about vulnerabilities without advisories: how to keep informed

Hi,

I have noted that severals vulnerabilities are corrected in NetBSD release branchs but without any advisories.

http://www.netbsd.org/support/security/ mention advisories for "serious security problems", but
how keep informed about others security problems ?

Here a list from NetBSD-5-0 branch (taken from src/doc/CHANGES-5.0.3), in order to flag the problem.

Please notie that all of these are currently without advisories, so are not "serious security problems"
(or perhaps advisory process is engaged... but all are more 12 day old)

* CVE-2011-0997 [spz, ticket #1595], Thu Apr 7 17:25:47 2011 UTC
  dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before
4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a
hostname obtained from a DHCP message.
  CVSS v2 Base Score:7.5 (HIGH) [from nvd.nist.gov]  

* CVE-2011-0465 [mrg, ticket #1594], Thu Apr 7 06:56:25 2011 UTC
  xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary
commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message
  CVSS v2 Base Score:9.3 (HIGH) [from nvd.nist.gov]

* unassigned-CVE [christos, ticket #1593], Tue Apr 5 06:23:12 2011 UTC
  "Protect against stack smashes."
  so should be have security consideration, according to the description, and to the fact changes are
pull-up in release branch

* unassigned-CVE [spz, ticket #1586], Tue Mar 29 20:13:51 2011 UTC
  "Clean up setting ECN bit in TOS.  Fixes PR 44742"