classification
Title: Windows installers need to be updated following OpenSSL security release
Type: security Stage: resolved
Components: Interpreter Core, Library (Lib) Versions: Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder: Update Windows installers to OpenSSL 1.0.1j
View: 22644
Assigned To: zach.ware Nosy List: alex, benjamin.peterson, larry, ned.deily, python-dev, serhiy.storchaka, steve.dower, zach.ware
Priority: high Keywords: security_issue

Created on 2014-08-06 23:36 by alex, last changed 2014-10-17 21:35 by zach.ware. This issue is now closed.

Messages (10)
msg224976 - (view) Author: Alex Gaynor (alex) * (Python committer) Date: 2014-08-06 23:36
https://www.openssl.org/news/secadv_20140806.txt
msg224982 - (view) Author: Ned Deily (ned.deily) * (Python committer) Date: 2014-08-07 01:59
This wouldn't apply to 3.3 since we don't do binary installers for branches in security-fix mode (as discussed recently in Issue21671).  Adding Larry as 3.4 release manager.
msg224985 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2014-08-07 04:21
New changeset cbcb10123451 by Zachary Ware in branch '2.7':
Issue #22160: Update OpenSSL to 1.0.1i for the Windows build.
http://hg.python.org/cpython/rev/cbcb10123451

New changeset 8219664dd2e4 by Zachary Ware in branch '3.4':
Issue #22160: Update OpenSSL to 1.0.1i for the Windows build.
http://hg.python.org/cpython/rev/8219664dd2e4

New changeset 275da9f9d7d7 by Zachary Ware in branch 'default':
Issue #22160: Update OpenSSL to 1.0.1i for the Windows build.
http://hg.python.org/cpython/rev/275da9f9d7d7
msg224986 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2014-08-07 04:22
Update should be complete for Windows.
msg224987 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2014-08-07 04:26
That is, the build process is updated; installers are not my department :)
msg225017 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2014-08-07 15:12
You left 3.4 branch unmerged into default branch.
msg225021 - (view) Author: Steve Dower (steve.dower) * (Python committer) Date: 2014-08-07 16:06
The 2.7 installer will be fine whenever the release manager asks for it
msg225023 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2014-08-07 16:12
Oops.  Merged now.
msg225026 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2014-08-07 16:40
> Oops.  Merged now.

Thank you.
msg229606 - (view) Author: Zachary Ware (zach.ware) * (Python committer) Date: 2014-10-17 21:35
Superseded by #22644 (and done, anyway).
History
Date User Action Args
2014-10-17 21:35:39zach.waresetstatus: open -> closed

type: security
assignee: zach.ware
messages: + msg229606
superseder: Update Windows installers to OpenSSL 1.0.1j
resolution: fixed
stage: resolved
2014-08-07 16:40:19serhiy.storchakasetmessages: + msg225026
2014-08-07 16:12:13zach.waresetmessages: + msg225023
2014-08-07 16:06:42steve.dowersetmessages: + msg225021
2014-08-07 15:12:18serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg225017
2014-08-07 04:26:09zach.waresetmessages: + msg224987
title: Windows installers need to be updated following OpenSSL security reelase -> Windows installers need to be updated following OpenSSL security release
2014-08-07 04:22:24zach.waresetnosy: + zach.ware
messages: + msg224986
2014-08-07 04:21:44python-devsetnosy: + python-dev
messages: + msg224985
2014-08-07 01:59:59ned.deilysetpriority: normal -> high
versions: - Python 3.3
nosy: + ned.deily, larry

messages: + msg224982
2014-08-06 23:36:56alexcreate