in [http://packages.debian.org/lenny/oss-compat oss-compat]
"oss-compat: modules are not loaded"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]
-in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
-"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503303 503303]
in [http://packages.debian.org/lenny/upgrade-reports upgrade-reports]
"etch -> lenny minimal chrrot upgrade fails due to Conflicts/Pre-Depends loop"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
-in [http://packages.debian.org/lenny/dbus dbus]
-"send_requested_reply="true" allows all non-reply messages"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503712 503712]
in [http://packages.debian.org/lenny/ghostscript ghostscript]
"etch->lenny upgrade left the system in broken state"
in [http://packages.debian.org/lenny/libgnutls26 libgnutls26]
"libgnutls26: 2.4.2-3 breaks OpenLDAP access"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
-in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
-"initiatorname.iscsi should maybe not be in /etc"
-
= Unclassified Security =
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505563 505563]
in [http://packages.debian.org/lenny/xine-lib xine-lib]
"xine-lib: CVE-2008-5246 heap overflow"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
-in [http://packages.debian.org/lenny/wireshark wireshark]
-"wireshark: DoS caused by sending a SMTP request with large content"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504977 504977]
in [http://packages.debian.org/lenny/ffmpeg-debian ffmpeg-debian]
"ffmpeg-debian: Several security issues"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
-in [http://packages.debian.org/lenny/wordpress wordpress]
-"wordpress can be subject of delayed attacks via cookies"
-
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
-in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
-"CVE-2007-3215: phpmailer issue (embedded code-copy)"
-
= Fresh bugs =
These are very recent and presumably will get dealt with by the package maintainers without help.
in [http://packages.debian.org/lenny/uim-tcode uim-tcode]
"mazegaki conversion cannot be used"
-[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
-in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
-"maintainer address bounces"
-
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508124 508124]
in [http://packages.debian.org/lenny/python-m2crypto python-m2crypto]
"Yum crashes when setting-up a CentOS chroot OS"
These look like good progress is being made and they'll get fixed
soon. Do we need a DD to do an NMU on any of these?
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504283 504283]
+in [http://packages.debian.org/lenny/egroupware-core egroupware-core]
+"CVE-2007-3215: phpmailer issue (embedded code-copy)"
+
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507316 507316]
in [http://packages.debian.org/lenny/smarty smarty]
"smarty: Non-free logo included in package"
in [http://packages.debian.org/lenny/bind9 bind9]
"bind9: bind crashes with a list for allow-update"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 503532]
+in [http://packages.debian.org/lenny/dbus dbus]
+"send_requested_reply="true" allows all non-reply messages"
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506741 506741]
+in [http://packages.debian.org/lenny/wireshark wireshark]
+"wireshark: DoS caused by sending a SMTP request with large content"
+
= Not much of use one can do =
in [http://packages.debian.org/lenny/moodle moodle]
"moodle: html2text.php is not DFSG-free"
+(misc)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508091 508091]
+in [http://packages.debian.org/lenny/tuxguitar tuxguitar]
+"maintainer address bounces"
+
+(trivial fix may cause regression, may punt)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507003 507003]
+in [http://packages.debian.org/lenny/open-iscsi open-iscsi]
+"initiatorname.iscsi should maybe not be in /etc"
+
+(legal issue involving non-free file)
+
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502751 502751]
+in [http://packages.debian.org/lenny/clamav-getfiles clamav-getfiles]
+"clamav-getfiles: piuparts test fails: eicar.com md5sum mismatch, file needs downloading"
+
= Flamewars =
You might enjoy reading these, but they may not be good targets to fix.
in [http://packages.debian.org/lenny/otrs2 otrs2]
"otrs2 - makes files in /usr writable by non-root"
+[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771 504771]
+in [http://packages.debian.org/lenny/wordpress wordpress]
+"wordpress can be subject of delayed attacks via cookies"
+
For this one, the actual flameware is off the bug report log.
[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497823 497823]