hiya, it looks to me like the patch solves (1) just fine, and that (2) is in fact the same problem as CVE-2008-5246 (same files/functions, no other activity in these files besides the same fix).
do you agree? in the meantime I am preparing an NMU with the patch for (1) applied. sean --
signature.asc
Description: Digital signature