To me it seems, that with r1489910 CVE-2011-4317 should be fixed. There's some investigation by trawick in the STATUS file for 2.0 left over after that commit. I think that all of his observations and recommendations should be taken care of by the above commit, but it would be good to double check.
Jeff: can you check your test cases against latest 2.0 HEAD? Regards, Rainer
