* Nico Golde: > Looking at the underlying tracker data the problem seems to > be that DSA-1466-2 included an upload for libxfont for the > above CVE ids while only CVE-2008-0006 was fixed in the > update of libxfont. Also only CVE-2008-0006 applies to the > package in testing/unstable. A workaround is to copy the libxfont annotation to the CVE/list file and remove it from the DSA/list file.