Comment 2 for bug 1448541

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. I suggest coordinating with upstream for this issue. See the following link for more information on preparing an update for Ubuntu: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

That said, I don't see this as a likely security vulnerability, as there would need to be some difference in privilege between the program and the invocation of the program that is linked with libgetopt++, i.e. either linked into a setuid/setgid program or a program invoked via external input (e.g. a webapp). In Ubuntu, the only user of libgetopt++ is config-manager (upstream https://launchpad.net/config-manager).