Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
[20.03] openssl: 1.1.1d -> 1.1.1e #82793
Motivation for this change
a "Low severity"  security issue:
a "Low severity"  security issue: > Fixed an overflow bug in the x64_64 Montgomery squaring procedure used > in exponentiation with 512-bit moduli (CVE-2019-1551)  https://www.openssl.org/news/vulnerabilities.html#y2019 (cherry picked from commit abecf82)
Oh, thanks! Interesting how that happened.. I guess GH is storing some kind of "draft" of a PR in the browser.
I don't think a patch should be backported for 20.03. You may consider skipping the broken test in PyOpenSSL until the upstream fixes it, a lot of applications using OpenSSL likely assume errors won't happen anyway (and are using it indirectly anyway).
Sure, this probably will break something, but that seems acceptable to me.