The below message was sent to secalert@xxxxxxxxxxx I'm sending this to the
fedora security team mailing list.
--
JB
> I've just filed a bug report against "monotone" in Fedora Extras:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198652
>
> The request is to update to v0.27 of monotone, because 0.27 fixes a
> security bug. In 0.26, passphrases were sometimes written to the
> monotone log file. In 0.27 this has been repaired.
>
> The only work necessary (that I know about) is to package 0.27 for
> extras. I would volunteer to do it, but I'm about to go traveling and
> will be off the air for about two weeks.
>
>
> shap
>
