Sounds a bit like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167, which appears to have been fixed in Debian in 2.45-2, so for Ubuntu since Hardy - while bug 6671 states it for Hardy.
Let's use this bug to track the CVE state, which is really vague - and/or I've not looked too much around for a patch. At least the 2.46 upstream changelog (html page) does not contain the word "security".
Sounds a bit like http:// bugs.debian. org/cgi- bin/bugreport. cgi?bug= 298167, which appears to have been fixed in Debian in 2.45-2, so for Ubuntu since Hardy - while bug 6671 states it for Hardy.
Let's use this bug to track the CVE state, which is really vague - and/or I've not looked too much around for a patch. At least the 2.46 upstream changelog (html page) does not contain the word "security".