> Randy Terbush wrote:
> >
> >
> > Looks like we have concensus to roll a 1.1.2 release with this patch
> > applied. Shall I? I raise the concern about all the other overflow
> > problems that are being addressed in 1.2. Seems this could be used
> > as a catalist to get these people to move to 1.2 instead of a 1.1.2.
> >
> > *shrug*
>
> In my view, we _must_ release a 1.1.2 which addresses the problem, though
> it doesn't have to be that patch, of course. We can't have a server in the
> wild with a known security hole.
>
> Cheers,
>
> Ben.
>
*sigh*, But as the "Extra Long URL" email that just came in shows,
there are a bunch of other problems.
Do we create a patched version backporting the changes that Marc Slemko
is working on, or offer 1.2 as the fix?
|