[python-committers] fyi - openssl vulnerability - likely in our windows builds
Amaury Forgeot d'Arc
amauryfa at gmail.com
Mon Apr 23 22:52:12 CEST 2012
2012/4/23 Gregory P. Smith <greg at krypto.org>
> FYI - there is a network exploitable vulnerability in OpenSSL -
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2110
>
> Our windows builds likely need updating. At the very least make sure
> openssl is updated before the next time we produce binaries. Its up to the
> release managers if they want to make a new windows only sub-release to
> include the updated version of openssl.
>
The OpenSSL Security Advisory says:
http://www.openssl.org/news/secadv_20120419.txt
"""
Affected functions are of the form d2i_*_bio or
d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.
"""
I don't see any occurrence of these functions in the various versions of
the _ssl module.
Is Python really affected by this vulnerability?
--
Amaury Forgeot d'Arc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-committers/attachments/20120423/8bed102a/attachment.html>
More information about the python-committers
mailing list