On Mon, Mar 22, 2010 at 9:52 AM, William A. Rowe Jr. <[email protected]> wrote: > Wondering if we are comfortable tagging and releasing 2.0.64 in the > coming days? These security issues aught to be addressed, and while > we are at it, it just seems like a nice thing to do as we get closer > to some 2.3 beta and further from any more improvements to 2.0. > > Opinions? Volunteers? If there are no objections and no volunteer, > its something I'm happy to do later this week. I'll review the set > of ssl patches tomorrow.
Does anyone feel a need to release APR and -Util first to resolve CVE-2009-2412? I don't think it is so important personally, but it is worth asking. (I could RM those two soon-ish if generally considered the Right Thing to do.)
