+= Unclassified Security =
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
+in [http://packages.debian.org/lenny/icedove icedove]
+"Mozilla Thunderbird Multiple Vulnerabilities"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
+in [http://packages.debian.org/lenny/xine-lib xine-lib]
+"xine-lib: CVE-2008-5242 heap-based buffer overflow"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184 507184]
+in [http://packages.debian.org/lenny/xine-lib xine-lib]
+"xine-lib: CVE-2008-5246 heap overflow"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
+in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
+"ffmpeg-debian: Several security issues"
+
+= Fresh bugs =
+
+These are very recent and presumably will get dealt with by the package maintainers without help.
+
+If you're bored you might look through and see if some are interesting anyway. Also feel free to draw the line at some other time; I (price) picked December 1, arbitrarily.
+
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=239111 239111]
+in [http://packages.debian.org/lenny/grub grub]
+"Freeze when installing GRUB on XFS boot partition"
+[[BR]](Note: just re-opened 2008-12-12)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507558 507558]
+in [http://packages.debian.org/lenny/hibernate hibernate]
+"ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507579 507579]
+in [http://packages.debian.org/lenny/yocto-reader yocto-reader]
+"Package installation results in license violation"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507706 507706]
+in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
+"Missing sources for d-i components/kernel of etch-n-half images"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721 507721]
+in [http://packages.debian.org/lenny/cryptsetup cryptsetup]
+"cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507818 507818]
+in [http://packages.debian.org/lenny/mldonkey-server mldonkey-server]
+"mldonkey-server: mlnet does not start, logs syntax error in downloads.ini"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507865 507865]
+in [http://packages.debian.org/lenny/openoffice.org-writer openoffice.org-writer]
+"openoffice.org-writer: OOo 2.4.x openinig OOo 3 files doesn't show text (2.x implements standard wrong)"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507889 507889]
+in [http://packages.debian.org/lenny/mdadm mdadm]
+"mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996 507996]
+in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
+"mazegaki conversion cannot be used"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133 508133]
+in [http://packages.debian.org/lenny/libmad0 libmad0]
+"audacity: munmap_chunk(): invalid pointer: 0x00000000026f4eb0"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508194 508194]
+in [http://packages.debian.org/lenny/sun-java5 sun-java5]
+"sun-java5: New upstream release fixes several security issues"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265]
+in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source]
+"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508313 508313]
+in [http://packages.debian.org/lenny/xine-lib xine-lib]
+"xine-lib: CVE-2008-5234 heap overflow in atom parsing"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508322 508322]
+in [http://packages.debian.org/lenny/wodim wodim]
+"wodim: Cannot load media. Cannot init drive."
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508324 508324]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"ftp.debian.org: gcc-4.2-base is not really required"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508434 508434]
+in [http://packages.debian.org/lenny/ipmitool ipmitool]
+"ipmitool: Several init script problems due to wrong pidfile name"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508443 508443]
+in [http://packages.debian.org/lenny/imagemagick imagemagick]
+"convert crash on sparc during compilation of djvulibre (work on x86-64)"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508480 508480]
+in [http://packages.debian.org/lenny/iodbc iodbc]
+"iodbc: Segfaults when asking for the available DSNs"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508392 508392]
+in [http://packages.debian.org/lenny/dpkg dpkg]
+"Handling of conflicting conffiles broken"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508565 508565]
+in [http://packages.debian.org/lenny/f2c f2c]
+"f2c: does not translate properly in EMT64 machines"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508551 508551]
+in [http://packages.debian.org/lenny/merkaartor merkaartor]
+"merkaartor: crash on startup: QPaintEngine::setSystemClip: Should not be change
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508589 508589]
+in [http://packages.debian.org/lenny/linux-2.6 linux-2.6]
+"ppp: USB Modem removal after PPP exits kills keyboard"
+
+= Mostly solved? =
+
+These look like good progress is being made and they'll get fixed
+soon. Do we need a DD to do an NMU on any of these?
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
+in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
+"CVE-2007-3215: phpmailer issue (embedded code-copy)"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
+in [http://packages.debian.org/lenny/smarty smarty]
+"smarty: Non-free logo included in package"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
+in [http://packages.debian.org/lenny/debget debget]
+"Can't parse packages.debian.org output anymore"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
+in [http://packages.debian.org/lenny/release-notes release-notes]
+"release-notes: Where's the license?"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475958 475958]
+in [http://packages.debian.org/lenny/release-notes release-notes]
+"document procedure to recover from "/dev/hda became /dev/sda" boot failure"
+[[BR]](Note: looks done, just not closed.)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506883 506883]
+in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
+"tuxguitar: hard-codes dependencies on libraries"