* Andrew Reid: > http://security.debian.org//srv/security-master.debian.org/ftp/pool/updates/main/e/expat/libexpat1_2.0.1-4+lenny1_amd64.deb This should have been fixed by now. During an internal migration, incorrect package metadata was pushed to the security mirror network. Sorry about that.