Hi, I noticed that Red Hat just released a fix for CVE-2013-4002 (https://access.redhat.com/security/cve/CVE-2013-4002). I was wondering when a fix for this might be released by the project itself. I searched through the mailing list archive looking for some mention of it, but didn't see anything. However, as it's a security issue it may not have been discussed publicly.
--- David
