Link to the specific announce page.

[wiki.git] / doc / LennyBugsAll

diff --git a/doc/LennyBugsAll b/doc/LennyBugsAll
index dfff044255d8169fdd7f7c0e4791f94ce61d4289..5cdc6803900e514d6cf3b7a5243327a1e39445b1 100644 (file)
--- a/doc/LennyBugsAll
+++ b/doc/LennyBugsAll
@@ -7,30 +7,161 @@ Bug list dumped early 2008-12-12.  The pipeline was
 
 Please sort into useful/not useful, add notes, etc.
 
 
 Please sort into useful/not useful, add notes, etc.
 

+----
+

 = Juicy? =
 
 = Juicy? =
 

-Try these!
+All acted on!  See the "Stuff we did" sections below.

 
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465]
-in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
-"/init exports MODPROBE_OPTIONS=-qb"
-[[BR]](Note: real bug report is near bottom.)

 
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072]
-in [http://packages.debian.org/lenny/dk-filter dk-filter]
-"dk-filter reliably crashes upon connection from postfix"
-[[BR]](Note: bug report, little followup.  Test, reproduce, debug, fix.)
+
+----
+
+= Stuff we did =
+
+== Fixed by SIPB! ==
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140]
+in [http://packages.debian.org/lenny/installation-reports installation-reports]
+"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
+(closed by wdaher)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525] 
+in [http://packages.debian.org/lenny/python-hid python-hid] 
+"python-hid: hid module will not import since python policy transition" 
+(tabbott)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071 507071] 
+[http://packages.debian.org/lenny/racoon racoon] 
+"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt" 
+(fixed by broder)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072 507072] 
+in [http://packages.debian.org/lenny/ipsec-tools ipsec-tools] 
+"libipsec0 packaged in ipsec-tools without development headers" 
+(downgraded by hartmans)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626 504626] 
+in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx] 
+"[nvidia-glx] Quietly drops support for several chipsets" 
+(downgraded by nelhage)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502845 502845]
+in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
+"open-iscsi: no login using amd64"
+(quentin reassigned; Bastian Blank then lowered priority)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265]
+in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source]
+"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
+(patch added by andersk)

 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057]
 in [http://packages.debian.org/lenny/splashy splashy]
 "splashy: Splashy fails to install due to missing default theme"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057]
 in [http://packages.debian.org/lenny/splashy splashy]
 "splashy: Splashy fails to install due to missing default theme"

+(fix suggestion added by ecprice with help from tabbott and fawkes)

 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"

-[[BR]]This is fixed in experimental, but in a newer, less-stable version; Someone might be able to backport the fix.
+(submitted patch that disables broken RPC; leaving to maintainer to decide if this is what he wants to do)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465]
+in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
+"/init exports MODPROBE_OPTIONS=-qb"
+[[BR]](patch added by price)

 
 

-= Specific hardware =
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=489501 489501]
+in [http://packages.debian.org/lenny/zekr zekr]
+"zekr depends on libxul0d"
+[[BR]](mako tweaked and sponsored fix by Asheesh Laroia)
+
+== Waiting on feedback ==
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140 502140]
+in [http://packages.debian.org/lenny/pam pam]
+"cannot unlock screen during etch -> lenny transition"
+(hartmans added comment)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072]
+in [http://packages.debian.org/lenny/dk-filter dk-filter]
+"dk-filter reliably crashes upon connection from postfix"
+[[BR]](quentin couldn't reproduce)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507883 507883]
+in [http://packages.debian.org/lenny/asterisk asterisk]
+"asterisk: Very frequent segfaults on startup"
+(quentin couldn't reproduce)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037]
+in [http://packages.debian.org/lenny/fenix fenix]
+"fenix: not 64 bit clean"[[BR]]
+(ezyang observed upstream's website looks ~dead)
+
+
+
+
+----
+
+= Fun stuff to read =
+
+== Flamewars ==
+
+You might enjoy reading these, but they may not be good targets to fix.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737]
+in [http://packages.debian.org/lenny/otrs2 otrs2]
+"otrs2 - makes files in /usr writable by non-root"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
+in [http://packages.debian.org/lenny/wordpress wordpress]
+"wordpress can be subject of delayed attacks via cookies"
+
+For this one, the actual flameware is off the bug report log.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"longstanding DFSG violations in linux-2.6 package"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747 504747]
+in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk]
+"gnu-fdisk: wipes out MBR when used on GPT partitions"
+
+
+== Would have been fun ==
+
+Entertaining to read but sadly already fixed.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961]
+in auctex
+"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
+
+
+== Examples to live up to ==
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954]
+in [http://packages.debian.org/lenny/bind9 bind9]
+"bind9: Fails to start due to SIGSEGV"
+[[BR]]This bug sat unfixed for months.  Then someone attacked it in a bug-squashing party,
+got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
+
+
+== Puzzling ==
+
+Someone please explain what's going on (Debian Project-wise) in these bugs.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473]
+in [http://packages.debian.org/lenny/wnpp wnpp]
+"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
+[[BR]](Note: The bug is for someone to take over maintainership.  They did.  Then when the bug gets automatically archived, they reply saying to keep it?  I (price) don't understand.)
+
+
+
+
+----
+
+= Not so ripe for us to fix =
+
+== Specific hardware ==

