coreutils/fileutils : 'dir' integer overflow vulnerability on woody
A bug report about a vulnerability of 'dir'  in package coreutils says it
"was fixed upstream in coreutils-5.1.0, and the latest is coreutils-5.2.0"
but Debian/woody is vulnerable (dir is in woody package fileutils).
I just filed a bug  for fileutils on woody, and I'm posting here
because it's security related .
What's the/a Right Way (tm) to report security related bugs
like this one? Am I supposed to do anything more
to make woody's security improve ?
(apart from writing patches, which is not obvious ;-)
 Debian Bug report logs - #236035
coreutils: 'dir' integer overflow vulnerability.
 Debian Bug report logs - #261828
'dir' integer overflow vulnerability