I''ve added NVD cross references to the bug tracker. This means that we can (in theory) use NVD''s classification to filter bug reports. For an example, go to <http://idssi.enyo.de/tracker/status/release/stable> and click on "Hide local vulnerabilities". Unfortunately, I disagree with quite a few of NVD''s classifications, but they seem to err on the safe side, so to speak. And, by the way, the tracker should be reasonably accurate for sarge because I use a custom DSA/list file with proper fixed version information.