top button
Flag Notify
Site Registration

Heartbleed and the windows distributions on python.org

+1 vote
453 views

I am building a cherrypy app that is testing as vulnerable to the heartbleed exploit.

The app is running on the 64 bit 3.3.5 Windows distribution of python. An updated version of 64 bit Python 3.3.x for Windows or an updated pyopenssl? I am kind of surprised the distribution on python.org hasen't been updated.

posted Apr 28, 2014 by Anderson

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

The current release of Python 3 is 3.4.0. A 3.4.1 maintenance release, with OpenSSL updated in the Windows installer, is planned for final release in mid-May. Python 3.3.x is now in security-fix-only mode which means only source fixes for security problems are released as needed and no further binary installers for Windows or OS X are produced.

(The Python 2 Windows installer is not affected since it bundles an older, pre-heartbleed version of openSSL)

answer Apr 28, 2014 by Parveen
Similar Questions
+1 vote

I'm working on doing some upgrade testing to mitigate the Heartbleed issue and some other vulnerabilities. Part of that is updating OpenSSL, but I'm a bit confused about something and am hoping that someone can help me. I've done at least a dozen internet searches and can't find the answer. It's probably simple, but I'd like to find out anyway.

What do I need to do in order to update the version of OpenSSL that is included in the Apache HTTP server release? I've installed OpenSSL 1.0.1g on the server, but the older version is still in the apache /bin directory. Do I simply replace the openssl executable or is there some kind of change that needs to be made in the httpd.conf file to point to the newer installation?

+1 vote

I've seen several articles that listed Centos 6.x as vulnerable, but DID NOT LIST RHEL 6.

I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x, since Centos is made from RHEL sources.

Does anyone know for sure either way?

+1 vote

I'd like to have the option to download the source code as text/plain from the docs.python.org pages.

For example: when I'm a docs page, such as:
http://docs.python.org/2/library/string.html

and I click the source code link I'm taken to a Mercurial page:
http://hg.python.org/cpython/file/2.7/Lib/string.py

but over there there's no way to get a clean text/plain version of the code because the line numbers are included.

A link to the text/plain version on that page would be nice!

...