Comment 3 for bug 227345

Sounds a bit like http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298167, which appears to have been fixed in Debian in 2.45-2, so for Ubuntu since Hardy - while bug 6671 states it for Hardy.

Let's use this bug to track the CVE state, which is really vague - and/or I've not looked too much around for a patch. At least the 2.46 upstream changelog (html page) does not contain the word "security".