Now the Security FAQ (http://www.debian.org/security/faq) must be updated. This bug should probably be retitled and severity lowered.