hi all, it looks like we can''t appropriately mark issues that are addressed via binnmu''s in the tracker. see [0] where advi source is 1.6.0-14 and the fix is in binnmu version 1.6.0-14+b1. since there is no 1.6.0-14+b1 source package, the issue is still tracked as unfixed even though it has been fixed. maybe the solution is to avoid binnmu''s altogether for security issues, and instead always at least modify the changelog stating that it is an nmu addressing a security issue (even if the fix only involves relinking to an updated library). let me know what you think. mike [0] http://security-tracker.debian.org/tracker/CVE-2009-2295