[Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18
"Martin v. Löwis"
martin at v.loewis.de
Wed Sep 27 20:31:11 CEST 2006
Jim Jewett schrieb:
> OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k)
> because of the security patch.
>
> http://www.openssl.org/
> http://www.openssl.org/news/secadv_20060905.txt
>
> I'm not sure which version shipped with the 2.4 windows binaries, but
> externals (for 2.5) still points to 0.9.8.a, which is vulnerable.
If there is any change, it should be to 0.9.7k; we shouldn't switch to
a new "branch" of OpenSSL in micro releases.
However, I'm uncertain whether I can do the update in next weeks.
Regards,
Martin
More information about the Python-Dev
mailing list