We have a suggested patch in STATUS that addresses the 0- range issue… Once approved, I plan to T&R.
On Sep 26, 2011, at 11:35 AM, Jim Jagielski wrote: > All looks good… testing passes w/ no regressions so I'll > likely tag and roll tomorrow AM. > > On Sep 25, 2011, at 11:38 AM, Jim Jagielski wrote: > >> Been a little… preoccupied... Will push this week (and try to >> finalize the patch to propose). >> >> On Sep 25, 2011, at 11:17 AM, Guenter Knauf wrote: >> >>> Hi all, >>> currently the 2.0.65 release seems a bit forgotten ... >>> >>> 2.0.x STATUS reads: >>> 2.0.65 : In maintainance. Jim proposes T&R 9/12-15 and offers to RM. >>> >>> http://httpd.apache.org/security/CVE-2011-3192.txt mentions: >>> ... >>> Version 2.0.65 has not been released, but will include this fix, and is >>> anticipated in September. >>> ... >>> >>> Jeff has already released APR-0.9.20 at 15-Sep-2011: >>> http://www.apache.org/dist/apr/Announcement0.9.html >>> >>> but we have even not yet commited the 2.0.x byterange fix to 2.0.x-HEAD ... >>> >>> if we still want to release in September as stated in the security advice >>> then we should asap start with the release process, or? >>> >>> Gün. >>> >>> >> >
