Steve Dower <steve.do...@python.org> added the comment:
It depends on your application. Almost all of these are exposed directly, so you will be vulnerable if your application uses them in the way described by the CVE. I'm not familiar enough with the vulnerabilities in question to tell you for sure, and I doubt any of the other volunteers here are either. I do seem to recall that one of the OpenSSL vulnerabilities only applied if you were serving a particular TLS version, which won't impact most Python apps. And the wininst*.exe files are only used with bdist_wininst packages, which nobody should be using anymore. If you're not able to evaluate them yourself, you might look for a paid company or consultant who can help you out. We've already updated the dependencies that need to be updated for upcoming releases. ---------- resolution: -> not a bug status: open -> closed _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue41072> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
