On 22.03.2010 14:52, William A. Rowe Jr. wrote:
Wondering if we are comfortable tagging and releasing 2.0.64 in the
coming days? These security issues aught to be addressed, and while
we are at it, it just seems like a nice thing to do as we get closer
to some 2.3 beta and further from any more improvements to 2.0.
Opinions? Volunteers? If there are no objections and no volunteer,
its something I'm happy to do later this week. I'll review the set
of ssl patches tomorrow.
I agree there should be a release fixing (at least) CVE-2009-3555 (ssl
reneg). My tests were positive, but more eyes are very welcome.
Unfortunately I'm mostly offline Wednesday/Thursday, so if there is a
problem with those patches I might not be able to respond quickly during
those days.
Regards,
Rainer
