The bsdmainutils package versions below 6.0.15 allow for a local root compromise via the calendar program.
60b8be5b945488f25d2fc43b427af907f6ab743a5b15c6d0122ee49597c41966
MOD_SUPHP is an Apache module that allows php scripts to run as users rather than the www-data user. A condition exists that would allow an attacker to use this module to run arbitrary code.
2df871582e14a312ba3d2a736b2e170795092c7ed83f2ab6a61ffbb8d9d3729c