Hi, > > I have read all the discuss, very long and useful, but I think I still > > need some > > time to get a full understand. So I think one of you can provide the > > formal patch to > > describe the issue in more detail. > > Your patch is almost correct.
New version out for review. > Gerd, do you think you can raise this with the SRT? (I mean, if you > agree that this is a security issue.) Yes, it is. Getting a CVE number for it is wip. cheers, Gerd
