DSA-665-1 was released about one of these holes (CAN-2005-0013). The other one did not affect woody, so is not in the DSA. Both holes are fixed in the new upstream version 2.2.6.
Note that the DSA also included some patches to change some sprintf's to snprintf's. Whether this fixes any exploitable security holes I do not know. -- see shy jo
signature.asc
Description: Digital signature
