Hi, https://github.com/sagemath/sage/pull/35571 is trivial to review, and will prevent Sage to ship a dangerous version of the openssl standard package to the users for the next release.
Some of the "High severity" vulnerabilities can be exploited on the clients by malicious servers. There is no need to be malicious to run a malicious server: some of the several friendly servers that provide mathematical databases that Sage connects to might be poorly secured (e.g. some are running Python2 software on a distro that still activates TLS 1.0 and TLS 1.1). Ciao, Thierry Le Sun, May 07, 2023 at 05:02:30AM -0700, Volker Braun a écrit : > As always, you can get the latest beta version from the "develop" git > branch. Alternatively, the self-contained source tarball is at > http://www.sagemath.org/download-latest.html > > > 8aa721379a5 (tag: 10.0.rc2, github/develop) Updated SageMath version to > 10.0.rc2 > c1aea0aa2bc gh-35552: fix the linter once more > bbf5695a71a gh-35594: Remove some circular imports in `sage.rings`, > `sage.symbolic` > 21529544e7d gh-35555: update eclib to version 20230424 > 686e1c6d0be gh-35524: Accept system openblas 0.3.23 and newer (needed for > archlinux) > 5bd81deae14 (tag: 10.0.rc1) Updated SageMath version to 10.0.rc1 > > -- > You received this message because you are subscribed to the Google Groups > "sage-release" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/sage-release/318955e9-133a-4e38-a7d9-23d8bf9ee63dn%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "sage-release" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/sage-release/ZFg69NJK8ee1nLMm%40metelu.net.
