Note: we didn’t have these as our procedure for handling these didn’t include an item "update NEWS & CHANGES". I believe that we should have done this *and* keept a record which commit(s) reflect which CVEs for later reference.
On Feb 27, 2013, at 13:04 , Jan Lehnardt <[email protected]> wrote: > Confirmed. > > On Feb 25, 2013, at 21:19 , Noah Slater <[email protected]> wrote: > >> Hey, >> >> When did the fix for CVE-2010-3854 land? From the disclosure, it looks like >> 1.0.2. It is not mentioned in any NEWS or CHANGES. >> >> Please confirm 1.0.2. is correct. >> >> Thanks, >> >> -- >> NS >
