[Python-Dev] openssl - was: 2.4.4c1 October 11, 2.4.4 final October 18

"Martin v. Löwis" martin at v.loewis.de
Wed Sep 27 20:31:11 CEST 2006


Jim Jewett schrieb:
> OpenSSL should probably be upgraded to 0.9.8.c (or possibly 0.9.7.k)
> because of the security patch.
> 
>    http://www.openssl.org/
>    http://www.openssl.org/news/secadv_20060905.txt
> 
> I'm not sure which version shipped with the 2.4 windows binaries, but
> externals (for 2.5) still points to 0.9.8.a, which is vulnerable.

If there is any change, it should be to 0.9.7k; we shouldn't switch to
a new "branch" of OpenSSL in micro releases.

However, I'm uncertain whether I can do the update in next weeks.

Regards,
Martin


More information about the Python-Dev mailing list