diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2011-01-18 02:17:49 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2011-01-18 02:17:49 +0000 |
commit | 38f772f944cd74e3600ed4a6eb178feec8e87b3f (patch) | |
tree | 00cada108e0c7961b717b8f80f85f6dae1f1c7b8 /doc | |
parent | 48ccbc6631eed19011cda1e4ec1ccdb215028481 (diff) |
create a historic document dir and move a bunch of outdated stuff there
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15917 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc')
-rw-r--r-- | doc/historic/README | 55 | ||||
-rw-r--r-- | doc/historic/TODO | 50 | ||||
-rw-r--r-- | doc/historic/announce (renamed from doc/announce) | 0 | ||||
-rw-r--r-- | doc/historic/announce.2 (renamed from doc/announce.2) | 0 | ||||
-rw-r--r-- | doc/historic/announce.3 (renamed from doc/announce.3) | 0 | ||||
-rw-r--r-- | doc/historic/bits_2007_10_x (renamed from doc/bits_2007_10_x) | 0 | ||||
-rw-r--r-- | doc/historic/bits_2008_06_x (renamed from doc/bits_2008_06_x) | 0 | ||||
-rw-r--r-- | doc/historic/lenny_release (renamed from doc/lenny_release) | 0 | ||||
-rw-r--r-- | doc/historic/mopb.txt | 237 | ||||
-rw-r--r-- | doc/historic/mops.txt | 64 | ||||
-rw-r--r-- | doc/historic/move_to_l.d.o (renamed from doc/move_to_l.d.o) | 0 | ||||
-rw-r--r-- | doc/historic/testing-security (renamed from doc/testing-security) | 0 | ||||
-rw-r--r-- | doc/historic/tmp.txt | 104 |
13 files changed, 510 insertions, 0 deletions
diff --git a/doc/historic/README b/doc/historic/README new file mode 100644 index 0000000000..fab6bc2d1d --- /dev/null +++ b/doc/historic/README @@ -0,0 +1,55 @@ +The checklist program can be run on a system with madison available to +check vulnerability info from the list files against what packages are in +testing. Also the updatelist is used by the Makefile to update the lists +with new info from Mitre. So the various list files need a common, machine +parsable format. That format is: + +begin claimed by foo + +[date] id description + {id id id} + UPCASE: text + - package [version] (note; note; note) + +end claimed by foo + + +Without writing a format grammar, because this is really rather ad-hoc and +probably will be replaced with something better: + +[date] + The date of the advisory in the form dd Mmm YYYY (01 Nov 2004). + Optional, only given for DSAs at the moment. +id + DSA-nnn-n, CVE-YYY-nnnn, etc +description + Pretty much freeform description of the problem. Short and optional. + By convention, if it's taken from upstream data source + automatically, it will be in parens. If you want to use a different + description, put it in square brackets instead. +{id id id} + This is used to link to other ids that describe the same hole. + Generally used to link DSAs to CVEs and back. +UPCASE + Any word in upper case, typically NOTE, HELP, TODO, RESERVED, + REJECTED, NOT-FOR-US. + May be repeated for each entry. +- package [version] (note; notes; note) + Indicates that the problem is fixed in the given version of the + package. May repeat for other packages. If the problem is unfixed, + use "<unfixed>" as the version. If the problem doesn't affect Debian, + use "<not-affected>" as the version. If the problem only affects + shipped releases, for which the stable security team provides + security support and the affected package has meanwhile been removed + from the archive use "<removed>" as the version. If the problem + affects a particular release, prepend "[release]" before the + "- package" to reflect as much. + + The notes can be freeform, but some are understood by the tools, + including "bug #nnnnn", "bug filed", and "high", + "medium", "low", "unimportant" and "unknown" urgencies. + +begin claimed by foo +end claimed by foo + Marks a set of items that are being checked by someone. + Used to avoid duplicate work. diff --git a/doc/historic/TODO b/doc/historic/TODO new file mode 100644 index 0000000000..4809fcd950 --- /dev/null +++ b/doc/historic/TODO @@ -0,0 +1,50 @@ +* Set up for DTSAs + + - Auto moderation of developer