I agree too. On Mon, Jan 13, 2014 at 9:37 AM, Mark Doliner <mark at kingant.net> wrote: > FYI I just looked at this and I agree with Daniel and Thijs's > analysis. Sloppy code, but not remotely-exploitable so I don't plan on > requesting a CVE number for it.