Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D0D35E9AD for ; Wed, 27 Feb 2013 12:14:21 +0000 (UTC) Received: (qmail 33185 invoked by uid 500); 27 Feb 2013 12:14:21 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 33143 invoked by uid 500); 27 Feb 2013 12:14:21 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 33127 invoked by uid 99); 27 Feb 2013 12:14:21 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 12:14:21 +0000 Received: from localhost (HELO mail-ia0-f175.google.com) (127.0.0.1) (smtp-auth username nslater, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Feb 2013 12:14:20 +0000 Received: by mail-ia0-f175.google.com with SMTP id r4so401226iaj.34 for ; Wed, 27 Feb 2013 04:14:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:content-type:x-gm-message-state; bh=J3QInw890YLNGEIVzqGK70qkioR9OjtTjfpPyesSZBo=; b=E4lFOtGsLS1Q1DkXF1zjtLzSUX/AvaHu+m+kTqPPR67Jd5n3XMiFg+DN2bgXHQprA3 e4CSHmMmpZ2G06xSu+zRdZWkRZv1QzRVvCzGF9aQ43/bDy9yeP9t5X4URNqp5dV4hJZS hFeLK326A3XhzxxFuCQI2Ia9gu5wwMLQsQKyzwuDzFMAN7g1DVCTrgn5u+wWNPJzjwaq zIEmAll3dqPAxJUiBPen7DsSdxtRcom6eWevh8eBmXo9GlTXAZ7CfDdS0exL0RrY4YZk YE4frsaRDXr0Zkh8FD5PuULohk7Uwsn40MC+ZP2ymz2MfuCXJsQjo9T0+aYnCv4RV6a8 n1mA== MIME-Version: 1.0 X-Received: by 10.50.11.229 with SMTP id t5mr7247895igb.65.1361967260071; Wed, 27 Feb 2013 04:14:20 -0800 (PST) Received: by 10.50.188.202 with HTTP; Wed, 27 Feb 2013 04:14:19 -0800 (PST) X-Originating-IP: [178.250.115.206] In-Reply-To: <10C6EFD5-E48C-423D-873C-2FB50486A9CD@apache.org> References: <10C6EFD5-E48C-423D-873C-2FB50486A9CD@apache.org> Date: Wed, 27 Feb 2013 12:14:19 +0000 Message-ID: Subject: Re: Fix for CVE-2010-3854 From: Noah Slater To: "dev@couchdb.apache.org" Content-Type: multipart/alternative; boundary=e89a8f646d15bb99df04d6b3b6b7 X-Gm-Message-State: ALoCoQl4LLfH9B96NEqj02YxQjZsdYTHE0OQG5NQ1wt/huRV9YPz/MTA2cfEQIWLG7g3HSVzPLfu --e89a8f646d15bb99df04d6b3b6b7 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Thanks Jan. We'll update procedure accordingly. On 27 February 2013 12:06, Jan Lehnardt wrote: > Note: we didn=92t have these as our procedure for handling these > didn=92t include an item "update NEWS & CHANGES". I believe that we > should have done this *and* keept a record which commit(s) reflect > which CVEs for later reference. > > On Feb 27, 2013, at 13:04 , Jan Lehnardt wrote: > > > Confirmed. > > > > On Feb 25, 2013, at 21:19 , Noah Slater wrote: > > > >> Hey, > >> > >> When did the fix for CVE-2010-3854 land? From the disclosure, it looks > like > >> 1.0.2. It is not mentioned in any NEWS or CHANGES. > >> > >> Please confirm 1.0.2. is correct. > >> > >> Thanks, > >> > >> -- > >> NS > > > > --=20 NS --e89a8f646d15bb99df04d6b3b6b7--