[Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18
Jim Jewett
jimjjewett at gmail.com
Wed Sep 27 20:10:16 CEST 2006
OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k)
because of the security patch.
http://www.openssl.org/
http://www.openssl.org/news/secadv_20060905.txt
I'm not sure which version shipped with the 2.4 windows binaries, but
externals (for 2.5) still points to 0.9.8.a, which is vulnerable.
openssl has also patched 0.9.7.k (0.9.7 was released in 2003) and the
patch itself
http://www.openssl.org/news/patch-CVE-2006-4339.txt
should apply to 0.9.6 (released in 2000).
-jJ
More information about the Python-Dev
mailing list