subject:"\[issue45068\] python 3.9.2 contains libcrypto\-1_1.dll and libssl\-1_1.dll associates CVE\-2021\-23840\\CVE\-2021\-3450\\CVE\-2021\-3711\\CVE\-2021\-3712\\CVE\-2021\-23841\\CVE\-2021\-3449 of openssl\-1.1.1i"

[issue45068] python 3.9.2 contains libcrypto-1_1.dll and libssl-1_1.dll associates CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449 of openssl-1.1.1i

2021-08-31 Thread Zachary Ware


Zachary Ware  added the comment:

v3.9.2 is rather out of date at this point; v3.9.7 was released just yesterday 
and includes OpenSSL v1.1.1l.  If you're concerned about issues in the version 
of OpenSSL included with Python v3.9.2, you are encouraged to update to the 
latest v3.9.7, or replace the OpenSSL DLLs with your own.

The various wininst-*.exe executables are helpers for the deprecated distutils 
bdist_wininst command, and you are encouraged to not use them :).  You can 
safely remove them if you do not need bdist_wininst functionality.  They will 
not be updated.

--
nosy: +zach.ware
resolution:  -> out of date
stage:  -> resolved
status: open -> closed
title: python 3.9.2 contains wininst-10.0-amd64.exe. 
wininst-10.0.exe.wininst-7.1.exe. 
wininst-8.0.exe.wininst-9.0.exe.wininst-9.0-amd64.exe.wininst-14.0-amd64.exe 
and wininst-14.0.exe associates CVE-2016-9843、CVE-2016-9841、CVE-2016-9840 and 
CVE-2016-9842 of zlib(1.2.8, 1.2.3,1.2.5) -> python 3.9.2 contains 
libcrypto-1_1.dll and libssl-1_1.dll associates 
CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449
 of openssl-1.1.1i

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45068] python 3.9.2 contains libcrypto-1_1.dll and libssl-1_1.dll associates CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449 of openssl-1.1.1i

2021-08-31 Thread xcl-1



New submission from xcl-1 <1318683...@qq.com>:

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow 
the output length argument in some cases where the input length is close to the 
maximum permissable length for an integer on the platform. In such cases the 
return value from the function call will be 1 (indicating success), but the 
output length value will be negative. This could cause applications to behave 
incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this 
issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL 
versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is 
out of support and no longer receiving public updates. Premium support 
customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade 
to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 
1.0.2y (Affected 1.0.2-1.0.2x).

--
components: Build
messages: 400798
nosy: xcl123
priority: normal
severity: normal
status: open
title: python 3.9.2 contains libcrypto-1_1.dll and libssl-1_1.dll associates 
CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449
 of openssl-1.1.1i
type: security

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue45068] python 3.9.2 contains libcrypto-1_1.dll and libssl-1_1.dll associates CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449 of openssl-1.1.1i

[issue45068] python 3.9.2 contains libcrypto-1_1.dll and libssl-1_1.dll associates CVE-2021-23840\CVE-2021-3450\CVE-2021-3711\CVE-2021-3712\CVE-2021-23841\CVE-2021-3449 of openssl-1.1.1i

2 matches

Site Navigation

Mail list logo

Footer information