Looks like redhat recently released updates [1] that fix the high-severity vulnerability described by CVE-2008-1615 [2]. Will a similar fix be pushed out to debian etch any time soon? It looks like it should be pretty straightforward since it is a one-line patch [2]. [1] http://rhn.redhat.com/errata/RHSA-2008-027 [2] http://security-tracker.debian.net/tracker/CVE-2008-16155.html [3] https://bugzilla.redhat.com/attachment.cgi?id=294062