(no commit message)
[wiki.git] / doc / LennyBugsAll
index 3887efef3a4cf0ec6ef55c54fc1304d63e9db737..7a5ad7f46522bb789c8bd42ef1ee497613f69817 100644 (file)
@@ -1,3 +1,7 @@
+= Open RC Bugs in Lenny =
+
+These are bugs to consider at SIPB's [LennyBugs RC-bug-squashing hackathon] for Lenny.
+
 Bug list dumped early 2008-12-12.  The pipeline was
  `$ cd /mit/debathena/debian-bts && ./get_bugs | sort | ./bugs-format-trac`
 
 Bug list dumped early 2008-12-12.  The pipeline was
  `$ cd /mit/debathena/debian-bts && ./get_bugs | sort | ./bugs-format-trac`
 
@@ -5,17 +9,40 @@ Please sort into useful/not useful, add notes, etc.
 
 = Juicy? =
 
 
 = Juicy? =
 
+Try these!
+
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui]
 "xine-ui: ctrl/shift key press emulation implementation broken"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374644 374644] in [http://packages.debian.org/lenny/xine-ui xine-ui]
 "xine-ui: ctrl/shift key press emulation implementation broken"
-(Note: have patch but it's broken.  Test?  Find a fix?)
+[[BR]](Note: have patch but it's broken.  Test?  Find a fix?)
 
 
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465]
+in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
+"/init exports MODPROBE_OPTIONS=-qb"
+[[BR]](Note: real bug report is near bottom.)
 
 
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525]
+in [http://packages.debian.org/lenny/python-hid python-hid]
+"python-hid: hid module will not import since python policy transition"
+[[BR]](Note: have patch, looks messy, looks like not-too-hard bug to fix well.)
 
 
-= Unclassified =
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072]
+in [http://packages.debian.org/lenny/dk-filter dk-filter]
+"dk-filter reliably crashes upon connection from postfix"
+[[BR]](Note: bug report, little followup.  Test, reproduce, debug, fix.)
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473]
-in [http://packages.debian.org/lenny/wnpp wnpp]
-"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
+These ones are only about 2 weeks old:
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071 507071]
+in [http://packages.debian.org/lenny/racoon racoon]
+"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072 507072]
+in [http://packages.debian.org/lenny/ipsec-tools ipsec-tools]
+"libipsec0 packaged in ipsec-tools without development headers"
+
+= Specific hardware =
+
+If you have the relevant hardware you could help a lot.
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394963 394963]
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394963 394963]
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
@@ -25,45 +52,46 @@ in [http://packages.debian.org/lenny/installation-reports installation-reports]
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "cdrom: Etch does not detect CD-ROM on Acer Aspire 7100"
 
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "cdrom: Etch does not detect CD-ROM on Acer Aspire 7100"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426465 426465]
-in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
-"/init exports MODPROBE_OPTIONS=-qb"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717 478717]
+in [http://packages.debian.org/lenny/ruby1.9 ruby1.9]
+"ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140]
-in [http://packages.debian.org/lenny/installation-reports installation-reports]
-"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499078 499078]
+in [http://packages.debian.org/lenny/jfsutils jfsutils]
+"jfsutils: Bus Error when running fsck.jfs on sparc"
+
+= Examples =
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954]
+in [http://packages.debian.org/lenny/bind9 bind9]
+"bind9: Fails to start due to SIGSEGV"
+[[BR]]This bug sat unfixed for months.  Then someone attacked it in a bug-squashing party,
+got the first reproducible testcase, and sent that upstream, which swiftly produced a fix.
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451628 451628]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"Packages might enter the archive from security without source"
+
+= May be a lot of work =
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037]
 in [http://packages.debian.org/lenny/fenix fenix]
 "fenix: not 64 bit clean"
 
