create a historic document dir and move a bunch of outdated stuff there

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15917 e39458fd-73e7-0310-bf30-c45bca0a0e42

13 files changed, 510 insertions, 0 deletions

diff --git a/doc/historic/README b/doc/historic/README
new file mode 100644
index 0000000000..fab6bc2d1d
--- /dev/null
+++ b/doc/historic/README
@@ -0,0 +1,55 @@
+The checklist program can be run on a system with madison available to
+check vulnerability info from the list files against what packages are in
+testing. Also the updatelist is used by the Makefile to update the lists
+with new info from Mitre. So the various list files need a common, machine
+parsable format. That format is:
+
+begin claimed by foo
+
+[date] id description
+	{id id id}
+	UPCASE: text
+	- package [version] (note; note; note)
+
+end claimed by foo
+
+
+Without writing a format grammar, because this is really rather ad-hoc and
+probably will be replaced with something better:
+
+[date]
+	The date of the advisory in the form dd Mmm YYYY (01 Nov 2004).
+	Optional, only given for DSAs at the moment.
+id
+	DSA-nnn-n, CVE-YYY-nnnn, etc
+description
+	Pretty much freeform description of the problem. Short and optional.
+	By convention, if it's taken from upstream data source
+	automatically, it will be in parens.  If you want to use a different
+	description, put it in square brackets instead.
+{id id id}
+	This is used to link to other ids that describe the same hole.
+	Generally used to link DSAs to CVEs and back.
+UPCASE
+	Any word in upper case, typically NOTE, HELP, TODO, RESERVED,
+	REJECTED, NOT-FOR-US.
+	May be repeated for each entry.
+- package [version] (note; notes; note)
+	Indicates that the problem is fixed in the given version of the
+	package. May repeat for other packages. If the problem is unfixed,
+	use "<unfixed>" as the version. If the problem doesn't affect Debian,
+	use "<not-affected>" as the version. If the problem only affects
+	shipped releases, for which the stable security team provides
+	security support and the affected package has meanwhile been removed
+	from the archive use "<removed>" as the version.  If the problem
+	affects a particular release, prepend "[release]" before the
+	"- package" to reflect as much.
+
+	The notes can be freeform, but some are understood by the tools,
+	including "bug #nnnnn", "bug filed", and "high",
+        "medium", "low", "unimportant" and "unknown" urgencies.
+
+begin claimed by foo
+end claimed by foo
+	Marks a set of items that are being checked by someone.
+	Used to avoid duplicate work.
diff --git a/doc/historic/TODO b/doc/historic/TODO
new file mode 100644
index 0000000000..4809fcd950
--- /dev/null
+++ b/doc/historic/TODO
@@ -0,0 +1,50 @@
+* Set up for DTSAs
+
+  - Auto moderation of developer signed mails to -announce.
+
+  - sndadvisory should remove TODO lines from the list file since the
+    advisory is complete
+
+  - merge sndadvisory into dtsa script?
+
+  - web DTSA pages should be built on the fly using the metadata in DTSA/
+    so we don't have to update things in two places when making a change,
+    and so releasing a DTSA does not involve copying html files around
+
+  - The dtsa script should have support for updating the list file
+    when running it on an advisory that it's already been run on before.
+    This would facilitate issuing asvisories, which often takes a few runs
+    before the final one is sent. Alternatively, get rid of the DTSA/list
+    file (do we need it for anything really?)
+
+* Merge stuff into security.debian.org. Long term, but we need to keep in
+  mind that the current archive setup is just to get bootstrapped.
+
+* Web overview
+  - checklist setup for unstable needs to be fixed to ignore Hurd
+
+* Florian's overview should be moved to secure-testing.debian.net, but
+  Florian wants to resolve some issues before.
