Am 09.12.2010 13:49, schrieb Hirokazu Yamamoto:
> On 2010/11/25 1:23, exar...@twistedmatrix.com wrote:
>> Ah. Okay, then Python 3.2 would be vulnerable. Good thing it isn't
>> released yet. ;)
>
> It seems OpenSSL 1.0.0c out.
>
> http://openssl.org/news/secadv_20101202.txt
>
>> 02-Dec-2010:
On 2010/11/25 1:23, exar...@twistedmatrix.com wrote:
Ah. Okay, then Python 3.2 would be vulnerable. Good thing it isn't
released yet. ;)
It seems OpenSSL 1.0.0c out.
http://openssl.org/news/secadv_20101202.txt
> 02-Dec-2010: Security Advisory: ciphersuite downgrade fix
> 02-Dec-2010:
On 03:11 pm, solip...@pitrou.net wrote:
On Wed, 24 Nov 2010 15:01:06 -
exar...@twistedmatrix.com wrote:
>
>If I believe the link above:
> 1CAny OpenSSL based TLS server is vulnerable if it is multi-threaded
and
>uses OpenSSL's internal caching mechanism. Servers that are
>multi-process and
On Nov 10, 2009, at 8:28 AM, Nick Coghlan wrote:
Barry Warsaw wrote:
I don't think it's worth making a quick 2.6.5 release for this if
it's
primary intent is to produce new Windows binaries. I'm okay with
making
the changes to the tree, but we'll release 2.6.5 on a "normal"
schedule.
Pe
Barry Warsaw wrote:
> I don't think it's worth making a quick 2.6.5 release for this if it's
> primary intent is to produce new Windows binaries. I'm okay with making
> the changes to the tree, but we'll release 2.6.5 on a "normal" schedule.
Perhaps publish a source patch relative to 2.6.4 for pe
On Nov 8, 2009, at 12:56 PM, Martin v. Löwis wrote:
Also, for Python 2.5 and earlier, any SSL-based code is vulnerable
to a MitM
anyway, so this can only be an issue for code using the new APIs
in Python
2.6.
That's not going to stop the
wannabe-self-proclaimed-so-called-vulnerability-"exp
Guido van Rossum schrieb:
> On Fri, Nov 6, 2009 at 2:36 PM, wrote:
>> Also, for Python 2.5 and earlier, any SSL-based code is vulnerable to a MitM
>> anyway, so this can only be an issue for code using the new APIs in Python
>> 2.6.
>
> That's not going to stop the
> wannabe-self-proclaimed-so-c
>> Also, for Python 2.5 and earlier, any SSL-based code is vulnerable to a MitM
>> anyway, so this can only be an issue for code using the new APIs in Python
>> 2.6.
>
> That's not going to stop the
> wannabe-self-proclaimed-so-called-vulnerability-"experts" from whining
> about Python not releasi
