[issue43631] Update to OpenSSL 1.1.1k

Christian Heimes added the comment: CI, macOS and Windows infrastructure have been updated. -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker

[issue43631] Update to OpenSSL 1.1.1k

Brad Warren added the comment: To be fair, I doubt my project is affected by the CVEs. I was just looking to upgrade instead of trying to verify that. -- ___ Python tracker _

[issue43631] Update to OpenSSL 1.1.1k

miss-islington added the comment: New changeset cd82d592063aa03dcc238dcc5222bd47ee0eb438 by Christian Heimes in branch '3.9': [3.9] bpo-43631: Update to OpenSSL 1.1.1k (GH-25024) (GH-25088) https://github.com/python/cpython/commit/cd82d592063aa03dcc238dcc5222bd47ee0eb438 -- ___

[issue43631] Update to OpenSSL 1.1.1k

miss-islington added the comment: New changeset 9ac263091db4a8c7dedb577d01f544622a448744 by Christian Heimes in branch '3.8': [3.8] bpo-43631: Update to OpenSSL 1.1.1k (GH-25024) (GH-25089) https://github.com/python/cpython/commit/9ac263091db4a8c7dedb577d01f544622a448744 -- ___

[issue43631] Update to OpenSSL 1.1.1k

Change by Christian Heimes : -- pull_requests: +23835 pull_request: https://github.com/python/cpython/pull/25089 ___ Python tracker ___

[issue43631] Update to OpenSSL 1.1.1k

Change by Christian Heimes : -- pull_requests: +23834 pull_request: https://github.com/python/cpython/pull/25088 ___ Python tracker ___

[issue43631] Update to OpenSSL 1.1.1k

miss-islington added the comment: New changeset a54fc683f237d8f0b6e999a63aa9b8c0a45b7fef by Christian Heimes in branch 'master': bpo-43631: Update to OpenSSL 1.1.1k (GH-25024) https://github.com/python/cpython/commit/a54fc683f237d8f0b6e999a63aa9b8c0a45b7fef -- nosy: +miss-islington

[issue43631] Update to OpenSSL 1.1.1k

Christian Heimes added the comment: Thanks! All tests are passing, but macOS is still using OpenSSL 1.1.1j. -- ___ Python tracker ___

[issue43631] Update to OpenSSL 1.1.1k

Steve Dower added the comment: I published the Windows OpenSSL builds and retriggered your PR builds, Christian. It looks like we should probably bring up the next release for this, if only because that will cause server users to do rebuilds/updates that they may otherwise not. I doubt ther

[issue43631] Update to OpenSSL 1.1.1k

Christian Heimes added the comment: Thanks! My mail https://mail.python.org/archives/list/python-...@python.org/thread/2GULUR43MNEW3IJM44LS5ZY2TOUANPNT/ contains a first analysis of the CVEs. I'm pretty sure any server application with server-side TLS socket is vulnerable to CVE-2021-3449.

[issue43631] Update to OpenSSL 1.1.1k

Steve Dower added the comment: Assume it'll be the next scheduled release (though I haven't looked at the details of the vulnerabilities yet, so we may decide that they're more urgent for CPython users). I'm starting the Windows build process now, but that only gets us far enough to do the

[issue43631] Update to OpenSSL 1.1.1k

Brad Warren added the comment: When do you expect there will be new macOS and Windows downloads available at https://www.python.org/downloads/ that use OpenSSL 1.1.1k? One of my projects is relying on these files and I wasn't sure the ETA here. -- ___

[issue43631] Update to OpenSSL 1.1.1k

Change by Brad Warren : -- nosy: +bmw ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org

[issue43631] Update to OpenSSL 1.1.1k

Change by Christian Heimes : -- keywords: +patch pull_requests: +23774 pull_request: https://github.com/python/cpython/pull/25024 ___ Python tracker ___ ___

[issue43631] Update to OpenSSL 1.1.1k

New submission from Christian Heimes : OpenSSL 1.1.1k contains fixes for two high severity CVEs https://www.openssl.org/news/vulnerabilities.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449 -- assignee: chris