CVE is fixed already, but switches from b1 prerelease to patch release. Cosmetic change only. Add verification of source signature. Updated license to match changed license.