+
+* Write the script that digs through the security bugs
+
+* Write the script that handles the transfer between secure-testing and testing
+  wrt incomplete archs (aba)
+
+* Improve the developer's reference wrt security bugs (micah)
+
+* Document that finalized syntax
+
+* Review open security bugs and tag the wrt versioned bug tracking
+
+* Create a repo of security patches
+
+* Retroactive updating of the list for not-affected and others
+
+* Document all our stuff and work
+
+* Implement the HELP tag and add it to some outstanding issues
+
+* Link source package specific overview into the PTS
+
+
diff --git a/doc/announce b/doc/historic/announce
index e9168207de..e9168207de 100644
--- a/doc/announce
+++ b/doc/historic/announce
diff --git a/doc/announce.2 b/doc/historic/announce.2
index d1f1caee4c..d1f1caee4c 100644
--- a/doc/announce.2
+++ b/doc/historic/announce.2
diff --git a/doc/announce.3 b/doc/historic/announce.3
index 008d91911d..008d91911d 100644
--- a/doc/announce.3
+++ b/doc/historic/announce.3
diff --git a/doc/bits_2007_10_x b/doc/historic/bits_2007_10_x
index 1162bb73a9..1162bb73a9 100644
--- a/doc/bits_2007_10_x
+++ b/doc/historic/bits_2007_10_x
diff --git a/doc/bits_2008_06_x b/doc/historic/bits_2008_06_x
index 2193f00478..2193f00478 100644
--- a/doc/bits_2008_06_x
+++ b/doc/historic/bits_2008_06_x
diff --git a/doc/lenny_release b/doc/historic/lenny_release
index 554cd81dee..554cd81dee 100644
--- a/doc/lenny_release
+++ b/doc/historic/lenny_release
diff --git a/doc/historic/mopb.txt b/doc/historic/mopb.txt
new file mode 100644
index 0000000000..4b00d76e42
--- /dev/null
+++ b/doc/historic/mopb.txt
@@ -0,0 +1,237 @@
+Issues affecting PHP 4 and PHP 5:
+
+41  PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability
+#TODO(medium) -> for PHP5, php4 uses a seperate php4-sqlite package.
+[MOPB-41-php5.diff]
+
+34  PHP mail() Header Injection Through Subject and To Parameters
+#TODO(medium) -> needs to be fixed, CVE-2007-1718 (php4 & php5, header
+injection possible via some MTAs when set to process the headers for
+recipients), Sarge's php4 not affected
+[MOPB-34-php5.diff]
+
+30  PHP _SESSION unset() Vulnerability
+#TODO(low) -> hard to trigger remotely, CVE-2007-1700. (php4 & php5, code execution)
+[MOPB-30-php5.diff]
+
+26  PHP mb_parse_str() register_globals Activation Vulnerability
+#TODO(medium) -> functionally enables register_globals for any future requests, CVE-2007-1583 (php4 & php5, enables stealth register_globals for life of process)
+
+22  PHP session_regenerate_id() Double Free Vulnerability
+#TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1521 (php4 & php5, code execution)
+[MOPB-22-php5.diff]
+
+10  PHP php_binary Session Deserialization Information Leak  Vulnerability
+#TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380 (php4 & php5, heap leak)
+Check, to which extent this was covered by our backports of 5.2.1 patches
+[MOPB-10-php5.diff]
+
+
+
+Issues affecting PHP 4 only:
+
+35  PHP 4 zip_entry_read() Integer Overflow Vulnerability
+#TODO(medium) -> needs to be fixed, CVE-2007-1777 (php4, remote code execution)
+[MOPB-35-php4.diff]
+
+32  PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U) 
+TODO(medium) -> needs to be fixed in php/etch and php/sarge (remote code execution)
+[MOPB-32-php4.diff]
+
+04  PHP 4 unserialize() ZVAL Reference Counter Overflow
+TODO (php4 only, gain execute control)
+[MOPB-04-php4.diff]
+
+
+
+Issues affecting PHP 5 only:
+
+45  PHP ext/filter Email Validation Vulnerability
+TODO(low) -> possible email header injections when coupled with other problems (php5 5.2.0, 5.2.1)
+[MOPB-45-php5.diff]
+
+44  PHP 5.2.0 Memory Manager Signed Comparision Vulnerability
+#TODO(medium) -> remotely exploitable via SOAP interfaces, CVE-2007-1889 (php5 5.2.0 only)
+
+42  PHP 5 php_stream_filter_create() Off By One Vulnerablity
+#TODO(medium) -> needs to be fixed, CVE-2007-1824 (php5, remote code execution, though haven't reproduced it)
+[MOPB-42-php5.diff]
+
