2012/4/23 Gregory P. Smith <g...@krypto.org> > FYI - there is a network exploitable vulnerability in OpenSSL - > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2110 > > Our windows builds likely need updating. At the very least make sure > openssl is updated before the next time we produce binaries. Its up to the > release managers if they want to make a new windows only sub-release to > include the updated version of openssl. >
The OpenSSL Security Advisory says: http://www.openssl.org/news/secadv_20120419.txt """ Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp. """ I don't see any occurrence of these functions in the various versions of the _ssl module. Is Python really affected by this vulnerability? -- Amaury Forgeot d'Arc
_______________________________________________ python-committers mailing list python-committers@python.org http://mail.python.org/mailman/listinfo/python-committers
