Message185504
Sorry to reopen :-). It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures).
Following is their description of the fix:
“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]” |
|
Date |
User |
Action |
Args |
2013-03-29 17:43:00 | pitrou | set | recipients:
+ pitrou, loewis, georg.brandl, larry, christian.heimes, benjamin.peterson, python-dev |
2013-03-29 17:43:00 | pitrou | set | messageid: <1364578980.21.0.923115775246.issue17425@psf.upfronthosting.co.za> |
2013-03-29 17:43:00 | pitrou | link | issue17425 messages |
2013-03-29 17:42:59 | pitrou | create | |
|