[New-bugs-announce] [issue17962] Broken OpenSSL version in Windows builds
Antoine Pitrou
report at bugs.python.org
Sun May 12 13:24:05 CEST 2013
New submission from Antoine Pitrou:
3.3 and default are currently fetching OpenSSL 1.0.1d for the Windows builds.
It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures).
Following is their description of the fix:
“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]”
----------
components: Build, Windows
messages: 189018
nosy: georg.brandl, larry, loewis, pitrou
priority: release blocker
severity: normal
status: open
title: Broken OpenSSL version in Windows builds
type: behavior
versions: Python 3.3, Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue17962>
_______________________________________
More information about the New-bugs-announce
mailing list