+1 on Vote #1<br>+1 on Vote #2<br><br>-Perry<br><br><div class="gmail_quote">On Wed, Jul 15, 2009 at 4:20 PM, Daniel Morissette <span dir="ltr"><<a href="mailto:dmorissette@mapgears.com">dmorissette@mapgears.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi PSC,<br>
<br>
A member of the Debian security team has informed us that the fix for CVE-2009-0840 in ticket #2943 was incomplete. He helped us see the light and now we have a proper fix in SVN trunk and in all branches going back to 4.10.x. See: <a href="http://trac.osgeo.org/mapserver/ticket/2943#comment:9" target="_blank">http://trac.osgeo.org/mapserver/ticket/2943#comment:9</a><br>
<br>
Because of this, we need to decide on producing new releases:<br>
<br>
*** Vote #1 ***<br>
I propose that we release MapServer 5.4.2 now with the fixes currently in SVN branch-5-4.<br>
<br>
I open the vote with my +1 to release 5.4.2 now.<br>
<br>
<br>
*** Vote # 2 ***<br>
Then we also need to decide whether we also issue new releases for the other branches which were released with the incomplete fix back in April. That would mean releasing 5.2.3 and 4.10.5.<br>
<br>
I'll vote +1 to also release 5.2.3 and 4.10.5.<br>
<br>
<br>
Daniel<br><font color="#888888">
-- <br>
Daniel Morissette<br>
<a href="http://www.mapgears.com/" target="_blank">http://www.mapgears.com/</a><br>
_______________________________________________<br>
mapserver-dev mailing list<br>
<a href="mailto:mapserver-dev@lists.osgeo.org" target="_blank">mapserver-dev@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/mapserver-dev" target="_blank">http://lists.osgeo.org/mailman/listinfo/mapserver-dev</a><br>
</font></blockquote></div><br>