- Make sure the issue is tracked in the tracker
- Criteria for potential DSA: Typically used as root, typically used
  on multiuser system, non-fringe, real world use case (i.e no debug,
  no examples)
- This is the initial batch reported by Dmitry, but there might have
  been followups? We should check this, I haven't caught up with
  mail backlog
- While some issues might not warrant a DSA for Etch, we should be
  a little more aggressive on maintainters not following up for
  Lenny and rather go for removal in such cases
- Since stable updates can be made by any DD we could also advertise
  this on debian-devel to find a volunteer if the respective
  maintainers are too busy
- I think we only need CVE IDs for issues fixed in a DSA or through
  a point update, oss-security should be better than a CNA pool since
  there's a risk of collisions



DSA: (Name in brackets if someone prepares a DSA)
 Binary-package: qemu (0.9.1-5) (CVE-2008-4553) (white)


SPU:
 Binary-package: ibackup (2.27-4.1) (CVE-2008-4475)
 Binary-package: sympa (5.3.4-5) (CVE-2008-4476)
 Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) (CVE-2008-4474)
 Binary-package: fwbuilder (2.1.19-3) (CVE requested)
 Binary-package: aegis-web (4.24-3) (CVE requested)
 Binary-package: rancid-util (2.3.2~a8-1) (CVE requested)
 Binary-package: fml (4.0.3.dfsg-2) (CVE requested)
 Binary-package: gdrae (0.1-1) (CVE requested)
 Binary-package: cdrw-taper (0.4-2)
 Binary-package: digitaldj (0.7.5-6+b1)
 Binary-package: xastir (1.9.2-1)
 Binary-package: aview (1.3.0rc1-8)
 Binary-package: xcal (4.1-18.3)
 Binary-package: mgt (2.31-5)
 Binary-package: sng (1.0.2-5)
 Binary-package: cdcontrol (1.90-1.1)
 Binary-package: apertium (3.0.7+1-1+b1)
 Binary-package: rccp (0.9-2)
 Binary-package: xmcd (2.6-19.3)
 Binary-package: xsabre (0.2.4b-23) (CVE-2008-4407)
 Binary-package: realtimebattle-common (1.0.8-2)
 Binary-package: cman (2.20080629-1)
 Binary-package: wims (3.62-13)
 Binary-package: konwert-filters (1.8-11.1)
 Binary-package: crossfire-maps (1.11.0-1)
 Binary-package: sgml2x (1.0.0-11.1)
 Binary-package: xen-utils-3.2-1 (3.2.1-2)
 Binary-package: myspell-tools (1:3.1-20)
 Binary-package: emacs-jabber (0.7.91-1)
 Binary-package: audiolink (0.05-1)
 Binary-package: impose+ (0.2-11)
 Binary-package: emacspeak (26.0-3) (CVE-2008-4191)
 Binary-package: netmrg (0.20-1)
 Binary-package: r-base-core (2.7.1-1) (CVE-2008-3931)
 Binary-package: dist (1:3.5-17-1)
 Binary-package: gpsdrive-scripts (2.10~pre4-3)
 Binary-package: rkhunter (1.3.2-3)
 Binary-package: mgetty-fax (1.1.36-1.2)

Non-issues (not exploitable, only examples or very exotic use cases,
e.g. only exploitable when debugging a certain option, not present
in Etch or only exploitable during package build time):
 Binary-package: ogle-mmx (0.9.2-5.2)
 Binary-package: ogle (0.9.2-5.2)
 Binary-package: openoffice.org-common (1:2.4.1-6)
 Binary-package: postfix (2.5.2-2)
 Binary-package: tiger (1:3.2.2-3.1)
 Binary-package: linuxtrade (3.65-8+b4)
 Binary-package: arb-common (0.0.20071207.1-4)
 Binary-package: scratchbox2 (1.99.0.24-1)
 Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
 Binary-package: firehol (1.256-4)
 Binary-package: mafft (6.240-1)
 Binary-package: liguidsoap (0.3.6-4)
 Binary-package: ampache (3.4.1-1)
 Binary-package: scilab-bin (4.1.2-5)
 Binary-package: bk2site (1:1.1.9-3.1)
 Binary-package: freevo (1.8.1-0)
 Binary-package: dpkg-cross (2.3.0)
 Binary-package: initramfs-tools (0.92f)
 Binary-package: datafreedom-perl (0.1.7-1)
 Binary-package: printfilters-ppd (2.13-9)
 Binary-package: sendmail-base (8.14.3-5)
 Binary-package: gccxml (0.9.0+cvs20080525-1)
 Binary-package: aegis (4.24-3)