On 10/6/2011 12:12 PM, Jim Jagielski wrote: > > On Oct 6, 2011, at 12:49 PM, William A. Rowe Jr. wrote: > >> On 10/6/2011 8:08 AM, Jim Jagielski wrote: >>> Would like to T&R this week… we have 2 showstoppers awaiting >>> just 1 vote each to be backport-able. >> >> And a third bug report at security@ (vulnerability is dubious, but it's >> still a bug ;-) > > Yeppers… Did you see my assessment and suggested fix?
Yea, and I found a bunch of issues in trunk, but it doesn't appear that the offensive code exists in 2.2 and earlier. Still hacking on it. If we have consensus it isn't a vulnerability, we can move discussion here, but I want to make sure we get a bit of feedback on my assessment that it's not a security issue before I'd do that.
