+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257]
+in [http://packages.debian.org/lenny/twiki twiki]
+"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026]
+in [http://packages.debian.org/lenny/phppgadmin phppgadmin]
+"phpPgAdmin: Local File Inclusion Vulnerability"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800]
+in [http://packages.debian.org/lenny/bind9 bind9]
+"bind9: bind crashes with a list for allow-update"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
+in [http://packages.debian.org/lenny/dbus dbus]
+"send_requested_reply="true" allows all non-reply messages"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
+in [http://packages.debian.org/lenny/wireshark wireshark]
+"wireshark: DoS caused by sending a SMTP request with large content"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303]
+in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports]
+"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504524 504524]
+in [http://packages.debian.org/lenny/sun-java6 sun-java6]
+"AWT_TOOLKIT=MToolkit causes java to segfault on amd64"