trac.xiph.org has no way of marking bugs as security sensitive
As far as I can tell, trac.xiph.org has no way of marking bugs as security sensitive (as in, some way of saying "this bug is probably exploitable, so it should not be publicly viewable until it is fixed and and update has been shipped").