 
 If you have the relevant hardware you could help a lot.
 
 
 If you have the relevant hardware you could help a lot.
 


@@ -58,61 +189,19 @@ in [http://packages.debian.org/lenny/installation-reports installation-reports]
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "grub-installer fails on a FSC Primergy RX300 with a level 5 RAID"
 
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "grub-installer fails on a FSC Primergy RX300 with a level 5 RAID"
 

-= Examples =
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954]
-in [http://packages.debian.org/lenny/bind9 bind9]
-"bind9: Fails to start due to SIGSEGV"
-[[BR]]This bug sat unfixed for months.  Then someone attacked it in a bug-squashing party,
-got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
-
-
-= May be a lot of work =

 
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037]
-in [http://packages.debian.org/lenny/fenix fenix]
-"fenix: not 64 bit clean"
+== May be a lot of work ==

 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "rtorrent: random crash"
 [[BR]](Reproducing this seems to require runnin 20+ torrents for a ~day)
 
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "rtorrent: random crash"
 [[BR]](Reproducing this seems to require runnin 20+ torrents for a ~day)
 

-= Puzzling =
-
-Someone please explain what's going on (Debian Project-wise) in these bugs.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473]
-in [http://packages.debian.org/lenny/wnpp wnpp]
-"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
-[[BR]](Note: The bug is for someone to take over maintainership.  They did.  Then when the bug gets automatically archived, they reply saying to keep it?  I (price) don't understand.)

 
 

-= Vaguely tedious =
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502140 502140]
-in [http://packages.debian.org/lenny/pam pam]
-"cannot unlock screen during etch -> lenny transition"
-
-= Unclassified =
+== Unclassified ==

 
 Please read these reports and figure out what category they belong in.  Or make a new category.
 
 
 Please read these reports and figure out what category they belong in.  Or make a new category.
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"installation-reports: Grub error: not a regular file..."
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232 495232]
-in [http://packages.debian.org/lenny/quagga quagga]
-"quagga: zebra ignores routes added via command line"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460]
-in [http://packages.debian.org/lenny/oss-compat oss-compat]
-"oss-compat: modules are not loaded"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712]
-in [http://packages.debian.org/lenny/ghostscript ghostscript]
-"etch->lenny upgrade left the system in broken state"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661]
 in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev]
 "nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661]
 in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev]
 "nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"


@@ -121,16 +210,12 @@ in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legac
 in [http://packages.debian.org/lenny/network-manager network-manager]
 "Updating to lenny failed when NetworkManager got updated"
 
 in [http://packages.debian.org/lenny/network-manager network-manager]
 "Updating to lenny failed when NetworkManager got updated"
 

-= Unclassified Security =
+== Unclassified Security ==

 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
 in [http://packages.debian.org/lenny/icedove icedove]
 "Mozilla Thunderbird Multiple Vulnerabilities"
 
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
 in [http://packages.debian.org/lenny/icedove icedove]
 "Mozilla Thunderbird Multiple Vulnerabilities"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 506353]
-in [http://packages.debian.org/lenny/mailscanner mailscanner]
-"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
 in [http://packages.debian.org/lenny/xine-lib xine-lib]
 "xine-lib: CVE-2008-5242 heap-based buffer overflow"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
 in [http://packages.debian.org/lenny/xine-lib xine-lib]
 "xine-lib: CVE-2008-5242 heap-based buffer overflow"


@@ -143,7 +228,7 @@ in [http://packages.debian.org/lenny/xine-lib xine-lib]
 in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
 "ffmpeg-debian: Several security issues"
 
 in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
 "ffmpeg-debian: Several security issues"
 

-= Fresh bugs =
+== Fresh bugs ==

 
 These are very recent and presumably will get dealt with by the package maintainers without help.
 
