Hi, based on the maintainer's comments in the bug log, it seems dubious whether the bug #495968 (insecure /tmp file vulnerability) is fixed in time for lenny. Given that it has never been released with Debian before, it would be better to remove gpicview from lenny for now than to risk releasing the vulnerable package. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/