> That wouldn't help anything. People would have already installed the > vulnerable package. apt-get wouldn't remove it from their systems just > 'cause it's no longer available in the archive. It should be possible to replace the vulnerable package with a dummy package that reinstalls (removes ;) all the vulnerable stuff (after notifying the user). That would possibly brake things, but it shouldn't be very serious problem in 'testing'. Jaan