CVE-2001-1593 [insecure use of /tmp] - a2ps (low; bug #737385) [wheezy] - a2ps (Minor issue) [squeeze] - a2ps (Minor issue) CVE-2004-2776 NOT-FOR-US: Montitorix CVE-2002-2439 - gcc-4.1 [squeeze] - gcc-4.1 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.3 [squeeze] - gcc-4.3 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.4 (low) [squeeze] - gcc-4.4 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) [wheezy] - gcc-4.4 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.6 (low) [wheezy] - gcc-4.6 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.7 (low; bug #710830) [wheezy] - gcc-4.7 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.8 4.8.0-1 (low) NOTE: Are there apps known to be exploitable through this? NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway? NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is NOTE: properly rebuild with a fixed version from the start NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 CVE-2002-2438 NOT-FOR-US: ancient linux 2.4 issue CVE-2006-7246 - wpasupplicant 0.7.3-1 [squeeze] - wpasupplicant (Minor issue) - network-manager 0.9.4.0-1 [squeeze] - network-manager (Minor issue) NOTE: might be fixed earlier; I checked the source versions in Wheezy CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl] - shadow 1:4.1.5-1 (low; bug #628843) [squeeze] - shadow (Minor issue) [lenny] - shadow (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008 - sudo 1.7.4p4 (low; bug #657784) NOTE: sudo might be fixed earlier, use_pty present in stable CVE-2006-4245 - archivemail 0.6.2-2 CVE-2006-4243 [linux vserver priviledge escalation in remount code] - linux-2.6 2.6.17-9 CVE-2006-3100 [termnetd buffer overflow] - termpkg 3.3-7 (bug #358028; medium) CVE-2006-0062 [Potential xlockmore bypass] - xlockmore 1:5.13-2.1 (bug #309760) CVE-2006-0061 [xlock segfaults when using libpam-opensc] - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low) [sarge] - xlockmore (Minor issue) CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ] - twiki 20040902-2 (bug #330733; high) CVE-2005-2349 [Directory traversal in zoo] - zoo 2.10-4 (low; bug #309594) CVE-2005-2350 [Cross Site Scripting in websieve] - websieve (bug #311838; low) CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles] - mutt 1.5.20-7 (bug #311296; unimportant) [sarge] - mutt (Minor annoyance, not a real DoS) NOTE: An "attacker" could achieve the same by simply filling up /tmp CVE-2005-2352 [Temp file races in gs-gpl addons scripts] - gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant) CVE-2005-2354 [nvu uses old copy of mozilla xpcom] NOTE: have not checked to see which security holes are in it exactly - nvu (bug #306822; medium) CVE-2005-2356 NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos