=== none

From the graphicsmagick 1.1.7-1 upload:

   * magick/constitute.c: Apply upstream fix for potential NULL pointer
     dereference in ReadImage().

Does this have a CVE name?
Does it affect imagemagick?

=== jmm

tikiwiki has been uploaded to the archive a month ago. All previous issues
in it should be reviewed, whether they're fixed and CVE/list updated
accordingly.

=== none

From the freewheeling 0.5pre4-5 upload:
 .
   * Fixes various gcc-4.0 warnings (uninitialised variables, non-void
     functions never returning, wrong printf format strings)
   * Fixed 2 buffer overflows in fweelin_core_dsp.cc

Are any of these exploitable issues?

=== none

ffmpeg creates libavcodec only statically. It should be evaluated if there's
really a compelling reason, as it requires massive recompiles for every security
update. If upstream is reluctant this could be done locally for Etch at least.

=== none

MOTIF 1.2 support has been deprecated upstream. We need to get rid of lesstif1
for Etch, it already caused us great pain during the last security problems.
The transition isn't very difficult, it's a recompile against lesstif2-dev
in most cases. Most packages still using lesstif1 are effectively unmaintained,
many of them can probably just as well be orphaned or removed.