[Python-Dev] OpenSSL vulnerability

Skip Montanaro skip at pobox.com
Tue Sep 30 12:58:39 EDT 2003


    Thomas> Is this enough reason to use OpenSSL version 0.9.7c instead of
    Thomas> 0.9.7b for the 2.3.2 final windows installer, or should the
    Thomas> release candidate remain unchanged?

    Thomas> <http://www.openssl.org/news/secadv_20030930.txt>

At this point I'm inclined to let it go.  There are many other vulnerable
SS[LH targets out there, and you can't wait forever until the OpenSS[LH]
folks stop emitting patches.

Skip




More information about the Python-Dev mailing list