Hi Stuart, You're absolutely right, and I apologise for the confusion. I sent to bugs@ under the mistaken impression that the list operated with some degree of private handling for security reports — I've now noted that the correct channel for anything needing embargo is [email protected].
Since it's already public: please go ahead and fix whenever suits. I'll hold off publishing anything on my end until you've had a chance to patch, as a courtesy, but I won't pretend there's an embargo that no longer exists. Sorry for any inconvenience. Stuart On Thu, 21 May 2026 at 23:39, Stuart Henderson <[email protected]> wrote: > > On 2026/05/21 23:34, Stuart Thomas wrote: > > No public disclosure planned until you've had time to fix. > > That was a public disclosure. >
