
# List of packages where security support is limited

# File format: Columns, separated by one or more space characters
# 1. source package name
# 2. Descriptive text or URL with more details (optional)
#    In the program's output, this is prefixed with "Details:"

acidbase        Only supported behind an authenticated HTTP zone for trusted users
adns            Stub resolver that should only be used with trusted recursors
ganglia         See README.Debian.security, only supported behind an authenticated HTTP zone, #702775
ganglia-web     See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
glpi            Only supported behind an authenticated HTTP zone for trusted users
kde4libs        No security support upstream and backports not feasible, only for use on trusted content
ltp             Pure Testsuite, only supported on non-production non-multiuser systems
memcached       Attacks that require an attacker to be able to access the memcached port/sock are not supported, it's running as nobody and in a typical setup attackers don't have access to this
ocsinventory-server Only supported behind an authenticated HTTP zone
php5            See README.Debian.security for the PHP security policy
pidgin          Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE
qtwebkit        No security support upstream and backports not feasible, only for use on trusted content
sql-ledger      Only supported behind an authenticated HTTP zone
webkit          No security support upstream and backports not feasible, only for use on trusted content
wireshark       Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates
