I asked about this last Tuesday (I think). Roman posted a message (Friday?) that a patch is being worked on atm. Yeah, I knew there was something, but didn't find it again :( As for a page with known vulnerabilities: do you mean something like: http://www.suse.com/us/private/support/security/index.html This only contains announcements. Usually SuSE doesn't write an announcement without fixed packages to announce. What I'm missing is a "pending vulnerabilities" list. According to my suggestion, this list would NOT be done by SuSE people, but by us. This would take some work off from them (although very little), but everything would be more transparent.
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \