On Mon, 12 Sep 2005, Theo de Raadt wrote:
Because it is boring and largely irrelevant.
We don't write errata up for every stupid retarded little thing that
noone uses and which really is causing NOONE ANY GRIEF AT ALL.
In this case, the two "vulnerabilities" do not expose the server at all -
they are non-default options that have to be explicitly enabled on the
client side. Even the usually hyperventilating security advisory companies
classify them as "less critical".
They are on the -stable cvs branch if you want them, on our FTP site and
we widely post the announcement message.
-d
