[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required (original) (raw)
Benjamin Peterson benjamin at python.org
Tue Jun 17 21:07:06 CEST 2014
- Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Next message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Jun 17, 2014, at 12:03, Ned Deily wrote:
In article <81f84430ce0242e5bfa5b2264777df56 at BLUPR03MB389.namprd03.prod.outlook.com_ _>, Steve Dower <Steve.Dower at microsoft.com> wrote: > You'll only need to rebuild the ssl and hashlib extension modules with the > new OpenSSL version. The easiest way to do this is to build from source > (which has already been updated for 1.0.1h if you use the externals scripts > in Tools\buildbot), and you should just be able to drop ssl.pyd and > hashlib.pyd on top of a normal install.
Should we consider doing a re-spin of the Windows installers for 2.7.7 with 1.0.1h? Or consider doing a 2.7.8 in the near future to address this and various 2.7.7 regressions that have been identified so far (Issues 21652 and 21672)?
I think we should do a 2.7.8 soon to pick up the openssl upgrade and recent CGI security fix. I would like to see those two regressions fixed first, though.
- Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Next message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]