Author: joeyh Date: 2011-04-15 21:15:15 +0000 (Fri, 15 Apr 2011) New Revision: 16531 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-04-14 21:15:25 UTC (rev 16530) +++ data/CVE/list 2011-04-15 21:15:15 UTC (rev 16531) @@ -1,3 +1,5 @@ +CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in ...) + TODO: check CVE-2011-1690 RESERVED CVE-2011-1689 @@ -358,12 +360,12 @@ RESERVED CVE-2011-1534 RESERVED -CVE-2011-1533 - RESERVED -CVE-2011-1532 - RESERVED -CVE-2011-1531 - RESERVED +CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and ...) + TODO: check +CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart ...) + TODO: check +CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP ...) + TODO: check CVE-2011-1530 RESERVED CVE-2011-1529 @@ -870,7 +872,7 @@ NOT-FOR-US: Internet Explorer CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...) NOT-FOR-US: Internet Explorer -CVE-2011-1344 (Unspecified vulnerability in WebKit, as used in Apple Safari 5.0.4 on ...) +CVE-2011-1344 (Unspecified vulnerability in WebKit, as used in Apple Safari before ...) - chromium-browser <undetermined> - webkit <undetermined> CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...) @@ -1189,7 +1191,7 @@ [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/79476 -CVE-2011-1202 (Unspecified vulnerability in the XSLT implementation in Google Chrome ...) +CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...) - libxslt 1.1.26-7 (bug #617413) NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html [squeeze] - libxslt <no-dsa> (minor issue) @@ -2141,8 +2143,8 @@ RESERVED CVE-2011-0936 RESERVED -CVE-2011-0935 - RESERVED +CVE-2011-0935 (The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent ...) + TODO: check CVE-2011-0934 RESERVED CVE-2011-0933 @@ -2219,12 +2221,12 @@ [squeeze] - tsclient <no-dsa> (Minor issue) CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging ...) NOT-FOR-US: AES module for Drupal -CVE-2011-0898 - RESERVED -CVE-2011-0897 - RESERVED -CVE-2011-0896 - RESERVED +CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) + TODO: check +CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 ...) + TODO: check +CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on ...) + TODO: check CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x ...) NOT-FOR-US: HP Network Node Manager CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms ...) @@ -3878,8 +3880,7 @@ [squeeze] - ftpcopy <no-dsa> (Minor issue) [lenny] - ftpcopy <no-dsa> (Minor issue) NOTE: CVE ID requested -CVE-2011-0285 [kadmind double free] - RESERVED +CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing ...) - krb5 <unfixed> (bug #622681) NOTE: advisory says only 1.7 and greater are affected, but it looks to me like the vulnerable code is in fact present in lenny''s 1.6 CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in ...)