+23  PHP 5 Rejected Session Identifier Double Free Vulnerability
+#TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1522. (php5 5.2.0+, code execution)
+
+19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability
+#TODO(medium) -> for PHP5. CVE-2007-1453 (php5 5.2.0 only, code execution on big endian)
+
+18  PHP ext/filter HTML Tag Stripping Bypass Vulnerability
+#TODO(medium) -> for PHP5. CVE-2007-1453 (php5 5.2.0 only, can avoid filters)
+
+17  PHP ext/filter FDF Post Bypass Vulnerability
+#TODO(low) -> ...or possibly "broken as designed". CVE-2007-1452, (php5 5.2.0 only, can avoid filters)
+
+16  PHP zip:// URL Wrapper Buffer Overflow Vulnerability
+#TODO(medium) -> possible remote data can result in code execution in 5.2.0 which uses the zip handler, CVE-2007-1399. (php5 5.2.0 only, code execution)
+
+14  PHP substr_compare() Information Leak Vulnerability
+#TODO(low) -> corner-case where length+offset > INT_MAX, CVE-2007-1375 (php5, heap leak)
+[MOPB-14-php5.diff]
+
+
+
+
+
+Done or resolved:
+
+
+43  PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty
+#N/A -> Only triggerable by malicious script, CVE-2007-1890 (php4 & php5, local code execution, possibly FreeBSD only)
+
+40  PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825
+
+39  PHP str_replace() Memory Allocation Integer Overflow Vulnerability
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1885
+
+38  PHP printf() Family 64 Bit Casting Vulnerabilities
+#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884
+
+37  PHP iptcembed() Interruption Information Leak Vulnerability
+#N/A -> Only triggerable by malicious script, CVE-2007-1883 (php4 & php5, local code execution)
+
+36  PHP session.save_path open_basedir Bypass Vulnerability
+#N/A -> open_basedir bypasses not supported, CVE-2007-1461
+
+33  PHP mail() Message ASCIIZ Byte Truncation
+#N/A -> This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5)
+
+31  PHP _SESSION Deserialization Overwrite Vulnerability
+#N/A -> register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution)
+
+29  PHP 5.2.1 unserialize() Information Leak Vulnerability
+#N/A -> Only affects PHP 5.2.1, CVE-2007-1649 (heap leak via broken "S" unserializer, which should maybe be removed from 5.2.1, since it is only for future compatibility and is totally broken?)
+[MOPB-29-php5.diff]
+
+28  PHP hash_update_file() Already Freed Resource Access Vulnerability
+#N/A -> Only triggerable by malicious script, CVE-2007-1581 (php5, local malicious stream handler leads to code execution)
+
+27  PHP ext/gd Already Freed Resource Access Vulnerability
+#N/A -> Only triggerable by malicious script, CVE-2007-1582 (php4 & php5, local malicious error handler leads to code execution)
+
+25  PHP header() Space Trimming Buffer Underflow Vulnerability
+#Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584
+
+24  PHP array_user_key_compare() Double DTOR Vulnerability
+#N/A -> Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution)
+[MOPB-24-php5.diff]
+
+21  PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability
+#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1461
+
+20  PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability
+#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1460
+
+15  PHP shmop Functions Resource Verification Vulnerability
+#N/A -> Only triggerable by malicious script, could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage)
+[MOPB-15-php5.diff]
+
+13  PHP 4 Ovrimos Extension Multiple Vulnerabilities
+#N/A -> Ovrimos support not provided in any debian php packages, CVE-2007-1379, CVE-2007-1378
+
+12  mod_security POST Rules Bypass Vulnerability
+#N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?), CVE-2007-1359.
+
+11  PHP WDDX Session Deserialization Information Leak Vulnerability
+#Fixed in DSA-1264. CVE-2007-0908 (php4 & php5, controllable stack leak)
+
+09  PHP wddx_deserialize() String Append Buffer Overflow Vulnerability
+#N/A -> Only applies to a development version in CVS, not a shipped release, CVE-2007-1381.
