httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Nod to 2.0, one more time?
Date Mon, 22 Mar 2010 14:51:20 GMT
On 22.03.2010 14:52, William A. Rowe Jr. wrote:
> Wondering if we are comfortable tagging and releasing 2.0.64 in the
> coming days?  These security issues aught to be addressed, and while
> we are at it, it just seems like a nice thing to do as we get closer
> to some 2.3 beta and further from any more improvements to 2.0.
> Opinions?  Volunteers?  If there are no objections and no volunteer,
> its something I'm happy to do later this week.  I'll review the set
> of ssl patches tomorrow.

I agree there should be a release fixing (at least) CVE-2009-3555 (ssl 
reneg). My tests were positive, but more eyes are very welcome.

Unfortunately I'm mostly offline Wednesday/Thursday, so if there is a 
problem with those patches I might not be able to respond quickly during 
those days.



View raw message