signed mails to -announce. + + - sndadvisory should remove TODO lines from the list file since the + advisory is complete + + - merge sndadvisory into dtsa script? + + - web DTSA pages should be built on the fly using the metadata in DTSA/ + so we don't have to update things in two places when making a change, + and so releasing a DTSA does not involve copying html files around + + - The dtsa script should have support for updating the list file + when running it on an advisory that it's already been run on before. + This would facilitate issuing asvisories, which often takes a few runs + before the final one is sent. Alternatively, get rid of the DTSA/list + file (do we need it for anything really?) + +* Merge stuff into security.debian.org. Long term, but we need to keep in + mind that the current archive setup is just to get bootstrapped. + +* Web overview + - checklist setup for unstable needs to be fixed to ignore Hurd + +* Florian's overview should be moved to secure-testing.debian.net, but + Florian wants to resolve some issues before. + +* Write the script that digs through the security bugs + +* Write the script that handles the transfer between secure-testing and testing + wrt incomplete archs (aba) + +* Improve the developer's reference wrt security bugs (micah) + +* Document that finalized syntax + +* Review open security bugs and tag the wrt versioned bug tracking + +* Create a repo of security patches + +* Retroactive updating of the list for not-affected and others + +* Document all our stuff and work + +* Implement the HELP tag and add it to some outstanding issues + +* Link source package specific overview into the PTS + + diff --git a/doc/announce b/doc/historic/announce index e9168207de..e9168207de 100644 --- a/doc/announce +++ b/doc/historic/announce diff --git a/doc/announce.2 b/doc/historic/announce.2 index d1f1caee4c..d1f1caee4c 100644 --- a/doc/announce.2 +++ b/doc/historic/announce.2 diff --git a/doc/announce.3 b/doc/historic/announce.3 index 008d91911d..008d91911d 100644 --- a/doc/announce.3 +++ b/doc/historic/announce.3 diff --git a/doc/bits_2007_10_x b/doc/historic/bits_2007_10_x index 1162bb73a9..1162bb73a9 100644 --- a/doc/bits_2007_10_x +++ b/doc/historic/bits_2007_10_x diff --git a/doc/bits_2008_06_x b/doc/historic/bits_2008_06_x index 2193f00478..2193f00478 100644 --- a/doc/bits_2008_06_x +++ b/doc/historic/bits_2008_06_x diff --git a/doc/lenny_release b/doc/historic/lenny_release index 554cd81dee..554cd81dee 100644 --- a/doc/lenny_release +++ b/doc/historic/lenny_release diff --git a/doc/historic/mopb.txt b/doc/historic/mopb.txt new file mode 100644 index 0000000000..4b00d76e42 --- /dev/null +++ b/doc/historic/mopb.txt @@ -0,0 +1,237 @@ +Issues affecting PHP 4 and PHP 5: + +41 PHP 5 sqlite_udf_decode_binary() Buffer Overflow Vulnerability +#TODO(medium) -> for PHP5, php4 uses a seperate php4-sqlite package. +[MOPB-41-php5.diff] + +34 PHP mail() Header Injection Through Subject and To Parameters +#TODO(medium) -> needs to be fixed, CVE-2007-1718 (php4 & php5, header +injection possible via some MTAs when set to process the headers for +recipients), Sarge's php4 not affected +[MOPB-34-php5.diff] + +30 PHP _SESSION unset() Vulnerability +#TODO(low) -> hard to trigger remotely, CVE-2007-1700. (php4 & php5, code execution) +[MOPB-30-php5.diff] + +26 PHP mb_parse_str() register_globals Activation Vulnerability +#TODO(medium) -> functionally enables register_globals for any future requests, CVE-2007-1583 (php4 & php5, enables stealth register_globals for life of process) + +22 PHP session_regenerate_id() Double Free Vulnerability +#TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1521 (php4 & php5, code execution) +[MOPB-22-php5.diff] + +10 PHP php_binary Session Deserialization Information Leak Vulnerability +#TODO(low) -> Can only leak 127 bytes of data, CVE-2007-1380 (php4 & php5, heap leak) +Check, to which extent this was covered by our backports of 5.2.1 patches +[MOPB-10-php5.diff] + + + +Issues affecting PHP 4 only: + +35 PHP 4 zip_entry_read() Integer Overflow Vulnerability +#TODO(medium) -> needs to be fixed, CVE-2007-1777 (php4, remote code execution) +[MOPB-35-php4.diff] + +32 PHP 4.4.5/4.4.6 session_decode() Double Free Vulnerability (U) +TODO(medium) -> needs to be fixed in php/etch and php/sarge (remote code execution) +[MOPB-32-php4.diff] + +04 PHP 4 unserialize() ZVAL Reference Counter Overflow +TODO (php4 only, gain execute control) +[MOPB-04-php4.diff] + + + +Issues affecting PHP 5 only: + +45 PHP ext/filter Email Validation Vulnerability +TODO(low) -> possible email header injections when coupled with other problems (php5 5.2.0, 5.2.1) +[MOPB-45-php5.diff] + +44 PHP 5.2.0 Memory Manager Signed Comparision Vulnerability +#TODO(medium) -> remotely exploitable via SOAP interfaces, CVE-2007-1889 (php5 5.2.0 only) + +42 PHP 5 php_stream_filter_create() Off By One Vulnerablity +#TODO(medium) -> needs to be fixed, CVE-2007-1824 (php5, remote code execution, though haven't reproduced it) +[MOPB-42-php5.diff] + +23 PHP 5 Rejected Session Identifier Double Free Vulnerability +#TODO(medium) -> locally exploitable to gain access to process memory, hard to do remotely, CVE-2007-1522. (php5 5.2.0+, code execution) + +19 PHP ext/filter Space Trimming Buffer Underflow Vulnerability +#TODO(medium) -> for PHP5. CVE-2007-1453 (php5 5.2.0 only, code execution on big endian) + +18 PHP ext/filter HTML Tag Stripping Bypass Vulnerability +#TODO(medium) -> for PHP5. CVE-2007-1453 (php5 5.2.0 only, can avoid filters) + +17 PHP ext/filter FDF Post Bypass Vulnerability +#TODO(low) -> ...or possibly "broken as designed". CVE-2007-1452, (php5 5.2.0 only, can avoid filters) + +16 PHP zip:// URL Wrapper Buffer Overflow Vulnerability +#TODO(medium) -> possible remote data can result in code execution in 5.2.0 which uses the zip handler, CVE-2007-1399. (php5 5.2.0 only, code execution) + +14 PHP substr_compare() Information Leak Vulnerability +#TODO(low) -> corner-case where length+offset > INT_MAX, CVE-2007-1375 (php5, heap leak) +[MOPB-14-php5.diff] + + + + + +Done or resolved: + + +43 PHP msg_receive() Memory Allocation Integer Overflow Vulnerabilty +#N/A -> Only triggerable by malicious script, CVE-2007-1890 (php4 & php5, local code execution, possibly FreeBSD only) + +40 PHP imap_mail_compose() Boundary Stack Buffer Overflow Vulnerability +#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1825 + +39 PHP str_replace() Memory Allocation Integer Overflow Vulnerability +#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0906/CVE-2007-1885 + +38 PHP printf() Family 64 Bit Casting Vulnerabilities +#Fixed in DSA-1264 and the respective PHP4/PHP5 packages, dupe CVE-2007-0909/CVE-2007-1884 + +37 PHP iptcembed() Interruption Information Leak Vulnerability +#N/A -> Only triggerable by malicious script, CVE-2007-1883 (php4 & php5, local code execution) + +36 PHP session.save_path open_basedir Bypass Vulnerability +#N/A -> open_basedir bypasses not supported, CVE-2007-1461 + +33 PHP mail() Message ASCIIZ Byte Truncation +#N/A -> This is a bug, but not security-relevant, CVE-2007-1717 (php4 & php5) + +31 PHP _SESSION Deserialization Overwrite Vulnerability +#N/A -> register_globals not supported, already fixed in DSA-1264, dupe CVE-2007-0910/CVE-2007-1701 (php4 & php5, very hard to trigger remotely, code execution) + +29 PHP 5.2.1 unserialize() Information Leak Vulnerability +#N/A -> Only affects PHP 5.2.1, CVE-2007-1649 (heap leak via broken "S" unserializer, which should maybe be removed from 5.2.1, since it is only for future compatibility and is totally broken?) +[MOPB-29-php5.diff] + +28 PHP hash_update_file() Already Freed Resource Access Vulnerability +#N/A -> Only triggerable by malicious script, CVE-2007-1581 (php5, local malicious stream handler leads to code execution) + +27 PHP ext/gd Already Freed Resource Access Vulnerability +#N/A -> Only triggerable by malicious script, CVE-2007-1582 (php4 & php5, local malicious error handler leads to code execution) + +25 PHP header() Space