Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer overflow) bug in etch and sarge. It has debian bug #410580 Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?