New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update OpenSSL to 1.0.2d in Windows and OS X installer #68791
Comments
The developers of OpenSSL have published a new update. It fixes a bug marked as severe (https://www.openssl.org/news/secadv_20150709.txt). It seems that we are using a vulnerable version. Could someone who knows the relevant files' locations update our repository? Many thanks in advance. |
Yes, read the discussion on python-dev: Christian Heimes wrote: "1.0.2c is only used in 3.5b3. The production builds are either using Should I understand that only Windows installers of the beta version of Python 3.5 are vulnerable? |
The Windows installer and the 32-bit-only OS X installer both have local copies of OpenSSL. At the moment, only the 3.5.0 betas have been released with 1.0.2. Setting to release blocker priority for 3.5.0b4. |
New changeset 53c0c8914ad0 by Zachary Ware in branch '2.7': New changeset f4cd9ac378d7 by Zachary Ware in branch '3.4': New changeset 2930e23d729f by Zachary Ware in branch '3.5': New changeset 310613b993d4 by Zachary Ware in branch 'default': |
New changeset 7ba239d4efbb by Ned Deily in branch '2.7': New changeset 436b8902b305 by Ned Deily in branch '3.4': New changeset 78254d483573 by Ned Deily in branch '3.5': New changeset d205e7e5f9aa by Ned Deily in branch 'default': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: