Bummer, some major /tmp races found in OpenLDAP by RHAT, and narry a single post on the OpenLDAP lists about it. This is the second time I've seen Christian Gafton find a serious security hole in a program, and post the vulnerability, but not give feedback to the upstream.
The last time was in Linux-PAM. The sad part with that was that the section of code where the problem was, came FROM Gafton himself! Andrew Morgan (the Linux-PAM author) was quite surprised to find out about a RHAT vulnerability announcement from a Debian developer :/
Such is life, not everyone is as great as yourself :)
Spent some time with my 3 year old and wife (who is expecting in Aug :) today. Getting ready for Easter and all....and now it's time for bed.