On 3/22/2010 9:51 AM, Rainer Jung wrote: > On 22.03.2010 14:52, William A. Rowe Jr. wrote: >> Wondering if we are comfortable tagging and releasing 2.0.64 in the >> coming days? These security issues aught to be addressed, and while >> we are at it, it just seems like a nice thing to do as we get closer >> to some 2.3 beta and further from any more improvements to 2.0. >> >> Opinions? Volunteers? If there are no objections and no volunteer, >> its something I'm happy to do later this week. I'll review the set >> of ssl patches tomorrow. > > I agree there should be a release fixing (at least) CVE-2009-3555 (ssl > reneg). My tests were positive, but more eyes are very welcome. > > Unfortunately I'm mostly offline Wednesday/Thursday, so if there is a > problem with those patches I might not be able to respond quickly during > those days.
I'm going to look at Jeff's observation about APR 0.9, and there's a good chance this could wrap around into early next week, giving us time to go ahead and T&R APR 0.9 releases this week.
