Message189018
3.3 and default are currently fetching OpenSSL 1.0.1d for the Windows builds.
It seems OpenSSL 1.0.1d was a kind of "brown paper bag" release, they've released 1.0.1e since (some of test_ssl can fail on 1.0.1d and succeed on 1.0.1e, as experienced on my Linux setup; the Windows buildbots also exhibit similar failures).
Following is their description of the fix:
“Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
*) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
supporting platforms or when small records were transferred.
[Andy Polyakov, Steve Henson]” |
|
Date |
User |
Action |
Args |
2013-05-12 11:24:05 | pitrou | set | recipients:
+ pitrou, loewis, georg.brandl, larry |
2013-05-12 11:24:05 | pitrou | set | messageid: <1368357845.04.0.941311125595.issue17962@psf.upfronthosting.co.za> |
2013-05-12 11:24:04 | pitrou | link | issue17962 messages |
2013-05-12 11:24:04 | pitrou | create | |
|