in [http://packages.debian.org/lenny/installation-reports installation-reports]
"cdrom: Most of the system's files have a future timestamp causing at least update/config problems."
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999]
-in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt]
-"kicker: crashes on startup"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494293 494293]
in [http://packages.debian.org/lenny/installation-reports installation-reports]
"installation-reports: Grub error: not a regular file..."
in [http://packages.debian.org/lenny/oss-compat oss-compat]
"oss-compat: modules are not loaded"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800]
-in [http://packages.debian.org/lenny/bind9 bind9]
-"bind9: bind crashes with a list for allow-update"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]
-in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
-"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303]
in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports]
"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
-in [http://packages.debian.org/lenny/dbus dbus]
-"send_requested_reply="true" allows all non-reply messages"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712]
in [http://packages.debian.org/lenny/ghostscript ghostscript]
"etch->lenny upgrade left the system in broken state"
in [http://packages.debian.org/lenny/sun-java6 sun-java6]
"AWT_TOOLKIT=MToolkit causes java to segfault on amd64"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504626 504626]
-in [http://packages.debian.org/lenny/nvidia-glx nvidia-glx]
-"[nvidia-glx] Quietly drops support for several chipsets"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504661 504661]
in [http://packages.debian.org/lenny/nvidia-glx-legacy-96xx-dev nvidia-glx-legacy-96xx-dev]
"nvidia-glx-legacy-96xx-dev: /usr/lib/libGL.so symlink broken"
in [http://packages.debian.org/lenny/libgnutls26 libgnutls26]
"libgnutls26: 2.4.2-3 breaks OpenLDAP access"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"initiatorname.iscsi should maybe not be in /etc"
-
= Unclassified Security =
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
"ffmpeg-debian: Several security issues"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
-in [http://packages.debian.org/lenny/wordpress wordpress]
-"wordpress can be subject of delayed attacks via cookies"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
-in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
-"CVE-2007-3215: phpmailer issue (embedded code-copy)"
-
= Fresh bugs =
These are very recent and presumably will get dealt with by the package maintainers without help.
in [http://packages.debian.org/lenny/mdadm mdadm]
"mdadm: initramfs-tools script is broken, system with root on RAID won't boot"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947]
-in [http://packages.debian.org/lenny/moodle moodle]
-"moodle: html2text.php is not DFSG-free"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507996 507996]
in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
"mazegaki conversion cannot be used"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026]
-in [http://packages.debian.org/lenny/phppgadmin phppgadmin]
-"phpPgAdmin: Local File Inclusion Vulnerability"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
-in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
-"maintainer address bounces"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508124 508124]
in [http://packages.debian.org/lenny/python-m2crypto python-m2crypto]
"Yum crashes when setting-up a CentOS chroot OS"
in [http://packages.debian.org/lenny/sun-java5 sun-java5]
"sun-java5: New upstream release fixes several security issues"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257]
-in [http://packages.debian.org/lenny/twiki twiki]
-"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508265 508265]
in [http://packages.debian.org/lenny/sysprof-module-source sysprof-module-source]
"sysprof-module-source: doesn't compile on AMD64 arch (wrong register names)"
These look like good progress is being made and they'll get fixed
soon. Do we need a DD to do an NMU on any of these?
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
+in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
+"CVE-2007-3215: phpmailer issue (embedded code-copy)"
+
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
in [http://packages.debian.org/lenny/smarty smarty]
"smarty: Non-free logo included in package"
"/etc/init.d/snmpd start reports error if already running"
(Note: fixed, waiting on an upload?)
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508257 508257]
+in [http://packages.debian.org/lenny/twiki twiki]
+"CVE-2008-5305: TWiki SEARCH variable allows arbitrary shell command execution"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508026 508026]
+in [http://packages.debian.org/lenny/phppgadmin phppgadmin]
+"phpPgAdmin: Local File Inclusion Vulnerability"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501800 501800]
+in [http://packages.debian.org/lenny/bind9 bind9]
+"bind9: bind crashes with a list for allow-update"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
+in [http://packages.debian.org/lenny/dbus dbus]
+"send_requested_reply="true" allows all non-reply messages"
+
= Not much of use one can do =
in [http://packages.debian.org/lenny/xml2rfc xml2rfc]
"Yet another boilerplate change"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490999 490999]
+in [http://packages.debian.org/lenny/libqt3-mt libqt3-mt]
+"kicker: crashes on startup"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507947 507947]
+in [http://packages.debian.org/lenny/moodle moodle]
+"moodle: html2text.php is not DFSG-free"
+
+(misc)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
+in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
+"maintainer address bounces"
+
+(trivial fix may cause regression, may punt)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
+in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
+"initiatorname.iscsi should maybe not be in /etc"
+
+(legal issue involving non-free file)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]
+in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
+"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
+
= Flamewars =
You might enjoy reading these, but they may not be good targets to fix.
in [http://packages.debian.org/lenny/otrs2 otrs2]
"otrs2 - makes files in /usr writable by non-root"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
+in [http://packages.debian.org/lenny/wordpress wordpress]
+"wordpress can be subject of delayed attacks via cookies"
+
For this one, the actual flameware is off the bug report log.
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]