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=456037 456037]
 in [http://packages.debian.org/lenny/fenix fenix]
 "fenix: not 64 bit clean"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737]
-in [http://packages.debian.org/lenny/otrs2 otrs2]
-"otrs2 - makes files in /usr writable by non-root"
+= Puzzling =
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475958 475958]
-in [http://packages.debian.org/lenny/release-notes release-notes]
-"document procedure to recover from "/dev/hda became /dev/sda" boot failure"
+Someone please explain what's going on (Debian Project-wise) in these bugs.
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476210 476210]
-in [http://packages.debian.org/lenny/xbat xbat]
-"xbat: game elements do not display properly"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323473 323473]
+in [http://packages.debian.org/lenny/wnpp wnpp]
+"ITA: mol-drivers-linux -- The Mac-on-Linux emulator - drivers for Linux"
+[[BR]](Note: The bug is for someone to take over maintainership.  They did.  Then when the bug gets automatically archived, they reply saying to keep it?  I (price) don't understand.)
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476525 476525]
-in [http://packages.debian.org/lenny/python-hid python-hid]
-"python-hid: hid module will not import since python policy transition"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478717 478717]
-in [http://packages.debian.org/lenny/ruby1.9 ruby1.9]
-"ruby1.9: FTBFS on hppa: make[1]: *** [all] Segmentation fault"
+= Unclassified =
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481072 481072]
-in [http://packages.debian.org/lenny/dk-filter dk-filter]
-"dk-filter reliably crashes upon connection from postfix"
+Please read these reports and figure out what category they belong in.  Or make a new category.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=436140 436140]
+in [http://packages.debian.org/lenny/installation-reports installation-reports]
+"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490171 490171]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
@@ -77,10 +105,6 @@ in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt]
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "installation-reports: Grub error: not a regular file..."
 
 in [http://packages.debian.org/lenny/installation-reports installation-reports]
 "installation-reports: Grub error: not a regular file..."
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495178 495178]
-in [http://packages.debian.org/lenny/libjs-jquery libjs-jquery]
-"libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232 495232]
 in [http://packages.debian.org/lenny/quagga quagga]
 "quagga: zebra ignores routes added via command line"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495232 495232]
 in [http://packages.debian.org/lenny/quagga quagga]
 "quagga: zebra ignores routes added via command line"
@@ -93,22 +117,10 @@ in [http://packages.debian.org/lenny/installation-reports installation-reports]
 in [http://packages.debian.org/lenny/mdadm mdadm]
 "mdadm segfault on --assemble --force with raid10"
 
 in [http://packages.debian.org/lenny/mdadm mdadm]
 "mdadm segfault on --assemble --force with raid10"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496954 496954]
-in [http://packages.debian.org/lenny/bind9 bind9]
-"bind9: Fails to start due to SIGSEGV"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471]
 in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
 "sarge images have syslinux binaries without source"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497471 497471]
 in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
 "sarge images have syslinux binaries without source"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"longstanding DFSG violations in linux-2.6 package"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499078 499078]
-in [http://packages.debian.org/lenny/jfsutils jfsutils]
-"jfsutils: Bus Error when running fsck.jfs on sparc"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460]
 in [http://packages.debian.org/lenny/oss-compat oss-compat]
 "oss-compat: modules are not loaded"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500460 500460]
 in [http://packages.debian.org/lenny/oss-compat oss-compat]
 "oss-compat: modules are not loaded"
@@ -145,10 +157,6 @@ in [http://packages.debian.org/lenny/ghostscript ghostscript]
 in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1]
 "epiphany-webkit: Crashes at startup whenever I go to a site."
 
 in [http://packages.debian.org/lenny/libwebkit-1.0-1 libwebkit-1.0-1]
 "epiphany-webkit: Crashes at startup whenever I go to a site."
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
-in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
-"CVE-2007-3215: phpmailer issue (embedded code-copy)"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504373 504373]
 in [http://packages.debian.org/lenny/libtemplate-perl libtemplate-perl]
 "libtemplate-perl: Upgrade from etch breaks code using DBI plugins"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504373 504373]
 in [http://packages.debian.org/lenny/libtemplate-perl libtemplate-perl]
 "libtemplate-perl: Upgrade from etch breaks code using DBI plugins"
@@ -169,46 +177,22 @@ in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legac
 in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk]
 "gnu-fdisk: wipes out MBR when used on GPT partitions"
 
