[python-committers] fyi - openssl vulnerability - likely in our windows builds

Amaury Forgeot d'Arc amauryfa at gmail.com
Mon Apr 23 22:52:12 CEST 2012

2012/4/23 Gregory P. Smith <greg at krypto.org>

> FYI - there is a network exploitable vulnerability in OpenSSL -
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2110
> Our windows builds likely need updating.  At the very least make sure
> openssl is updated before the next time we produce binaries. Its up to the
> release managers if they want to make a new windows only sub-release to
> include the updated version of openssl.

The OpenSSL Security Advisory says:
Affected functions are of the form d2i_*_bio or
d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.

I don't see any occurrence of these functions in the various versions of
the _ssl module.
Is Python really affected by this vulnerability?

Amaury Forgeot d'Arc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-committers/attachments/20120423/8bed102a/attachment.html>

More information about the python-committers mailing list