Fix for CVE-2010-2234

[Noah Slater <ns...@apache.org>]

Hey,

The disclosure announcement for CVE-2010-2234 mentions 0.11.2 or 1.0.1. And
indeed, follows hot on the heels of both releases. However, the 1.0.1 NEWS
and CHANGES do not include an entry for the fix.

Can someone please confirm for me whether the fix for CVE-2010-2234 landed
in the 1.0.x branch for this release?

Thanks,

-- 
NS

Re: Fix for CVE-2010-2234

[Noah Slater <ns...@apache.org>]

Bump.


On 25 February 2013 20:15, Noah Slater <ns...@apache.org> wrote:

> Hey,
>
> The disclosure announcement for CVE-2010-2234 mentions 0.11.2 or 1.0.1.
> And indeed, follows hot on the heels of both releases. However, the 1.0.1
> NEWS and CHANGES do not include an entry for the fix.
>
> Can someone please confirm for me whether the fix for CVE-2010-2234 landed
> in the 1.0.x branch for this release?
>
> Thanks,
>
> --
> NS
>



-- 
NS

Re: Fix for CVE-2010-2234

[Noah Slater <ns...@apache.org>]

Thanks.


On 27 February 2013 12:00, Jan Lehnardt <ja...@apache.org> wrote:

>
> On Feb 25, 2013, at 21:15 , Noah Slater <ns...@apache.org> wrote:
>
> > Hey,
> >
> > The disclosure announcement for CVE-2010-2234 mentions 0.11.2 or 1.0.1.
> And
> > indeed, follows hot on the heels of both releases. However, the 1.0.1
> NEWS
> > and CHANGES do not include an entry for the fix.
> >
> > Can someone please confirm for me whether the fix for CVE-2010-2234
> landed
> > in the 1.0.x branch for this release?
>
> Confirmed.
>
> Jan
> --
>
>


-- 
NS

Re: Fix for CVE-2010-2234

[Jan Lehnardt <ja...@apache.org>]

On Feb 25, 2013, at 21:15 , Noah Slater <ns...@apache.org> wrote:

> Hey,
> 
> The disclosure announcement for CVE-2010-2234 mentions 0.11.2 or 1.0.1. And
> indeed, follows hot on the heels of both releases. However, the 1.0.1 NEWS
> and CHANGES do not include an entry for the fix.
> 
> Can someone please confirm for me whether the fix for CVE-2010-2234 landed
> in the 1.0.x branch for this release?

Confirmed.

Jan
--