Comment 5 for bug 956150

It looks like CVE-2009-4487 should be marked ignore. Upstream has no intention of ever touching this CVE and does not see it as legitimate issue.