in [http://packages.debian.org/lenny/libgnutls26 libgnutls26]
"libgnutls26: 2.4.2-3 breaks OpenLDAP access"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"initiatorname.iscsi should maybe not be in /etc"
-
= Unclassified Security =
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
in [http://packages.debian.org/lenny/xine-lib xine-lib]
"xine-lib: CVE-2008-5246 heap overflow"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
-in [http://packages.debian.org/lenny/wireshark wireshark]
-"wireshark: DoS caused by sending a SMTP request with large content"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
"ffmpeg-debian: Several security issues"
in [http://packages.debian.org/lenny/dbus dbus]
"send_requested_reply="true" allows all non-reply messages"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
+in [http://packages.debian.org/lenny/wireshark wireshark]
+"wireshark: DoS caused by sending a SMTP request with large content"
+
= Not much of use one can do =
in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
"maintainer address bounces"
+(trivial fix may cause regression, may punt)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
+in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
+"initiatorname.iscsi should maybe not be in /etc"
+
(legal issue involving non-free file)
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]