[Python-checkins] bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)
Ned Deily
webhook-mailer at python.org
Sat Feb 16 02:23:56 EST 2019
https://github.com/python/cpython/commit/2a3af94b7e4d7851986043348128e312ddbb2451
commit: 2a3af94b7e4d7851986043348128e312ddbb2451
branch: 3.6
author: Victor Stinner <vstinner at redhat.com>
committer: Ned Deily <nad at python.org>
date: 2019-02-16T02:23:52-05:00
summary:
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11865)
Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.
files:
M Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
index dffe347eec84..fc703b9c2469 100644
--- a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -1,3 +1,4 @@
[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault.
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
More information about the Python-checkins
mailing list