I''ve uploaded a package that fixes the new poppler security issue in squeeze: http://mentors.debian.net/debian/pool/main/p/poppler Not sure if this needs a DSA or not. If not, I''ll try to do an SPU after the release. It looks like poppler and xpdf are affected in lenny, but I haven''t worked on that yet. Anyway, I''ll need a sponsor. Anyone willing to be so kind? Best wishes, Mike