I note that this vulnerability was released over 7 months ago now... It was reported (in bug 50913) a little over a month after it was discovered, and pitti posted a comment mentioning that a MOTU could take care of it if they wanted. Unfortunately, there's no proper universe security process, so nobody else really even saw the bug. I think this process needs to be rethought, so we don't have nasty flaws like this one around for such a long period of time.
-- vnc4 authentication bypass https://launchpad.net/bugs/77383 -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
