Hardening subgoal for Wheezy:
All packages, which had a DSA since 2006. 

Instructions:
- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
- After NMUing a candidate where all build flags have been successfully enabled, 
  add it to the "Resolved/fixed:" list
- After NMUing a candidate with only some of the build flags enabled, add it to
  the "Partially fixed: list (in order to remember what needs further work in the 
  future)

This lists needs cleaned up further:
- Software written in non-C/C++ languages (PHP, etc.) should be added to 
  the non-candidates.txt file
- Some packages have been removed/superceded by newer srcpkgs (e.g. postgres) (I did
  some cursory cleanup, but needs more work)

To check:

abcmidi
acpid
alsaplayer
amarok
amule
antiword
apache2
apr
apr-util
apt
asterisk
audiofile
avahi
barnowl
beid
blender
bluez-hcidump
bochs
bsdgames
bzip2
cabextract
capi4hylafax
cgiirc
cheesetracker
chmlib
chrony
citadel
clamav
collectd
courier
courier-authlib
cpio
crawl
cscope
ctorrent
curl
cyrus-imapd-2.2
devil
devscripts
dia
djbdns
dkim-milter
dovecot
dpkg
drbd8
dspam
e2fsprogs
ejabberd
ekg
elinks
emacs23
enscript
exiftags
exiv2
expat
fbi
fetchmail
file
firebird2.5
flac
flex
fontforge
freeciv
freeradius
freetype
fuse
ganglia
git-core
eglibc
gmime2.4
pioneers
gnumeric
gnupg
gv
gzip
hashcash
heartbeat
hostapd
hplip
htdig
httrack
hybserv
hylafax
iceape
iceweasel
id3lib3.8.3
imagemagick
imlib2
inotify-tools
ircd-hybrid
isakmpd
isc-dhcp
iscsitarget
jasper
kaffeine
kazehakase
kde4libs
kdebase
kdegraphics
kolab-cyrus-imapd
krb5
krb5-appl
ktorrent
kvirc
l2tpns
lasso
lcms
lftp
libapache2-mod-authnz-external
libapache2-mod-auth-pgsql
libapache-mod-auth-kerb
libapache-mod-jk
libarchive
libav
cairo
libcdaudio
libcgroup
libdbd-pg-perl
libdumb
libexif
libextractor
libfishsound
libhtml-parser-perl
libimager-perl
libmikmod
libmodplug
libmusicbrainz-2.1
libnet-dns-perl
libpam-heimdal
libpam-krb5
libpng
librpcsecgss
libsmi
libsndfile
libthai
libtk-img
libtool
libtorrent-rasterbar
libtunepimp
libvorbis
libwpd
libxfont
libxml2
libxslt
lighttpd
links2
linux-ftpd
loop-aes-utils
ltsp
lurker
lvm2
lynx-cur
maildrop
mailman
mapserver
maradns
memcached
mimetex
mldonkey
mlmmj
mon
mono
mpg123
mplayer
mplayer2
forked-daapd
mtr
multipath-tools
mutt
mysql-ocaml
icinga
nas
nbd
ndiswrapper
netpbm-free
netrik
net-snmp
network-manager
newt
nginx
no-ip
noweb
nsd3
nspr
nss
nss-pam-ldapd
ntp
openafs
openexr
open-iscsi
openjdk-6
openldap
libreoffice
opensaml2
opensc
openssl
openswan
openvpn
oprofile
osiris
pam-pgsql
pcre3
pcsc-lite
pdns
pdns-recursor
perdition
perl
petris
pimd
pinball
pound
ppp
pptpd
proftpd-dfsg
psi
pstotext
pygresql
python2.6
python2.7
python3.2
python-cjson
python-crypto
qemu
qemu-kvm
qt4-x11
qt-x11-free
rdesktop
reprepro
rssh
rsync
ruby-gnome2
samba
sash
scponly
screen
sdl-image1.2
slurm-llnl
smstools
snmptrapfmt
socat
spamassassin
spamass-milter
speex
splitvt
squidguard
strongswan
subversion
sudo
suphp
syslog-ng
systemtap
tcpreen
telepathy-gabble
texinfo
tgt
thttpd
tinymux
tinyproxy
tk8.4
tk8.5
tuxpaint
typespeed
unbound
unicon
unzip
util-linux
vim
vlc
vnc4
webcit
webkit
wesnoth
wget
wine
wml
wv2
wxwidgets2.6
wxwidgets2.8
wzdftpd
x11-xserver-utils
xapian-omega
xfs
xine-lib
xmcd
xmlsec1
xml-security-c
xmltooling
xorg-server
xpdf
xterm
zabbix
zgv
zodb
zoo


Candidate packages using cdbs, fixed with the next upload after 2011-09-23 with
  the upload of dpkg/1.16.1:
koffice
kphone
libgd2
libspf2
wordnet
sendmail
afuse
bomberclone
camlimages
couchdb
crossfire
dvipng
eggdrop
gdm3
ghostscript
glib2.0
gnutls26
gst-plugins-bad0.10
gst-plugins-good0.10
gtetrinet
heimdal
icedove
icu
jabberd14
libapache2-mod-fcgid
evince
libast
libgtop2
libnss-ldap
libpam-ldap
libsoup2.4
libtasn1-3
libtheora
libwmf
link-grammar
lsh-server
mediawiki
moin
pango1.0
pmount
polipo
poppler
postgresql-ocaml
pulseaudio
ruby1.8
ruby1.9.1
shadow
squid3
streamripper
sword
sympa
t1lib
unalz
uw-imap
vino


Candidates:


Partially fixed:
-

Fixed through cdbs (log or pkg should be checked, before moving to
Resolved/fixed, since some Makefile or buildsystem foo might reset
flags)
libvirt (0.9.6-1)
gimp (2.6.11-4)


Resolved/fixed:
ncompress (4.2.4.4-3)
xzgv (5.9-3)


Packages using hardening-wrapper/-includes (these are considered fixed, although
   switching them over to dpkg-buildflags might be worthwhile later on):
tmux
netatalk
man-db
graphicsmagick
udev
xfce4-terminal
openssh
evolution
dbus
tcpdump
libgsf
tor
evolution-data-server
cyrus-imapd-2.4
aria2
mysql-5.1
cups
wireshark
squid
exim4
php5
ipsec-tools
postgresql-8.4
postgresql-9.0
postgresql-9.1
gnupg2
nagios3
tiff
bind9
postfix
chromium-browser
pidgin
nagios-plugins
znc
cyrus-sasl2
ldns
quagga