[Python-Dev] OpenSSL Security Advisory [9 Jul 2015]

Christian Heimes christian at python.org
Thu Jul 9 15:39:22 CEST 2015

On 2015-07-09 15:29, Christian Heimes wrote:
> Hi,
> this just came in. According to Zachary all Windows builds use 1.0.2c.
> The version is vulnerable to a critical bug in the CA validation code of
> OpenSSL. The bug can be abused to turn any valid server certificate into
> a CA cert.
> We should consider a security release of Python ASAP.

Good news! I was too fast and it looks like we are mostly safe.

1.0.2c is only used in 3.5b3. The production builds are either using
1.0.2a or 1.0.1j.


More information about the Python-Dev mailing list