Hi, security guys. Would you care to take a look at #550940 ? I think this is the kind of security problem which should perhaps warrant a DSA. The maintainer's response (that this is fixed in a new upstream version and therefore wouldn't be fixed in squeeze) seems very surprising to me. Ian.