RedHat has issued an advisory on June 20: https://rhn.redhat.com/errata/RHSA-2012-0774.html Mageia 1 and Mageia 2 are also affected. It's fixed upstream in 1.18.0 and there's a link to a patch in RH bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=831117
CC: (none) => saispo
There is also CVE-2010-3851: http://lwn.net/Vulnerabilities/413075/
This was in SVN, but never built. I moved it to obsolete.
Status: NEW => RESOLVEDResolution: (none) => WONTFIX