[Python-Dev] OpenSSL Vulnerability (openssl-1.0.0a)
"Martin v. Löwis"
martin at v.loewis.de
Fri Dec 10 00:17:28 CET 2010
Am 09.12.2010 13:49, schrieb Hirokazu Yamamoto:
> On 2010/11/25 1:23, exarkun at twistedmatrix.com wrote:
>> Ah. Okay, then Python 3.2 would be vulnerable. Good thing it isn't
>> released yet. ;)
>
> It seems OpenSSL 1.0.0c out.
>
> http://openssl.org/news/secadv_20101202.txt
>
>> 02-Dec-2010: Security Advisory: ciphersuite downgrade fix
>> 02-Dec-2010: OpenSSL 1.0.0c is now available, including
> important > bug and security fixes
>> 02-Dec-2010: OpenSSL 0.9.8q is now available, including
> important > bug and security fixes
I don't plan upgrading the Windows build before 3.2; I have already
patched the OpenSSL copy that we use.
Regards,
Martin
More information about the Python-Dev
mailing list