Just because a program uses syslog() does not mean it's unsafe.  The
vulnerability comes when the program allows user-specified data to be
passed to syslog().  Let's not get caught up in the hype.

If you have patches for a bug or can point out a "real" vulnerability
that's new, then send them in.  But I keep hearing too many people saying
they're going to be cool, cuz they're about to do something.  Posers!

Dave