Hi Colin, * Colin Leroy <[EMAIL PROTECTED]> [2007-12-04 13:05]: > This bug is going to be fixed. > > Would it be too much to ask the submitter to handle security issues > privately until they're resolved, or is it more interesting to have > them published all over the place[*] when no solution is available? [...] To make it short yes. I do not share your policy for handling security relevant bugs especially if you consider that upstream authors are fairly often unresponsive and this bug is of minor importance. This is no remote root exploit so I don't see your problem. If you don't want people to write about what you do, then you should not publish software. What I did is seing a bug and using the BTS of my distribution to report it, nothing more.
Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp8Q6j2hwTRr.pgp
Description: PGP signature