> The main point was the complete absence of any mention of
> security impact in the commit message
Well, the changelog explains that we leak the memory. Doesn't
this obviously mean the bad impact?
I do not think that the fact it was reported via oss-sec list
does matter, the bug is bug. In fact I didn't even notice this
list in CC.
But. I am really sorry I didn't add Reported-by tag, seriously.
This is only because I didn't know whom should we thank. I sent
the patch for review and I specially asked about the reporter,
but the patch was merged immediately and I could not update the