The below message was sent to secalert(a)redhat.com. I'm sending this to the
fedora security team mailing list.
--
JB
I've just filed a bug report against "monotone" in
Fedora Extras:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198652
The request is to update to v0.27 of monotone, because 0.27 fixes a
security bug. In 0.26, passphrases were sometimes written to the
monotone log file. In 0.27 this has been repaired.
The only work necessary (that I know about) is to package 0.27 for
extras. I would volunteer to do it, but I'm about to go traveling and
will be off the air for about two weeks.
shap