+
+08  PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
+N/A -> phpinfo() is a debug function, not be exposed to applications (php4 4.4.3 through 4.4.6 only, phpinfo XSS)
+
+07  Zend Platform ini_modifier Local Root Vulnerability (B)
+N/A -> Only affects the Zend platform
+
+06  Zend Platform Insecure File Permission Local Root Vulnerability
+N/A -> Only affects the Zend platform
+
+05  PHP unserialize() 64 bit Array Creation Denial of Service  Vulnerability
+#Fixed in DSA-1264. CVE-2007-0988 (php4 & php5, limited-time 100% CPU DoS)
+
+03  PHP Variable Destructor Deep Recursion Stack Overflow
+#N/A -> Applications need to impose sanity checks for maximum recursion, CVE-2007-1285 (php4 & php5, crash only)
+
+02  PHP Executor Deep Recursion Stack Overflow
+#N/A -> Applications need to impose sanity checks for maximum recursion, CVE-2006-1549 (php4 & php5, crash only)
+
+01  PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability
+#N/A -> Only triggerable by malicious script, CVE-2007-1383 (php4 only, gain execute control)
+
+
+
+
+(Comments starting with # indicate that information has been fed to the tracker)
+(Comments starting with TOFIX indicate that a patch has been created or extracted)
+
+
+# php4 checklist
+
+   Sarge Etch
+41   a    a <- seperate source package php4-sqlite
+35   T    T
+34   /    t
+32   T    T 
+30   /    /
+26   a    a
+22   t    t 
+10   T    T <- seemed already fixed but this completes the patch
+04   T    T
+
+? = more info
+x = fix needed
+* = extracted
+a = patch generated and commited to SVN
+t = didn't seem affected, but patch makes sense
+T = code tested
+/ = not affected
+
+# PHP5 checklist....
+MOPB   Etch, Unstable  Dapper, Edgy, Feisty, Gutsy       PATCH
+10      p     p[3]      T       T     T       -            *
+14      X     T         T       T     T       -            *
+15      i     T         T       T     -       -            *
+16      p     p         -       -     -       -
+17      -     -         -       -     -       -
+18      X     T         -       -     -       -
+19      X     T         -       -     -       -
+22      X     T         T       T     T       -            *
+23      X     T[5]      X       X     X       -            ?
+24      i     i         T       T     T       X            *
+26      X     T         T       T     T       -            *
+29      -     -         -       -     T       -            *
+30      -     a[4]      T       T     -       -            *
+34      X     a         T       T     T       -            *
+41      X     T         T       T     T       -            ![1]
+42      X     a         T       T     -       -            *
+44      X     a         -       -     -       -
+45      X     T         -       -     T       -            ![2]
+
+* = patch extracted from upstream
+? = no upstream patch found
+! = patch created
+
+X = fixed desired
+a = patch applied
+p = previously fixed
+T = code tested
+- = fix n/a
+i = fix skipped
+
+[1] but the fix in php5 is not right, the call (not the SQLite API) needs
+    to be changed.  For references, here is the upstream "fix":
+    http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/libsqlite/src/encode.c?r1=1.5.4.1&r2=1.5.4.1.2.1&pathrev=PHP_5_2
+[2] this needs a CVE assigned
+[3] previously fixed, but the patch adds another check we should have too.
+[4] could not reproduce this problem
+[5] the first hunk of the patch for mopb 22 fixes this.
