[New-bugs-announce] [issue25932] Windows installer ships an outdated and insecure curl.exe
Ismail Donmez
report at bugs.python.org
Wed Dec 23 10:38:03 EST 2015
New submission from Ismail Donmez:
Installed Python 3.5.1 windows x64 version and ended up having
C:\Users\ismail\AppData\Local\Programs\Python\Python35\curl.exe
which is outdated:
C:\Users\ismail>C:\Users\ismail\AppData\Local\Programs\Python\Python35\curl.exe -V
curl 7.37.0 (Windows) libcurl/7.37.0 OpenSSL/1.0.2d zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp
Features: NTLM SSL libz
That is released in May 2014!
Also its insecure:
C:\Users\ismail>C:\Users\ismail\AppData\Local\Programs\Python\Python35\curl.exe -vvvv "https://www.g
oogle.com"
* Rebuilt URL to: https://www.google.com/
* timeout on name lookup is not supported
* Hostname was NOT found in DNS cache
* Trying 173.194.32.177...
* Connected to www.google.com (173.194.32.177) port 443 (#0)
* libcurl is now using a weak random seed!
[...]
I would be happy if you don't ship curl at all, or at least use a secure, up-to-date version from https://bintray.com/vszakats/generic/curl/view
----------
components: Windows
messages: 256918
nosy: donmez, paul.moore, steve.dower, tim.golden, zach.ware
priority: normal
severity: normal
status: open
title: Windows installer ships an outdated and insecure curl.exe
versions: Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25932>
_______________________________________
More information about the New-bugs-announce
mailing list