Are there any plan solving CVE-2007-3387 in the near future for both 0.4.x and 0.6.x branches?
0.4.x branch is dead, a shame, but basically we don't have enough of manpower to try to release 0.6, so less even to keep an updated 0.4.x 0.5.91 (0.6 RC2) that will be released in a few hours will have the fix in. An BTW it would be nice if someone notified us of such things, that way we might even fix it earlier.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.