Hi Raphael
I did not want to tag then no-dsa (without further analysis) due to the following:
1) Our recent discussion regarding heap overflow (causing arbitrary code execuition) not being protected by the compiler.
2) Stable security use no-dsa to mark that they are not immediately fixed but could be fixed in a point release. Oldstable security do not have a point release so therefore we should not use no-dsa as frequently.
However if you think they are minor enough I'll happily mark them no-dsa as well.
// Ola