
# List of packages where security support is limited

# File format: Columns, separated by one or more space characters
# 1. source package name
# 2. Descriptive text or URL with more details (optional)
#    In the program's output, this is prefixed with "Details:"

sql-ledger  Only supported behind an authenticated HTTP zone
php5        See README.Debian.security for the PHP security policy
adns        Stub resolver that should only be used with trusted recursors
ltp         Pure Testsuite, only supported on non-production non-multiuser systems
ocsinventory-server Only supported behind an authenticated HTTP zone
wireshark   Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates
acidbase    Only supported behind an authenticated HTTP zone for trusted users
glpi        Only supported behind an authenticated HTTP zone for trusted users
memcached   Attacks that require an attacker to be able to access the memcached port/sock are not supported, it's running as nobody and in a typical setup attackers don't have access to this
webkit      No security support upstream and backports not feasible, only for use on trusted content
kde4libs    No security support upstream and backports not feasible, only for use on trusted content
kde4libs    No security support upstream and backports not feasible, only for use on trusted content
qtwebkit    No security support upstream and backports not feasible, only for use on trusted content
ganglia     See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
pidgin      Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE
