When did the fix for CVE-2010-0009 land? (Attn. Jan)

[Noah Slater <ns...@apache.org>]

Hi,

The note for CVE-2010-0009 was never added to NEWS or CHANGES. Based on
Jan's disclosure, it looks like the fix only landed in 1.0.2. Is that
correct? If it is, I will correct our documentation.

Please reply ASAP, this is blocking other work.

Thanks!

-- 
NS

Re: When did the fix for CVE-2010-0009 land? (Attn. Jan)

[Noah Slater <ns...@apache.org>]

My mistake Bob. I actually got my CVE number wrong. Sorry for wasting your
time. I'll start a new thread. (In addition to the second one I just
created.)


On 25 February 2013 19:45, Robert Newson <rn...@apache.org> wrote:

> looks like 0.10.2 (git diff 0.10.1..0.10.2 src/couchdb/couch_util.erl)
>
> B.
>
> On 25 February 2013 19:36, Noah Slater <ns...@apache.org> wrote:
> > Hi,
> >
> > The note for CVE-2010-0009 was never added to NEWS or CHANGES. Based on
> > Jan's disclosure, it looks like the fix only landed in 1.0.2. Is that
> > correct? If it is, I will correct our documentation.
> >
> > Please reply ASAP, this is blocking other work.
> >
> > Thanks!
> >
> > --
> > NS
>



-- 
NS

Re: When did the fix for CVE-2010-0009 land? (Attn. Jan)

[Robert Newson <rn...@apache.org>]

looks like 0.10.2 (git diff 0.10.1..0.10.2 src/couchdb/couch_util.erl)

B.

On 25 February 2013 19:36, Noah Slater <ns...@apache.org> wrote:
> Hi,
>
> The note for CVE-2010-0009 was never added to NEWS or CHANGES. Based on
> Jan's disclosure, it looks like the fix only landed in 1.0.2. Is that
> correct? If it is, I will correct our documentation.
>
> Please reply ASAP, this is blocking other work.
>
> Thanks!
>
> --
> NS