Package: bugreport-ng Severity: normal Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
--- Please enter the report below this line. --- Hi there Debian enthusiasts :) If this security vulnerabilities report is not sent to the correct package(s) team could you please redirect it to the correct package(s) team - - - Could the following security vulnerabilities exposed by WikiLeaks on March 7, 2017 affect Debian? Official press release at https://wikileaks.org/ciav7p1/#PRESS Edward Snowden is currently reviewing WikiLeaks published documents about Vault 7 security vulnerabilities. Snowden wrote: "genuinely a big deal. Looks authentic." "catastrophic weaknesses". Which were kept open by both CIA & FBI "to spy" on you and the Linux community. "Vault 7" reveals: • Classified manuals for CIA malware to infest Linux. Sources and secret documents at: https://twitter.com/wikileaks/status/839151511838015488 https://wikileaks.org/ciav7p1/cms/files/UsersGuide.pdf https://wikileaks.org/ciav7p1/cms/files/DevelopersGuide.pdf • Gaping holes in all popular operating systems. Source: https://twitter.com/wikileaks/status/839132303280451587 https://wikileaks.org/ciav7p1/ • CIA created huge amount of weaponized malware. Source at: https://twitter.com/wikileaks/status/839122455738339328 • CIA illicitly hoarded 'zero day' attacks, putting at risk industry, government. Source at: https://twitter.com/wikileaks/status/839119536012001280 - - - Edward Snowden wrote: • "Still working through the publication, but what wikileaks has here is genuinely a big deal. Looks authentic." Source at https://twitter.com/Snowden/status/839157182872576000 • "What makes this look real? Program & office names, such as the JQJ (IOC) crypt series, are real. Only a cleared insider could know them." Source at https://twitter.com/Snowden/status/839159736977227777 • "The CIA reports show the USG developing vulnerabilities in US products, then intentionally keeping the holes open. Reckless beyond words." Source at https://twitter.com/Snowden/status/839171129331830784 • "If you're writing about the CIA/@Wikileaks story, here's the big deal: first public evidence USG secretly paying to keep US software unsafe." Source at https://twitter.com/Snowden/status/839168025517522944 • "Evidence mounts showing CIA & FBI knew about catastrophic weaknesses in the most-used smartphones in America, but kept them open -- to spy." Source at https://twitter.com/Snowden/status/839193727751098368 - - - One secret leaked file describes how the CIA writes its malware code to obscure its USG origin at https://wikileaks.org/ciav7p1/cms/page_14588467.html Currently 607 Vault 7's documents are related to CIA's hacking tools at https://search.wikileaks.org/?query=debian&exact_phrase=&any_of=&exclude_words=&document_date_start=&document_date_end=&released_date_start=&released_date_end=&publication_type%5B%5D=51&new_search=False&order_by=most_relevant#results Search all Vault 7: CIA hacking tools at https://wikileaks.org/ciav7p1/ By the way, the "bugreport-ng" required to enter a package name to fill this security vulnerability report. Otherwise it's ignored completely. So I randomly picked "bugreport-ng" package. I'm not a security expert so I need help to identify which package(s) is affected. Any volunteers to help with that? The links above go to documents with more details. "openssh" package might be one affected package? Cheers, Francewhoa --- System information. --- Architecture: amd64 Kernel: Linux 3.2.0-4-amd64 Debian Release: 7.11 500 oldstable-updates ftp.ca.debian.org 500 oldstable security.debian.org 500 oldstable ftp.ca.debian.org 100 wheezy-backports ftp.debian.org --- Package information. --- Package's Depends field is empty. Package's Recommends field is empty. Package's Suggests field is empty.
