I recall a bunch of security vulnerabilities in libflac being posted to slashdot a while back, and it just came to my mind today that I don't remember ever updating libflac on any of my systems. I looked into it a little and the security-tracker states that it's fixed in lenny/sid but that etch is still vulnerable. What is the timeframe for such as fix to be backported into stable? I'm not familiar with how Debian handles this type of thing. Brad