The two below CVE issues have recently been fixed in Debian squeeze-lts:
This problem only affects /bin/sh implementations that don’t sanitize
local variables. Dash, which is the default /bin/sh in Debian is
affected. Bash as /bin/sh is known to be unaffected.
CPE | Name | Operator | Version |
---|---|---|---|
xdg-utils | eq | 1.0.2+cvs20100307-2 |