hiya, it looks to me like the patch solves (1) just fine, and that (2) is in fact the same problem as CVE-2008-5246 (same files/functions, no other activity in these files besides the same fix).
do you agree?
in the meantime I am preparing an NMU with the patch for (1) applied.
sean
--
signature.asc
Description: Digital signature
