[Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18 (original) (raw)

"Martin v. Löwis" martin at v.loewis.de
Wed Sep 27 20:31:11 CEST 2006

• Previous message: [Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18
• Next message: [Python-Dev] difficulty of implementing phase 2 of PEP 302 in Python source
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Jewett schrieb:

OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k) because of the security patch.

http://www.openssl.org/ http://www.openssl.org/news/secadv20060905.txt I'm not sure which version shipped with the 2.4 windows binaries, but externals (for 2.5) still points to 0.9.8.a, which is vulnerable.

If there is any change, it should be to 0.9.7k; we shouldn't switch to a new "branch" of OpenSSL in micro releases.

However, I'm uncertain whether I can do the update in next weeks.

Regards, Martin

• Previous message: [Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18
• Next message: [Python-Dev] difficulty of implementing phase 2 of PEP 302 in Python source
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list