On 2015-07-09 15:29, Christian Heimes wrote: > Hi, > > this just came in. According to Zachary all Windows builds use 1.0.2c. > The version is vulnerable to a critical bug in the CA validation code of > OpenSSL. The bug can be abused to turn any valid server certificate into > a CA cert. > > We should consider a security release of Python ASAP.
Good news! I was too fast and it looks like we are mostly safe. 1.0.2c is only used in 3.5b3. The production builds are either using 1.0.2a or 1.0.1j. Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