 
 These are very recent and presumably will get dealt with by the package maintainers without help.
 


@@ -179,10 +264,6 @@ in [http://packages.debian.org/lenny/mldonkey-server mldonkey-server]
 in [http://packages.debian.org/lenny/openoffice.org-writer openoffice.org-writer]
 "openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
 
 in [http://packages.debian.org/lenny/openoffice.org-writer openoffice.org-writer]
 "openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507883 507883]
-in [http://packages.debian.org/lenny/asterisk asterisk]
-"asterisk: Very frequent segfaults on startup"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507889 507889]
 in [http://packages.debian.org/lenny/mdadm mdadm]
 "mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507889 507889]
 in [http://packages.debian.org/lenny/mdadm mdadm]
 "mdadm: initramfs-tools script is broken, system with root on RAID won't boot"


@@ -191,10 +272,6 @@ in [http://packages.debian.org/lenny/mdadm mdadm]
 in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
 "mazegaki conversion cannot be used"
 
 in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
 "mazegaki conversion cannot be used"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508124 508124]
-in [http://packages.debian.org/lenny/python-m2crypto python-m2crypto]
-"Yum crashes when setting-up a CentOS chroot OS"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 508133]
 in [http://packages.debian.org/lenny/libmad0 libmad0]
 "audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 508133]
 in [http://packages.debian.org/lenny/libmad0 libmad0]
 "audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"


@@ -203,10 +280,6 @@ in [http://packages.debian.org/lenny/libmad0 libmad0]
 in [http://packages.debian.org/lenny/sun-java5 sun-java5]
 "sun-java5: New upstream release fixes several security issues"
 
 in [http://packages.debian.org/lenny/sun-java5 sun-java5]
 "sun-java5: New upstream release fixes several security issues"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265]
-in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source]
-"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313 508313]
 in [http://packages.debian.org/lenny/xine-lib xine-lib]
 "xine-lib: CVE-2008-5234 heap overflow in atom parsing"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313 508313]
 in [http://packages.debian.org/lenny/xine-lib xine-lib]
 "xine-lib: CVE-2008-5234 heap overflow in atom parsing"


@@ -231,10 +304,6 @@ in [http://packages.debian.org/lenny/imagemagick imagemagick]
 in [http://packages.debian.org/lenny/iodbc iodbc]
 "iodbc: Segfaults when asking for the available DSNs"
 
 in [http://packages.debian.org/lenny/iodbc iodbc]
 "iodbc: Segfaults when asking for the available DSNs"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
-in [http://packages.debian.org/lenny/debget debget]
-"Can't parse packages.debian.org output anymore"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508392 508392]
 in [http://packages.debian.org/lenny/dpkg dpkg]
 "Handling of conflicting conffiles broken"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508392 508392]
 in [http://packages.debian.org/lenny/dpkg dpkg]
 "Handling of conflicting conffiles broken"


@@ -247,19 +316,15 @@ in [http://packages.debian.org/lenny/f2c f2c]
 in [http://packages.debian.org/lenny/merkaartor merkaartor]
 "merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
 
 in [http://packages.debian.org/lenny/merkaartor merkaartor]
 "merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502845 502845]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"open-iscsi: no login using amd64"
-

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508589 508589]
 in [http://packages.debian.org/lenny/linux-2.6 linux-2.6]
 "ppp: USB Modem removal after PPP exits kills keyboard"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508589 508589]
 in [http://packages.debian.org/lenny/linux-2.6 linux-2.6]
 "ppp: USB Modem removal after PPP exits kills keyboard"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508635 508635]
-in [http://packages.debian.org/lenny/libexif-gtk-dev libexif-gtk-dev]
-"libexif-gtk-dev: References no longer existing libXcursor.la"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508660 508660]
+in [http://packages.debian.org/lenny/autopkgtest-xenlvm autopkgtest-xenlvm]
+"adtxenlvm: initscript assumes eth0"

 
 

-= Mostly solved? =
+== Mostly solved? ==

 
 These look like good progress is being made and they'll get fixed
 soon. Do we need a DD to do an NMU on any of these?
 
 These look like good progress is being made and they'll get fixed
 soon. Do we need a DD to do an NMU on any of these?


@@ -268,9 +333,9 @@ soon. Do we need a DD to do an NMU on any of these?
 in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
 "CVE-2007-3215: phpmailer issue (embedded code-copy)"
 
 in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
 "CVE-2007-3215: phpmailer issue (embedded code-copy)"
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
-in [http://packages.debian.org/lenny/smarty smarty]
-"smarty: Non-free logo included in package"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
+in [http://packages.debian.org/lenny/debget debget]
+"Can't parse packages.debian.org output anymore"

 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
 in [http://packages.debian.org/lenny/release-notes release-notes]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
 in [http://packages.debian.org/lenny/release-notes release-notes]


@@ -336,7 +401,26 @@ in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports]
 in [http://packages.debian.org/lenny/sun-java6 sun-java6]
 "AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
 
 in [http://packages.debian.org/lenny/sun-java6 sun-java6]
 "AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
 

-= Not much of use one can do =
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712]
+in [http://packages.debian.org/lenny/ghostscript ghostscript]
+"etch->lenny upgrade left the system in broken state"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508635 508635]
+in [http://packages.debian.org/lenny/libexif-gtk-dev libexif-gtk-dev]
+"libexif-gtk-dev: References no longer existing libXcursor.la"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460]
+in [http://packages.debian.org/lenny/oss-compat oss-compat]
+"oss-compat: modules are not loaded"
+
+
+== Not much of use one can do ==
+
+(waiting on reporter to reproduce)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293]
+in [http://packages.debian.org/lenny/installation-reports installation-reports]
+"installation-reports: Grub error: not a regular file..."

 
 (this one looks like it'll be removed from Lenny or have amd64 disabled)
 
 
 (this one looks like it'll be removed from Lenny or have amd64 disabled)
 


@@ -364,6 +448,10 @@ in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt]
 in [http://packages.debian.org/lenny/moodle moodle]
 "moodle: html2text.php is not DFSG-free"
 
 in [http://packages.debian.org/lenny/moodle moodle]
 "moodle: html2text.php is not DFSG-free"
 

+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232 495232]
+in [http://packages.debian.org/lenny/quagga quagga]
+"quagga: zebra ignores routes added via command line"
+

 (misc)
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
 (misc)
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]


@@ -382,38 +470,16 @@ in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
 in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
 "clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
 
 in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
 "clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
 

-= Flamewars =
-
-You might enjoy reading these, but they may not be good targets to fix.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737]
-in [http://packages.debian.org/lenny/otrs2 otrs2]
-"otrs2 - makes files in /usr writable by non-root"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
-in [http://packages.debian.org/lenny/wordpress wordpress]
-"wordpress can be subject of delayed attacks via cookies"
-
-For this one, the actual flameware is off the bug report log.
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"longstanding DFSG violations in linux-2.6 package"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504747 504747]
-in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk]
-"gnu-fdisk: wipes out MBR when used on GPT partitions"
-
-= Would have been fun =
-
-Entertaining to read but sadly already fixed.
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 506353]
+in [http://packages.debian.org/lenny/mailscanner mailscanner]
+"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"

 
 

-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961]
-in auctex
-"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
+in [http://packages.debian.org/lenny/smarty smarty]
+"smarty: Non-free logo included in package"

 
 
 
 

-= Special team bugs =
+== Special team bugs ==

 
 These bugs are probably not good targets because the work involved with them at this point is to be done by someone on a special Debian team.
 
 
 These bugs are probably not good targets because the work involved with them at this point is to be done by someone on a special Debian team.
 


@@ -483,6 +549,7 @@ in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471]
 in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471]
 in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]

+

 "sarge images have syslinux binaries without source"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977]
 "sarge images have syslinux binaries without source"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977]


@@ -495,12 +562,10 @@ in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 
 This one is fixed in experimental:
 
 
 This one is fixed in experimental:
 

+
+

 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503907 503907]
 in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1]
 "epiphany-webkit: Crashes at startup whenever I go to a site."
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503907 503907]
 in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1]
 "epiphany-webkit: Crashes at startup whenever I go to a site."
 

-== Fixed! ==
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."