+1 Regards
Rüdiger > -----Original Message----- > From: Jim Jagielski [mailto:[email protected]] > Sent: Donnerstag, 25. August 2011 14:13 > To: [email protected] > Subject: Re: Next update on CVE-2011-3192 > > I have a feeling that we could push this out today... > > I'm going to fold Stefan's path into trunk, and we should use > trunk (CTR) to polish up the patch as well as add whatever > other features we need. From there, backporting to 2.2/2.0 > will be trivial. > > On Aug 25, 2011, at 4:18 AM, Dirk-Willem van Gulik wrote: > > > I am keeping a draft at > > > > http://people.apache.org/~dirkx/CVE-2011-3192.txt > > > > Changes since last are: > > > > - version ranges more specific > > - vendor information added > > - backgrounder on relation to 2007 issues (see below to > ensure I got this right). > > > > I suggest we sent this out late Z time today (i.e. end of > working day US) _if_ 1) it is likely that we do not have a > firm timeline for the full fix and 2) we have a bit more to > add. Otherwise we skip to a final update with the fixing > instructions for 2.0 and 2.2 > > > > Feedback welcome, > > > > Thanks, > > > > Dw. > >