+
diff --git a/doc/historic/mops.txt b/doc/historic/mops.txt
new file mode 100644
index 0000000000..63dafa4c45
--- /dev/null
+++ b/doc/historic/mops.txt
@@ -0,0 +1,64 @@
+Month of PHP security May 2010 status file
+
+001: CVE-2007-1581; Only triggerable by malicious script
+002: External app not in Debian: Campsite
+003: CVE-2010-1866; Should be fixed for Squeeze, doesn't affect Lenny (5.3 only)
+004: External app not in Debian: ClanSphere
+005: External app not in Debian: ClanSphere
+006: CVE-2010-1864; Only triggerable by malicious script
+007: External app not in Debian: ClanTiger
+008: CVE-2010-1862; Only triggerable by malicious script
+009: CVE-2010-1861; Only triggerable by malicious script
+010: CVE-2010-1860; Only triggerable by malicious script
+011: External app not in Debian: DeluxeBB
+012: CVE-2010-1868; Only triggerable by malicious script
+013: CVE-2010-1868; Only triggerable by malicious script
+014: CVE-2010-1914; Only triggerable by malicious script
+015: CVE-2010-1914; Only triggerable by malicious script
+016: CVE-2010-1914; Only triggerable by malicious script
+017: CVE-2010-1915; Only triggerable by malicious script
+018: External app not in Debian: EFront
+019: CVE-2010-1916; Serendipity, doesn't affect Lenny (1.4 onwards), pinged Thijs
+020: CVE-2010-1916; External app; xinha, Just an ITP: #479708, there are embedders
+021: CVE-2010-1917; PHP fnmatch() Stack Exhaustion Vulnerability
+022: CVE-2010-2093; Only triggerable by malicious script
+023: no CVE yet; Cacti, pinged Sean Finney
+024: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+025: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+026: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+027: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+028: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR
+029: External app not in Debian: CMSQLITE
+030: External app not in Debian: CMSQLITE
+031: External app not in Debian: e107
+032: CVE-2010-2097; Only triggerable by malicious script
+033: CVE-2010-2097; Only triggerable by malicious script
+034: CVE-2010-2097; Only triggerable by malicious script
+035: External app not in Debian: e107
+036: CVE-2010-2100; Only triggerable by malicious script
+037: CVE-2010-2100; Only triggerable by malicious script
+038: CVE-2010-2100; Only triggerable by malicious script
+039: CVE-2010-2100; Only triggerable by malicious script
+040: CVE-2010-2100; Only triggerable by malicious script
+041: CVE-2010-2101; Only triggerable by malicious script
+042: CVE-2010-2101; Only triggerable by malicious script
+043: CVE-2010-2101; Only triggerable by malicious script
+044: CVE-2010-2101; Only triggerable by malicious script
+045: CVE-2010-2101; Only triggerable by malicious script
+046: CVE-2010-2101; Only triggerable by malicious script
+047: CVE-2010-2190; Only triggerable by malicious script
+048: CVE-2010-2190; Only triggerable by malicious script
+049: CVE-2010-2191; Only triggerable by malicious script
+050: CVE-2010-2191; Only triggerable by malicious script
+051: CVE-2010-2191; Only triggerable by malicious script
+052: CVE-2010-2191; Only triggerable by malicious script
+053: CVE-2010-2191; Only triggerable by malicious script
+054: CVE-2010-2191; Only triggerable by malicious script
+055: CVE-2010-2191; Only triggerable by malicious script
+056: CVE-2010-3062; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid
+057: CVE-2010-3062; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid
+058: CVE-2010-3063; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid
+059: CVE-2010-3064; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid
+060: CVE-2010-3065; Should be fixed in Lenny and unstable; low importance
+
+
diff --git a/doc/move_to_l.d.o b/doc/historic/move_to_l.d.o
index f62c7fdaf6..f62c7fdaf6 100644
--- a/doc/move_to_l.d.o
+++ b/doc/historic/move_to_l.d.o
diff --git a/doc/testing-security b/doc/historic/testing-security
index 845636e94d..845636e94d 100644
--- a/doc/testing-security
+++ b/doc/historic/testing-security