 in [http://packages.debian.org/lenny/gnu-fdisk gnu-fdisk]
 "gnu-fdisk: wipes out MBR when used on GPT partitions"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
-in [http://packages.debian.org/lenny/wordpress wordpress]
-"wordpress can be subject of delayed attacks via cookies"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504918 504918]
 in [http://packages.debian.org/lenny/network-manager network-manager]
 "Updating to lenny failed when NetworkManager got updated"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504918 504918]
 in [http://packages.debian.org/lenny/network-manager network-manager]
 "Updating to lenny failed when NetworkManager got updated"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
-in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
-"ffmpeg-debian: Several security issues"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237 505237]
 in [http://packages.debian.org/lenny/snmpd snmpd]
 "/etc/init.d/snmpd start reports error if already running"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505237 505237]
 in [http://packages.debian.org/lenny/snmpd snmpd]
 "/etc/init.d/snmpd start reports error if already running"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
-in [http://packages.debian.org/lenny/icedove icedove]
-"Mozilla Thunderbird Multiple Vulnerabilities"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057]
 in [http://packages.debian.org/lenny/splashy splashy]
 "splashy: Splashy fails to install due to missing default theme"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506057 506057]
 in [http://packages.debian.org/lenny/splashy splashy]
 "splashy: Splashy fails to install due to missing default theme"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506152 506152]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libept0 should have priority important"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 506353]
-in [http://packages.debian.org/lenny/mailscanner mailscanner]
-"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506652 506652]
 in [http://packages.debian.org/lenny/xml2rfc xml2rfc]
 "Yet another boilerplate change"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506652 506652]
 in [http://packages.debian.org/lenny/xml2rfc xml2rfc]
 "Yet another boilerplate change"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
-in [http://packages.debian.org/lenny/wireshark wireshark]
-"wireshark: DoS caused by sending a SMTP request with large content"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506748 506748]
 in [http://packages.debian.org/lenny/rtorrent rtorrent]
 "crash rtorrent by scgi-interface (function: 'fi.get_filename_last')"
@@ -217,10 +201,6 @@ in [http://packages.debian.org/lenny/rtorrent rtorrent]
 in [http://packages.debian.org/lenny/libgnutls26 libgnutls26]
 "libgnutls26: 2.4.2-3 breaks OpenLDAP access"
 
 in [http://packages.debian.org/lenny/libgnutls26 libgnutls26]
 "libgnutls26: 2.4.2-3 breaks OpenLDAP access"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506883 506883]
-in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
-"tuxguitar: hard-codes dependencies on libraries"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977]
 in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 "FPC: copyright infringement in pre 2.2.2 sources"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506977 506977]
 in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 "FPC: copyright infringement in pre 2.2.2 sources"
@@ -229,30 +209,10 @@ in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
 "initiatorname.iscsi should maybe not be in /etc"
 
 in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
 "initiatorname.iscsi should maybe not be in /etc"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507021 507021]
-in [http://packages.debian.org/lenny/helpdeco helpdeco]
-"Fails to work on amd64"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507059 507059]
 in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
 "initramfs-tools: Wrong check for udevadm in functions"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507059 507059]
 in [http://packages.debian.org/lenny/initramfs-tools initramfs-tools]
 "initramfs-tools: Wrong check for udevadm in functions"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507071 507071]
-in [http://packages.debian.org/lenny/racoon racoon]
-"racoon - Fails after upgrade: symbol lookup error: /usr/sbin/racoon: undefined symbol: libipsec_opt"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507072 507072]
-in [http://packages.debian.org/lenny/ipsec-tools ipsec-tools]
-"libipsec0 packaged in ipsec-tools without development headers"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
-in [http://packages.debian.org/lenny/xine-lib xine-lib]
-"xine-lib: CVE-2008-5242 heap-based buffer overflow"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184 507184]
-in [http://packages.debian.org/lenny/xine-lib xine-lib]
-"xine-lib: CVE-2008-5246 heap overflow"
-
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507239 507239]
 in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 "RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507239 507239]
 in [http://packages.debian.org/lenny/release.debian.org release.debian.org]
 "RM: astrolog/stable -- RoQA; orphaned long time, non-free, contains potentially undistributable code"
@@ -265,101 +225,73 @@ in [http://packages.debian.org/lenny/amule-daemon amule-daemon]
 in [http://packages.debian.org/lenny/smarty smarty]
 "smarty: Non-free logo included in package"
 
