Hardening subgoal for Wheezy:
All packages, which had a DSA since 2006. 

Instructions:
- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
- After NMUing a candidate where all build flags have been successfully enabled, 
  add it to the "Resolved/fixed:" list
- After NMUing a candidate with only some of the build flags enabled, add it to
  the "Partially fixed: list (in order to remember what needs further work in the 
  future)

This lists needs cleaned up further:
- Software written in non-C/C++ languages (PHP, etc.) should be added to 
  the non-candidates.txt file
- Some packages have been removed/superceded by newer srcpkgs (e.g. postgres) (I did
  some cursory cleanup, but needs more work)

To check:

abcmidi
acpid
afuse
alsaplayer
amarok
amule
antiword
apache2
apr
apr-util
apt
asterisk
audiofile
avahi
barnowl
beid
blender
bluez-hcidump
bochs
bomberclone
bsdgames
bzip2
cabextract
camlimages
capi4hylafax
cgiirc
cheesetracker
chmlib
chrony
citadel
clamav
collectd
couchdb
courier
courier-authlib
cpio
crawl
crossfire
cscope
ctorrent
curl
cyrus-imapd-2.2
devil
devscripts
dia
djbdns
dkim-milter
dovecot
dpkg
drbd8
dspam
dvipng
e2fsprogs
eggdrop
ejabberd
ekg
elinks
emacs23
enscript
evince
exiftags
exiv2
expat
fbi
fetchmail
file
firebird2.5
flac
flex
fontforge
freeciv
freeradius
freetype
fuse
ganeti
ganglia
gdm3
ghostscript
git-core
glib2.0
eglibc
gmime2.4
pioneers
gnumeric
gnupg
gnutls26
gst-plugins-bad0.10
gst-plugins-good0.10
gtetrinet
gv
gzip
hashcash
heartbeat
heimdal
hostapd
hplip
htdig
httrack
hybserv
hylafax
iceape
icedove
iceweasel
icu
id3lib3.8.3
imagemagick
imlib2
inotify-tools
ircd-hybrid
isakmpd
isc-dhcp
iscsitarget
jabberd14
jasper
kaffeine
kazehakase
kde4libs
kdebase
kdegraphics
kolab-cyrus-imapd
krb5
krb5-appl
ktorrent
kvirc
l2tpns
lasso
lcms
lftp
libapache2-mod-authnz-external
libapache2-mod-auth-pgsql
libapache2-mod-fcgid
libapache-auth-ldap
libapache-mod-auth-kerb
libapache-mod-jk
libapreq2-perl
libarchive
libav
libast
libcairo
libcdaudio
libcgroup
libdbd-pg-perl
libdumb
libexif
libextractor
libfishsound
libgtop2
libhtml-parser-perl
libimager-perl
libmail-audit-perl
libmikmod
libmodplug
libmusicbrainz-2.0
libnet-dns-perl
libnss-ldap
libpam-heimdal
libpam-krb5
libpam-ldap
libpng
librpcsecgss
libsmi
libsndfile
libsoup2.4
libtasn1-2
libthai
libtheora
libtk-img
libtool
libtorrent-rasterbar
libtunepimp
libvorbis
libwmf
libwpd
libxfont
libxml2
libxslt
lighttpd
link-grammar
links2
linux-ftpd
loop-aes-utils
lsh-server
ltsp
lurker
lvm2
lynx-cur
maildrop
mailman
mapserver
maradns
mediawiki
memcached
mimetex
mldonkey
mlmmj
moin
mon
mono
mpg123
mplayer
mplayer2
mt-daapd
mtr
multipath-tools
mutt
mysql-ocaml
icinga
nas
nbd
ndiswrapper
netpbm-free
netrik
net-snmp
network-manager
newt
nginx
no-ip
noweb
nsd3
nspr
nss
nss-ldapd
ntp
openafs
openexr
open-iscsi
openjdk-6
openldap
libreoffice
opensaml2
opensc
openssl
openswan
openvpn
oprofile
osiris
pam-pgsql
pango1.0
pcre3
pcsc-lite
pdfkit.framework
pdftohtml
pdns
pdns-recursor
peercast
perdition
perl
petris
pimd
pinball
pmount
polipo
poppler
postgresql-ocaml
pound
ppp
pptpd
proftpd-dfsg
psi
pstotext
pulseaudio
pygresql
python2.6
python2.7
python3.2
python-cjson
python-crypto
pywebdav
qemu
qemu-kvm
qt4-x11
qt-x11-free
rdesktop
reprepro
request-tracker3.8
resmgr
rssh
rsync
ruby1.8
ruby1.9.1
ruby-gnome2
samba
sash
scponly
screen
sdl-image1.2
shadow
silc-client
slurm-llnl
smstools
snmptrapfmt
socat
spamassassin
spamass-milter
speex
splitvt
sql-ledger
squid3
squidguard
streamripper
strongswan
subversion
sudo
suphp
sword
sympa
syslog-ng
systemtap
t1lib
tcpreen
telepathy-gabble
texinfo
tgt
thttpd
tinymux
tinyproxy
tk8.4
tk8.5
tk8.6
tuxpaint
typespeed
unalz
unbound
unicon
unzip
util-linux
uw-imap
vim
vino
vlc
vnc4
webcit
webkit
wesnoth
wget
wine
wml
wv2
wxwidgets2.6
wxwidgets2.8
wzdftpd
x11-xserver-utils
xapian-omega
xfs
xine-lib
xmcd
xmlsec1
xml-security-c
xmltooling
xmms
xorg-server
xpdf
xpvm
xterm
zabbix
zgv
zodb
zoo


Candidate packages using cdbs, fixed with the next upload after 2011-09-23 with
  the upload of dpkg/1.16.1:
koffice
kphone
libgd2
libspf2
wordnet
sendmail


Candidates:


Partially fixed:
-

Resolved/fixed:
ncompress (4.2.4.4-3)
libvirt (0.9.6-1 through cdbs)
gimp (2.6.11-4 through cdbs)
xzgv (5.9-3)


Packages using hardening-wrapper/-includes (these are considered fixed, although
   switching them over to dpkg-buildflags might be worthwhile later on):
tmux
netatalk
man-db
graphicsmagick
udev
xfce4-terminal
openssh
evolution
dbus
tcpdump
libgsf
tor
evolution-data-server
cyrus-imapd-2.4
aria2
mysql-5.1
cups
wireshark
squid
exim4
php5
ipsec-tools
postgresql-8.4
postgresql-9.0
postgresql-9.1
gnupg2
nagios3
tiff
bind9
postfix
chromium-browser
pidgin
nagios-plugins
znc
cyrus-sasl2
ldns
quagga