[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required (original) (raw)

"Martin v. Löwis" martin at v.loewis.de
Wed Jun 18 11:32:33 CEST 2014

• Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
• Next message: [Python-Dev] Tracker Stats
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 17.06.14 18:41, schrieb Yates, Andy (CS Houston, TX):

Python Dev,

Andy here. I have a Windows product based on Python and I’m getting hammered to release a version that includes the fix in OpenSSL 1.0.1h. My product is built on a Windows system using Python installed from the standard Python installer at Python.org. I would be grateful if I could get some advice on my options.

Can you please report

• what version of Python you are distributing?
• why it absolutely has to be 1.0.1h that is included?

According to the CVE, 0.9.8za and 1.0.0m would work as well (and in our case, would be preferred for older versions of Python).

Regards, Martin

• Previous message: [Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
• Next message: [Python-Dev] Tracker Stats
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list