 in [http://packages.debian.org/lenny/smarty smarty]
 "smarty: Non-free logo included in package"
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507558 507558]
-in [http://packages.debian.org/lenny/hibernate hibernate]
-"ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507576 507576]
-in [http://packages.debian.org/lenny/xbattbar-acpi xbattbar-acpi]
-"missing dependency: libconfig"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507579 507579]
-in [http://packages.debian.org/lenny/yocto-reader yocto-reader]
-"Package installation results in license violation"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507675 507675]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python2.5 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507678 507678]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libsqlite3-0 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507706 507706]
-in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
-"Missing sources for d-i components/kernel of etch-n-half images"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721 507721]
-in [http://packages.debian.org/lenny/cryptsetup cryptsetup]
-"cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507775 507775]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libkeyutils1 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507778 507778]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libldap-2.4-2 should have priority standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507779 507779]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"[Priorities] libustr-1.0-1 -> standard"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507780 507780]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python-sepolgen should have priority standard"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507783 507783]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libxml2 should have priority standard"
+= Unclassified Security =
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507784 507784]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"python2.5-minimal should have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
+in [http://packages.debian.org/lenny/icedove icedove]
+"Mozilla Thunderbird Multiple Vulnerabilities"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507796 507796]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libisccfg40 should have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353 506353]
+in [http://packages.debian.org/lenny/mailscanner mailscanner]
+"CVE-2008-5312/3: mailscanner might allow local users to overwrite arbitrary files via a symlink attack"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507797 507797]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libisccc40 should have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507165 507165]
+in [http://packages.debian.org/lenny/xine-lib xine-lib]
+"xine-lib: CVE-2008-5242 heap-based buffer overflow"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507798 507798]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libedit2 should have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507184 507184]
+in [http://packages.debian.org/lenny/xine-lib xine-lib]
+"xine-lib: CVE-2008-5246 heap overflow"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507799 507799]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libgssglue1 must have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
+in [http://packages.debian.org/lenny/wireshark wireshark]
+"wireshark: DoS caused by sending a SMTP request with large content"
 
 
-= Mostly solved? =
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
+in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
+"ffmpeg-debian: Several security issues"
 
 
-These look like good progress is being made and they'll get fixed soon.
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
+in [http://packages.debian.org/lenny/wordpress wordpress]
+"wordpress can be subject of delayed attacks via cookies"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
-in [http://packages.debian.org/lenny/release-notes release-notes]
-"release-notes: Where's the license?"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
+in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
+"CVE-2007-3215: phpmailer issue (embedded code-copy)"
 
 = Fresh bugs =
 
 These are very recent and presumably will get dealt with by the package maintainers without help.
 
 
 = Fresh bugs =
 
 These are very recent and presumably will get dealt with by the package maintainers without help.
 
-If you're bored you might look through and see if some are interesting anyway.  Also feel free to draw the line at some other time.
+If you're bored you might look through and see if some are interesting anyway.  Also feel free to draw the line at some other time; I (price) picked December 1, arbitrarily.
 
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=239111 239111]
 in [http://packages.debian.org/lenny/grub grub]
 "Freeze when installing GRUB on XFS boot partition"
 
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=239111 239111]
 in [http://packages.debian.org/lenny/grub grub]
 "Freeze when installing GRUB on XFS boot partition"
-(Note: just re-opened 2008-12-12)
+[[BR]](Note: just re-opened 2008-12-12)
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507800 507800]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"ucf must have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507558 507558]
+in [http://packages.debian.org/lenny/hibernate hibernate]
+"ignores "LockXLock yes" setting in /etc/hibernate/common.conf (e.g. does not lock the screen)"
 
 
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507801 507801]
-in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
-"libpci3 must have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507576 507576]
+in [http://packages.debian.org/lenny/xbattbar-acpi xbattbar-acpi]
+"missing dependency: libconfig"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507579 507579]
+in [http://packages.debian.org/lenny/yocto-reader yocto-reader]
+"Package installation results in license violation"
+
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507706 507706]
+in [http://packages.debian.org/lenny/cdimage.debian.org cdimage.debian.org]
+"Missing sources for d-i components/kernel of etch-n-half images"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507721 507721]
+in [http://packages.debian.org/lenny/cryptsetup cryptsetup]
+"cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it"
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507818 507818]
 in [http://packages.debian.org/lenny/mldonkey-server mldonkey-server]
 
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507818 507818]
 in [http://packages.debian.org/lenny/mldonkey-server mldonkey-server]
@@ -460,3 +392,125 @@ in [http://packages.debian.org/lenny/iodbc iodbc]
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
 in [http://packages.debian.org/lenny/debget debget]
 "Can't parse packages.debian.org output anymore"
 [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508510 508510]
 in [http://packages.debian.org/lenny/debget debget]
 "Can't parse packages.debian.org output anymore"
+
+
+= Mostly solved? =
+
+These look like good progress is being made and they'll get fixed soon.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332782 332782]
+in [http://packages.debian.org/lenny/release-notes release-notes]
+"release-notes: Where's the license?"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475958 475958]
+in [http://packages.debian.org/lenny/release-notes release-notes]
+"document procedure to recover from "/dev/hda became /dev/sda" boot failure"
+[[BR]](Note: looks done, just not closed.)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476210 476210]
+in [http://packages.debian.org/lenny/xbat xbat]
+"xbat: game elements do not display properly"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506883 506883]
+in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
+"tuxguitar: hard-codes dependencies on libraries"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495178 495178]
+in [http://packages.debian.org/lenny/libjs-jquery libjs-jquery]
+"libjs-jquery: Should compile jquery.min.js and jquery.pack.js from jquery.js"
+
+(this one looks like it'll be removed from Lenny or have amd64 disabled)
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507021 507021]
+in [http://packages.debian.org/lenny/helpdeco helpdeco]
+"Fails to work on amd64"
+
+= Flamewars =
+
+You might enjoy reading these, but they may not be good targets to fix.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475737 475737]
+in [http://packages.debian.org/lenny/otrs2 otrs2]
+"otrs2 - makes files in /usr writable by non-root"
+
+For this one, the actual flameware is off the bug report log.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"longstanding DFSG violations in linux-2.6 package"
+
+= Would have been fun =
+
+Entertaining to read but sadly already fixed.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506961 506961]
+in auctex
+"auctex: reuses old logfile on emacsen upgrades, enabling symlink attack"
+
+
+= Ftpmaster bugs =
+
+These bugs are probably not good targets because the work involved with them is easy for either the maintainer or ftpmasters to fix.
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=451628 451628]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"Packages might enter the archive from security without source"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506152 506152]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libept0 should have priority important"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507675 507675]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"python2.5 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507678 507678]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libsqlite3-0 should have priority standard"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507775 507775]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libkeyutils1 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507778 507778]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libldap-2.4-2 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507779 507779]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"[Priorities] libustr-1.0-1 -> standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507780 507780]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"python-sepolgen should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507783 507783]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libxml2 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507784 507784]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"python2.5-minimal should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507796 507796]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libisccfg40 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507797 507797]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libisccc40 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507798 507798]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libedit2 should have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507799 507799]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libgssglue1 must have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507800 507800]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"ucf must have priority standard"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507801 507801]
+in [http://packages.debian.org/lenny/ftp.debian.org ftp.debian.org]
+"libpci3 must have priority standard"
+