so here are three RC bugs with maintainers clearly indicating that they
don't want the buggy packages to release and none look like they will be
fixed. The package do not have reverse dependencies, so they seem to be
good for removal.
....
mailscanner #506353
The maintainer Simon Walter writes:
In the current state the package should not be part of
the lenny release.
I'm in no position to fix all this. I'm not familiar enough with
the MailScanner sourcecode and I'm not able to test the changes I
would have to make, in particular to all the virusscanner scripts.
upstream apparently does not seem to, let's say, consider the tempfile
vulnerability a bug and does not seem to want to fix it.