[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
Benjamin Peterson
benjamin at python.org
Tue Jun 17 21:07:06 CEST 2014
On Tue, Jun 17, 2014, at 12:03, Ned Deily wrote:
> In article
> <81f84430ce0242e5bfa5b2264777df56 at BLUPR03MB389.namprd03.prod.outlook.com
> >,
> Steve Dower <Steve.Dower at microsoft.com> wrote:
> > You'll only need to rebuild the _ssl and _hashlib extension modules with the
> > new OpenSSL version. The easiest way to do this is to build from source
> > (which has already been updated for 1.0.1h if you use the externals scripts
> > in Tools\buildbot), and you should just be able to drop _ssl.pyd and
> > _hashlib.pyd on top of a normal install.
>
> Should we consider doing a re-spin of the Windows installers for 2.7.7
> with 1.0.1h? Or consider doing a 2.7.8 in the near future to address
> this and various 2.7.7 regressions that have been identified so far
> (Issues 21652 and 21672)?
I think we should do a 2.7.8 soon to pick up the openssl upgrade and
recent CGI security fix. I would like to see those two regressions fixed
first, though.
More information about the Python-Dev
mailing list