Message 185504 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pitrou
Recipients	benjamin.peterson, christian.heimes, georg.brandl, larry, loewis, pitrou, python-dev
Date	2013-03-29.17:42:59
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1364578980.21.0.923115775246.issue17425@psf.upfronthosting.co.za>
In-reply-to

Content
Sorry to reopen :-). It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures). Following is their description of the fix: “Changes between 1.0.1d and 1.0.1e [11 Feb 2013] *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI supporting platforms or when small records were transferred. [Andy Polyakov, Steve Henson]”

Sorry to reopen :-). It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures).

Following is their description of the fix:

“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]

  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
     supporting platforms or when small records were transferred.
     [Andy Polyakov, Steve Henson]”

History
Date	User	Action	Args
2013-03-29 17:43:00	pitrou	set	recipients: + pitrou, loewis, georg.brandl, larry, christian.heimes, benjamin.peterson, python-dev
2013-03-29 17:43:00	pitrou	set	messageid: <1364578980.21.0.923115775246.issue17425@psf.upfronthosting.co.za>
2013-03-29 17:43:00	pitrou	link	issue17425 messages
2013-03-29 17:42:59	pitrou	create