This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2015年07月10日 09:38 by Friedrich.Spee.von.Langenfeld, last changed 2022年04月11日 14:58 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg246552 - (view) | Author: Friedrich Spee von Langenfeld (Friedrich.Spee.von.Langenfeld) | Date: 2015年07月10日 09:38 | |
The developers of OpenSSL have published a new update. It fixes a bug marked as severe (https://www.openssl.org/news/secadv_20150709.txt). It seems that we are using a vulnerable version. Could someone who knows the relevant files' locations update our repository? Many thanks in advance. |
|||
| msg246553 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2015年07月10日 09:54 | |
Yes, read the discussion on python-dev: https://mail.python.org/pipermail/python-dev/2015-July/140706.html Christian Heimes wrote: "1.0.2c is only used in 3.5b3. The production builds are either using 1.0.2a or 1.0.1j." Should I understand that only Windows installers of the beta version of Python 3.5 are vulnerable? |
|||
| msg246564 - (view) | Author: Ned Deily (ned.deily) * (Python committer) | Date: 2015年07月10日 14:47 | |
The Windows installer and the 32-bit-only OS X installer both have local copies of OpenSSL. At the moment, only the 3.5.0 betas have been released with 1.0.2. Setting to release blocker priority for 3.5.0b4. |
|||
| msg247089 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年07月22日 04:29 | |
New changeset 53c0c8914ad0 by Zachary Ware in branch '2.7': Issue #24603: Update Windows build to use OpenSSL 1.0.2d https://hg.python.org/cpython/rev/53c0c8914ad0 New changeset f4cd9ac378d7 by Zachary Ware in branch '3.4': Issue #24603: Update the Windows build to use OpenSSL 1.0.2d https://hg.python.org/cpython/rev/f4cd9ac378d7 New changeset 2930e23d729f by Zachary Ware in branch '3.5': Issue #24603: Update the Windows build to use OpenSSL 1.0.2d https://hg.python.org/cpython/rev/2930e23d729f New changeset 310613b993d4 by Zachary Ware in branch 'default': Issue #24603: Merge with 3.5 https://hg.python.org/cpython/rev/310613b993d4 |
|||
| msg247304 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2015年07月24日 23:26 | |
New changeset 7ba239d4efbb by Ned Deily in branch '2.7': Issue #24603: Update the OS X 32-bit installer build to use OpenSSL 1.0.2d. https://hg.python.org/cpython/rev/7ba239d4efbb New changeset 436b8902b305 by Ned Deily in branch '3.4': Issue #24603: Update the OS X 32-bit installer build to use OpenSSL 1.0.2d. https://hg.python.org/cpython/rev/436b8902b305 New changeset 78254d483573 by Ned Deily in branch '3.5': Issue #24603: merge from 3.4 https://hg.python.org/cpython/rev/78254d483573 New changeset d205e7e5f9aa by Ned Deily in branch 'default': Issue #24603: merge from 3.5 https://hg.python.org/cpython/rev/d205e7e5f9aa |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:58:18 | admin | set | github: 68791 |
| 2015年07月24日 23:27:50 | ned.deily | set | status: open -> closed resolution: fixed stage: resolved |
| 2015年07月24日 23:26:26 | python-dev | set | messages: + msg247304 |
| 2015年07月22日 04:29:04 | python-dev | set | nosy:
+ python-dev messages: + msg247089 |
| 2015年07月10日 14:49:04 | vstinner | set | nosy:
+ ronaldoussoren components: + macOS |
| 2015年07月10日 14:47:23 | ned.deily | set | priority: normal -> release blocker title: New update of OpenSSL -> Update OpenSSL to 1.0.2d in Windows and OS X installer nosy: + ned.deily, benjamin.peterson, larry messages: + msg246564 versions: + Python 2.7, Python 3.4, Python 3.6 |
| 2015年07月10日 09:54:43 | vstinner | set | versions:
+ Python 3.5 nosy: + paul.moore, tim.golden, vstinner, zach.ware, steve.dower messages: + msg246553 components: + Windows |
| 2015年07月10日 09:38:54 | Friedrich.Spee.von.Langenfeld | create | |