I wonder if the issue is that we don't make it very clear how to report a security issue if one is found?
Grisha On Wed, 7 Mar 2007, Graham Dumpleton wrote:
Just saw this: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2007-03/msg00076.html http://www.securityfocus.com/archive/1/462050 =========================================================== Ubuntu Security Notice USN-430-1 March 06, 2007 libapache2-mod-python vulnerability CVE-2004-2680 =========================================================== Miles Egan discovered that mod_python, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security vulnerability. Would have been nice if they had bothered to actually tell someone involved with mod_python about it in case the problem still affects current version of mod_python. Now we have to work out if it is relevant to newer versions of not. This is something new isn't it??? Graham
