This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author loewis
Recipients brian.curtin, christian.heimes, exarkun, giampaolo.rodola, loewis, pitrou, tim.golden
Date 2010-04-29.20:32:30
SpamBayes Score 0.0005567294
Marked as misclassified No
Message-id <1272573152.14.0.891111794971.issue8569@psf.upfronthosting.co.za>
In-reply-to
Content 
IIUC, Python is not affected by this security issue. 'short' is a 16-bit integer, so it only affects 0.9.8m, which isn't being used by Python. Therefore, from a security point of view, no action needs to be taken.

I don't think upgrading OpenSSL is appropriate for 2.7 at this point, so removing it from the version list.

For updating OpenSSL for 3.2, multiple occurrences must be changed; external-common is not the only place. At a minimum, PCbuild/pyproject.vsprops and PCbuild/readme.txt need to change as well. The OpenSSL tree needs to be imported into the externals repository, and our custom changes need to be reapplied. Whether further changes need to be applied to the source, can only be determined in testing. As all of this is a rather tedious procedure, we should be certain to only perform it once before the release of 3.2 (i.e. if we upgrade now, we shouldn't upgrade again three months from now).
History
Date User Action Args
2010-04-29 20:32:32loewissetrecipients: + loewis, exarkun, pitrou, giampaolo.rodola, christian.heimes, tim.golden, brian.curtin
2010-04-29 20:32:32loewissetmessageid: <1272573152.14.0.891111794971.issue8569@psf.upfronthosting.co.za>
2010-04-29 20:32:31loewislinkissue8569 messages
2010-04-29 20:32:30loewiscreate