Comment 8 for bug 905252

Has there been any progress on getting this fix out? I'm asking because it *is* a security issue, and there hasn't been any reported progress for almost 3 months. This vulnerability is showing up in a PCI compliance scan for one of my servers running Lucid.