This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author steve.dower
Recipients paul.moore, steve.dower, tim.golden, xcl, zach.ware
Date 2020-06-23.18:34:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1592937275.01.0.909476385731.issue41072@roundup.psfhosted.org>
In-reply-to
Content 
It depends on your application. Almost all of these are exposed directly, so you will be vulnerable if your application uses them in the way described by the CVE.

I'm not familiar enough with the vulnerabilities in question to tell you for sure, and I doubt any of the other volunteers here are either. 

I do seem to recall that one of the OpenSSL vulnerabilities only applied if you were serving a particular TLS version, which won't impact most Python apps. And the wininst*.exe files are only used with bdist_wininst packages, which nobody should be using anymore.

If you're not able to evaluate them yourself, you might look for a paid company or consultant who can help you out. We've already updated the dependencies that need to be updated for upcoming releases.
History
Date User Action Args
2020-06-23 18:34:35steve.dowersetrecipients: + steve.dower, paul.moore, tim.golden, zach.ware, xcl
2020-06-23 18:34:35steve.dowersetmessageid: <1592937275.01.0.909476385731.issue41072@roundup.psfhosted.org>
2020-06-23 18:34:34steve.dowerlinkissue41072 messages
2020-06-23 18:34:34steve.dowercreate