Three, count them, three local root exploits discovered so far via the source scan of the Debian archive. More to follow.
- DSA-1326-1: fireflier-server
- DSA-1327-1: gsambad
- DSA-1328-1: unicon-imc2
- This is an interesting one because the library itself isn't setuid, but it is linked to by the setuid application zhcon.
- Which makes this exploit an instant root attack.
Right now my biggest irritation is the amount of time it takes to report bugs in packages which don't have security issues - just bad coding. It takes me a fair while to do it, since I either have to install the package and use "reportbug", or lookup version numbers and submit manually. I should think of a better way of doing it.