Trimming Buffer Underflow Vulnerability +#Fixed in Etch as part of the 5.2.1 backport, dupe CVE-2007-0907/CVE-2007-1584 + +24 PHP array_user_key_compare() Double DTOR Vulnerability +#N/A -> Only triggerable by malicious script, CVE-2007-1484 (php4 & php5, code execution) +[MOPB-24-php5.diff] + +21 PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability +#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1461 + +20 PHP zip:// URL Wrapper safemode and open_basedir Bypass Vulnerability +#N/A -> Safemode and open_basedir bypasses not supported, CVE-2007-1460 + +15 PHP shmop Functions Resource Verification Vulnerability +#N/A -> Only triggerable by malicious script, could be used to read/write arbitrary memory, CVE-2007-1376 (php4 & php5, arbitrary memory leakage) +[MOPB-15-php5.diff] + +13 PHP 4 Ovrimos Extension Multiple Vulnerabilities +#N/A -> Ovrimos support not provided in any debian php packages, CVE-2007-1379, CVE-2007-1378 + +12 mod_security POST Rules Bypass Vulnerability +#N/A -> applies to modsecurity, not packaged for sarge/etch/(sid?), CVE-2007-1359. + +11 PHP WDDX Session Deserialization Information Leak Vulnerability +#Fixed in DSA-1264. CVE-2007-0908 (php4 & php5, controllable stack leak) + +09 PHP wddx_deserialize() String Append Buffer Overflow Vulnerability +#N/A -> Only applies to a development version in CVS, not a shipped release, CVE-2007-1381. + +08 PHP 4 phpinfo() XSS Vulnerability (Deja-vu) +N/A -> phpinfo() is a debug function, not be exposed to applications (php4 4.4.3 through 4.4.6 only, phpinfo XSS) + +07 Zend Platform ini_modifier Local Root Vulnerability (B) +N/A -> Only affects the Zend platform + +06 Zend Platform Insecure File Permission Local Root Vulnerability +N/A -> Only affects the Zend platform + +05 PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability +#Fixed in DSA-1264. CVE-2007-0988 (php4 & php5, limited-time 100% CPU DoS) + +03 PHP Variable Destructor Deep Recursion Stack Overflow +#N/A -> Applications need to impose sanity checks for maximum recursion, CVE-2007-1285 (php4 & php5, crash only) + +02 PHP Executor Deep Recursion Stack Overflow +#N/A -> Applications need to impose sanity checks for maximum recursion, CVE-2006-1549 (php4 & php5, crash only) + +01 PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability +#N/A -> Only triggerable by malicious script, CVE-2007-1383 (php4 only, gain execute control) + + + + +(Comments starting with # indicate that information has been fed to the tracker) +(Comments starting with TOFIX indicate that a patch has been created or extracted) + + +# php4 checklist + + Sarge Etch +41 a a <- seperate source package php4-sqlite +35 T T +34 / t +32 T T +30 / / +26 a a +22 t t +10 T T <- seemed already fixed but this completes the patch +04 T T + +? = more info +x = fix needed +* = extracted +a = patch generated and commited to SVN +t = didn't seem affected, but patch makes sense +T = code tested +/ = not affected + +# PHP5 checklist.... +MOPB Etch, Unstable Dapper, Edgy, Feisty, Gutsy PATCH +10 p p[3] T T T - * +14 X T T T T - * +15 i T T T - - * +16 p p - - - - +17 - - - - - - +18 X T - - - - +19 X T - - - - +22 X T T T T - * +23 X T[5] X X X - ? +24 i i T T T X * +26 X T T T T - * +29 - - - - T - * +30 - a[4] T T - - * +34 X a T T T - * +41 X T T T T - ![1] +42 X a T T - - * +44 X a - - - - +45 X T - - T - ![2] + +* = patch extracted from upstream +? = no upstream patch found +! = patch created + +X = fixed desired +a = patch applied +p = previously fixed +T = code tested +- = fix n/a +i = fix skipped + +[1] but the fix in php5 is not right, the call (not the SQLite API) needs + to be changed. For references, here is the upstream "fix": + http://cvs.php.net/viewvc.cgi/php-src/ext/sqlite/libsqlite/src/encode.c?r1=1.5.4.1&r2=1.5.4.1.2.1&pathrev=PHP_5_2 +[2] this needs a CVE assigned +[3] previously fixed, but the patch adds another check we should have too. +[4] could not reproduce this problem +[5] the first hunk of the patch for mopb 22 fixes this. + diff --git a/doc/historic/mops.txt b/doc/historic/mops.txt new file mode 100644 index 0000000000..63dafa4c45 --- /dev/null +++ b/doc/historic/mops.txt @@ -0,0 +1,64 @@ +Month of PHP security May 2010 status file + +001: CVE-2007-1581; Only triggerable by malicious script +002: External app not in Debian: Campsite +003: CVE-2010-1866; Should be fixed for Squeeze, doesn't affect Lenny (5.3 only) +004: External app not in Debian: ClanSphere +005: External app not in Debian: ClanSphere +006: CVE-2010-1864; Only triggerable by malicious script +007: External app not in Debian: ClanTiger +008: CVE-2010-1862; Only triggerable by malicious script +009: CVE-2010-1861; Only triggerable by malicious script +010: CVE-2010-1860; Only triggerable by malicious script +011: External app not in Debian: DeluxeBB +012: CVE-2010-1868; Only triggerable by malicious script +013: CVE-2010-1868; Only triggerable by malicious script +014: CVE-2010-1914; Only triggerable by malicious script +015: CVE-2010-1914; Only triggerable by malicious script +016: CVE-2010-1914; Only triggerable by malicious script +017: CVE-2010-1915; Only triggerable by malicious script +018: External app not in Debian: EFront +019: CVE-2010-1916; Serendipity, doesn't affect Lenny (1.4 onwards), pinged Thijs +020: CVE-2010-1916; External app; xinha, Just an ITP: #479708, there are embedders +021: CVE-2010-1917; PHP fnmatch() Stack Exhaustion Vulnerability +022: CVE-2010-2093; Only triggerable by malicious script +023: no CVE yet; Cacti, pinged Sean Finney +024: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR +025: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR +026: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR +027: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR +028: CVE-2010-2094; Doesn't affect Lenny, extension is new enough not to have (code) users other than PEAR +029: External app not in Debian: CMSQLITE +030: External app not in Debian: CMSQLITE +031: External app not in Debian: e107 +032: CVE-2010-2097; Only triggerable by malicious script +033: CVE-2010-2097; Only triggerable by malicious script +034: CVE-2010-2097; Only triggerable by malicious script +035: External app not in Debian: e107 +036: CVE-2010-2100; Only triggerable by malicious script +037: CVE-2010-2100; Only triggerable by malicious script +038: CVE-2010-2100; Only triggerable by malicious script +039: CVE-2010-2100; Only triggerable by malicious script +040: CVE-2010-2100; Only triggerable by malicious script +041: CVE-2010-2101; Only triggerable by malicious script +042: CVE-2010-2101; Only triggerable by malicious script +043: CVE-2010-2101; Only triggerable by malicious script +044: CVE-2010-2101; Only triggerable by malicious script +045: CVE-2010-2101; Only triggerable by malicious script +046: CVE-2010-2101; Only triggerable by malicious script +047: CVE-2010-2190; Only triggerable by malicious script +048: CVE-2010-2190; Only triggerable by malicious script +049: CVE-2010-2191; Only triggerable by malicious script +050: CVE-2010-2191; Only triggerable by malicious script +051: CVE-2010-2191; Only triggerable by malicious script +052: CVE-2010-2191; Only triggerable by malicious script +053: CVE-2010-2191; Only triggerable by malicious script +054: CVE-2010-2191; Only triggerable by malicious script +055: CVE-2010-2191; Only triggerable by malicious script +056: CVE-2010-3062; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid +057: CVE-2010-3062; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid +058: CVE-2010-3063; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid +059: CVE-2010-3064; Does not affect Lenny; unimportant, mysqlnd not used in squeeze/sid +060: CVE-2010-3065; Should be fixed in Lenny and unstable; low importance + + diff --git a/doc/move_to_l.d.o b/doc/historic/move_to_l.d.o index f62c7fdaf6..f62c7fdaf6 100644 --- a/doc/move_to_l.d.o +++ b/doc/historic/move_to_l.d.o diff --git a/doc/testing-security b/doc/historic/testing-security index 845636e94d..845636e94d 100644 --- a/doc/testing-security +++ b/doc/historic/testing-security diff --git a/doc/historic/tmp.txt b/doc/historic/tmp.txt new file mode 100644 index 0000000000..ab0f025ade --- /dev/null +++ b/doc/historic/tmp.txt @@ -0,0 +1,104 @@ +- Make sure the issue is tracked in the tracker +- Criteria for potential DSA: Typically used as root, typically used + on multiuser system, non-fringe, real world use case (i.e no debug, + no examples) +- This is the initial batch reported by Dmitry, but there might have + been followups? We should check this, I haven't caught up with + mail backlog +- While some issues might not warrant a DSA for Etch, we should be + a little more aggressive on maintainters not following up for + Lenny and rather go for removal in such cases +- Since stable updates can be made by any DD we could also advertise + this on debian-devel to find a volunteer if the respective + maintainers are too busy +- I think we only need CVE IDs for issues fixed in a DSA or through + a point update, oss-security should be better than a CNA pool since + there's a risk of collisions + + + +DSA: (Name in brackets if someone prepares a DSA) + Binary-package: qemu (0.9.1-5) (CVE-2008-4553) (white) + + +SPU: + Binary-package: ibackup (2.27-4.1) (CVE-2008-4475) + Binary-package: sympa (5.3.4-5) (CVE-2008-4476) + Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) (CVE-2008-4474) + Binary-package: fwbuilder (2.1.19-3) (CVE requested) + Binary-package: aegis-web (4.24-3) (CVE requested) + Binary-package: rancid-util (2.3.2~a8-1) (CVE requested) + Binary-package: fml (4.0.3.dfsg-2) (CVE requested) + Binary-package: gdrae (0.1-1) (CVE requested) + Binary-package: cdrw-taper (0.4-2) + Binary-package: digitaldj (0.7.5-6+b1) + Binary-package: xastir (1.9.2-1) + Binary-package: aview (1.3.0rc1-8) + Binary-package: xcal (4.1-18.3) + Binary-package: mgt (2.31-5) + Binary-package: sng (1.0.2-5) + Binary-package: cdcontrol (1.90-1.1) + Binary-package: apertium (3.0.7+1-1+b1) + Binary-package: rccp (0.9-2) + Binary-package: xmcd (2.6-19.3) + Binary-package: xsabre (0.2.4b-23) (CVE-2008-4407) + Binary-package: realtimebattle-common (1.0.8-2) + Binary-package: cman (2.20080629-1) + Binary-package: wims (3.62-13) + Binary-package: konwert-filters (1.8-11.1) + Binary-package: crossfire-maps (1.11.0-1) + Binary-package: sgml2x (1.0.0-11.1) + Binary-package: xen-utils-3.2-1 (3.2.1-2) + Binary-package: myspell-tools (1:3.1-20) + Binary-package: emacs-jabber (0.7.91-1) + Binary-package: audiolink (0.05-1) + Binary-package: impose+ (0.2-11) + Binary-package: emacspeak (26.0-3) (CVE-2008-4191) + Binary-package: netmrg (0.20-1) + Binary-package: r-base-core (2.7.1-1) (CVE-2008-3931) + Binary-package: dist (1:3.5-17-1) + Binary-package: gpsdrive-scripts (2.10~pre4-3) + Binary-package: rkhunter (1.3.2-3) + Binary-package: mgetty-fax (1.1.36-1.2) + +Non-issues (not exploitable, only examples or very exotic use cases, +e.g. only exploitable when debugging a certain option, not present +in Etch or only exploitable during package build time): + Binary-package: ogle-mmx (0.9.2-5.2) + Binary-package: ogle (0.9.2-5.2) + Binary-package: openoffice.org-common (1:2.4.1-6) + Binary-package: postfix (2.5.2-2) + Binary-package: tiger (1:3.2.2-3.1) + Binary-package: linuxtrade (3.65-8+b4) + Binary-package: arb-common (0.0.20071207.1-4) + Binary-package: scratchbox2 (1.99.0.24-1) + Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) + Binary-package: firehol (1.256-4) + Binary-package: mafft (6.240-1) + Binary-package: liguidsoap (0.3.6-4) + Binary-package: ampache (3.4.1-1) + Binary-package: scilab-bin (4.1.2-5) + Binary-package: bk2site (1:1.1.9-3.1) + Binary-package: freevo (1.8.1-0) + Binary-package: dpkg-cross (2.3.0) + Binary-package: initramfs-tools (0.92f) + Binary-package: datafreedom-perl (0.1.7-1) + Binary-package: printfilters-ppd (2.13-9) + Binary-package: sendmail-base (8.14.3-5) + Binary-package: gccxml (0.9.0+cvs20080525-1) + Binary-package: aegis (4.24-3) + + + + + + + + + + + + + + + |