diff --git a/doc/historic/tmp.txt b/doc/historic/tmp.txt
new file mode 100644
index 0000000000..ab0f025ade
--- /dev/null
+++ b/doc/historic/tmp.txt
@@ -0,0 +1,104 @@
+- Make sure the issue is tracked in the tracker
+- Criteria for potential DSA: Typically used as root, typically used
+  on multiuser system, non-fringe, real world use case (i.e no debug,
+  no examples)
+- This is the initial batch reported by Dmitry, but there might have
+  been followups? We should check this, I haven't caught up with
+  mail backlog
+- While some issues might not warrant a DSA for Etch, we should be
+  a little more aggressive on maintainters not following up for
+  Lenny and rather go for removal in such cases
+- Since stable updates can be made by any DD we could also advertise
+  this on debian-devel to find a volunteer if the respective
+  maintainers are too busy
+- I think we only need CVE IDs for issues fixed in a DSA or through
+  a point update, oss-security should be better than a CNA pool since
+  there's a risk of collisions
+
+
+
+DSA: (Name in brackets if someone prepares a DSA)
+ Binary-package: qemu (0.9.1-5) (CVE-2008-4553) (white)
+
+
+SPU:
+ Binary-package: ibackup (2.27-4.1) (CVE-2008-4475)
+ Binary-package: sympa (5.3.4-5) (CVE-2008-4476)
+ Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) (CVE-2008-4474)
+ Binary-package: fwbuilder (2.1.19-3) (CVE requested)
+ Binary-package: aegis-web (4.24-3) (CVE requested)
+ Binary-package: rancid-util (2.3.2~a8-1) (CVE requested)
+ Binary-package: fml (4.0.3.dfsg-2) (CVE requested)
+ Binary-package: gdrae (0.1-1) (CVE requested)
+ Binary-package: cdrw-taper (0.4-2)
+ Binary-package: digitaldj (0.7.5-6+b1)
+ Binary-package: xastir (1.9.2-1)
+ Binary-package: aview (1.3.0rc1-8)
+ Binary-package: xcal (4.1-18.3)
+ Binary-package: mgt (2.31-5)
+ Binary-package: sng (1.0.2-5)
+ Binary-package: cdcontrol (1.90-1.1)
+ Binary-package: apertium (3.0.7+1-1+b1)
+ Binary-package: rccp (0.9-2)
+ Binary-package: xmcd (2.6-19.3)
+ Binary-package: xsabre (0.2.4b-23) (CVE-2008-4407)
+ Binary-package: realtimebattle-common (1.0.8-2)
+ Binary-package: cman (2.20080629-1)
+ Binary-package: wims (3.62-13)
+ Binary-package: konwert-filters (1.8-11.1)
+ Binary-package: crossfire-maps (1.11.0-1)
+ Binary-package: sgml2x (1.0.0-11.1)
+ Binary-package: xen-utils-3.2-1 (3.2.1-2)
+ Binary-package: myspell-tools (1:3.1-20)
+ Binary-package: emacs-jabber (0.7.91-1)
+ Binary-package: audiolink (0.05-1)
+ Binary-package: impose+ (0.2-11)
+ Binary-package: emacspeak (26.0-3) (CVE-2008-4191)
+ Binary-package: netmrg (0.20-1)
+ Binary-package: r-base-core (2.7.1-1) (CVE-2008-3931)
+ Binary-package: dist (1:3.5-17-1)
+ Binary-package: gpsdrive-scripts (2.10~pre4-3)
+ Binary-package: rkhunter (1.3.2-3)
+ Binary-package: mgetty-fax (1.1.36-1.2)
+
+Non-issues (not exploitable, only examples or very exotic use cases,
+e.g. only exploitable when debugging a certain option, not present
+in Etch or only exploitable during package build time):
+ Binary-package: ogle-mmx (0.9.2-5.2)
+ Binary-package: ogle (0.9.2-5.2)
+ Binary-package: openoffice.org-common (1:2.4.1-6)
+ Binary-package: postfix (2.5.2-2)
+ Binary-package: tiger (1:3.2.2-3.1)
+ Binary-package: linuxtrade (3.65-8+b4)
+ Binary-package: arb-common (0.0.20071207.1-4)
+ Binary-package: scratchbox2 (1.99.0.24-1)
+ Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
+ Binary-package: firehol (1.256-4)
+ Binary-package: mafft (6.240-1)
+ Binary-package: liguidsoap (0.3.6-4)
+ Binary-package: ampache (3.4.1-1)
+ Binary-package: scilab-bin (4.1.2-5)
+ Binary-package: bk2site (1:1.1.9-3.1)
+ Binary-package: freevo (1.8.1-0)
+ Binary-package: dpkg-cross (2.3.0)
+ Binary-package: initramfs-tools (0.92f)
+ Binary-package: datafreedom-perl (0.1.7-1)
+ Binary-package: printfilters-ppd (2.13-9)
+ Binary-package: sendmail-base (8.14.3-5)
+ Binary-package: gccxml (0.9.0+cvs20080525-1)
+ Binary-package: aegis (4.24-3)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+