA-2210-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
	NOTE: This might've been fixed earlier even
CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not p ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before 10 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Rub ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (bug #628452)
	- ruby1.9 <removed> (bug #628451)
	- ruby1.9.1 1.9.2.290-1 (bug #628450)
CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to e ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0185 (Format string vulnerability in the debug-logging feature in Applicatio ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an un ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before 10 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows rem ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local u ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to ex ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 pro ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac O ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS  ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers t ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0171
	RESERVED
CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes  ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, d ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 allow ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properl ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
	NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement appli ...)
	NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ex ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS,  ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not prope ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the Cas ...)
	NOT-FOR-US: Apple
CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the htmlele ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes befo ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in- ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0110
	REJECTED
CVE-2011-0109
	REJECTED
CVE-2011-0108
	REJECTED
CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3, Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0106
	REJECTED
CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML F ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, a ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0102
	REJECTED
CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary  ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0100
	REJECTED
CVE-2011-0099
	REJECTED
CVE-2011-0098 (Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 S ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Window ...)
	NOT-FOR-US: Microsoft mhtml
CVE-2011-0095
	REJECTED
CVE-2011-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 al ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does  ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in Microsof ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not pr ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0085 (Use-after-free vulnerability in the nsXULCommandDispatcher function in ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox be ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem func ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox 4.0. ...)
	- xulrunner <removed> (unimportant)
	- iceweasel <removed> (unimportant; bug #627552)
	NOTE: Negligible impact
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozill ...)
	- xulrunner <not-affected> (Only affects MacOS X)
	- iceweasel <not-affected> (Only affects MacOS X)
CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5 ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
CVE-2011-0068
	RESERVED
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey b ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6. ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in P ...)
	{DSA-2178-1}
	- pango1.0 1.28.3-2~sid1
	[wheezy] - pango1.0 1.28.3-1+squeeze2
	[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 2011020 ...)
	NOT-FOR-US: Majordomo
CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird be ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0060
	REJECTED
CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox bef ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6. ...)
	- icedove <not-affected> (Windows-specific)
	- xulrunner <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in Mozi ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in js3250.dl ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5 ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla  ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0052
	RESERVED
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey b ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface (inter ...)
	{DSA-2158-1}
	- cgiirc 0.5.9-3.1 (bug #612671)
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in li ...)
	NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4 ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 al ...)
	- mediawiki 1:1.15.5-3 (low; bug #611787)
	[lenny] - mediawiki 1:1.12.0-2lenny8 (low; bug #611787)
	[squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787)
CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0044
	REJECTED
CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 suppo ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Window ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0041 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003 SP2 do ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Wi ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet Explorer 8 m ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0037 (Microsoft Malware Protection Engine before 1.1.6603.0, as used in Micr ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objec ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0034 (Stack-based buffer overflow in the OpenType Compact Font Format (aka O ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP  ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsof ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP S ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote  ...)
	NOT-FOR-US: Microsoft
CVE-2011-0028 (WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does n ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows D ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2011-0026 (Integer signedness error in the SQLConnectW function in an ODBC API (o ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified]
	- bip 0.8.7-1
	[squeeze] - bip 0.8.2-1squeeze3
	[lenny] - bip <not-affected> (Vulnerable code not present)
CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does  ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.5-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
	- wireshark 1.2-0-1
CVE-2011-0023
	RESERVED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...)
	- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1. ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not check ...)
	{DSA-2154-1}
	- exim4 4.72-4
CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properl ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...)
	{DSA-2162-1}
	- openssl 0.9.8o-5 (low)
	[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are affected)
CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manage ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly othe ...)
	- spice-xpi <removed>
	[jessie] - spice-xpi <end-of-life> (Broken with newer Firefox versions)
CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password i ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: Harmless implementation bug, see discussion in #611134
CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured ...)
	- sudo 1.7.4p4-6 (bug #609641)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	[squeeze] - sudo 1.7.4p4-2.squeeze.1
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc ...)
	{DSA-2150-1}
	- request-tracker3.8 3.8.8-7
CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fe ...)
	- sudo <not-affected> (Fedora-specific issue)
CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local us ...)
	{DSA-2147-1}
	- pimd 2.1.6-1 (unimportant; bug #609304)
	[squeeze] - pimd 2.1.1-1.1 (unimportant; bug #609304)
CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c  ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for  ...)
	NOT-FOR-US: Joomla!
CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before 1. ...)
	- piwik <itp> (bug #506933)
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is enable ...)
	{DTSA-207-1}
	- mediawiki 1:1.15.5-2
	[lenny] - mediawiki 1:1.12.0-2lenny7
CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
	- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function (usr/iscsi/ ...)
	{DSA-2209-1}
	- tgt 1:1.0.4-3
CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite arb ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (low; bug #546164)

© 2014-2024 Faster IT GmbH | imprint | privacy policy