On 2015-07-09 15:29, Christian Heimes wrote:
> Hi,
> 
> this just came in. According to Zachary all Windows builds use 1.0.2c.
> The version is vulnerable to a critical bug in the CA validation code of
> OpenSSL. The bug can be abused to turn any valid server certificate into
> a CA cert.
> 
> We should consider a security release of Python ASAP.

Good news! I was too fast and it looks like we are mostly safe.

1.0.2c is only used in 3.5b3. The production builds are either using
1.0.2a or 1.0.1j.

Christian
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

Reply via email to