[Python-Dev] Issue 21671: CVE-2014-0224 OpenSSL upgrade to 1.0.1h on Windows required
"Martin v. Löwis"
martin at v.loewis.de
Wed Jun 18 11:32:33 CEST 2014
Am 17.06.14 18:41, schrieb Yates, Andy (CS Houston, TX):
> Python Dev,
>
> Andy here. I have a Windows product based on Python and I’m getting
> hammered to release a version that includes the fix in OpenSSL 1.0.1h.
> My product is built on a Windows system using Python installed from the
> standard Python installer at Python.org. I would be grateful if I could
> get some advice on my options.
Can you please report
- what version of Python you are distributing?
- why it absolutely has to be 1.0.1h that is included?
According to the CVE, 0.9.8za and 1.0.0m would work as well (and in our
case, would be preferred for older versions of Python).
Regards,
Martin
More information about the Python-Dev
mailing list