Estimated read time: 1 minutes
okay, this won't be a happy post either, but i thought i would just share a few links here.
first, there was this article about some microsoft ie security problem, and the opensource evangelists started to hype again linux about being open, etc, etc. you know the story.
the sad fact is that, just being opensource, or let's say even having an open scm will not guarantee that all the details are published. i want to pick up a minor issue, so that i can be sure about i don't publish any details here which may not public.
let's take this commit. it's a bugfix, right? umm, if it would be security-related, they would mention it. hm, no.
to make the long story short, the relevant cve is there, even secunia released an advisory.
i could add few more details (no cve on the secunia page, the "from remote" is probably wrong), and finally make some conclustions, but i would avoid that this sime.
take care.