STBR: mpack.spec, flex.spec (security fixes)

[Krzysiek Taraszka]

Security fixy,

Mpack:
======

A remote user may be able to cause an e-mail program that uses mpack/munpack
to decode MIME-based binary files to crash or to execute arbitrary code. 
A remote user may also be able to create certain files on the system.

Flex:
=====

---> flextest.lex <---
 BOGUS   aaa[insert 3000 more a's here]aaa
 %%
 a { /* example */ }
 ---> end <---


 causes a segfault:

 $ flex flextest.lex
 Segmentation fault

This could be a potential security issue, since nmdef is an automatic 
variable defined inside a  function, and hence lands up on the stack.