[Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18

Jim Jewett jimjjewett at gmail.com
Wed Sep 27 20:10:16 CEST 2006


OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k)
because of the security patch.

    http://www.openssl.org/
    http://www.openssl.org/news/secadv_20060905.txt

I'm not sure which version shipped with the 2.4 windows binaries, but
externals (for 2.5) still points to 0.9.8.a, which is vulnerable.

openssl has also patched 0.9.7.k (0.9.7 was released in 2003) and the
patch itself

    http://www.openssl.org/news/patch-CVE-2006-4339.txt

should apply to 0.9.6 (released in 2000).

-jJ


More information about the Python-Dev mailing list