[Python-checkins] bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864)
Victor Stinner
webhook-mailer at python.org
Fri Feb 15 07:19:34 EST 2019
https://github.com/python/cpython/commit/fe42122d41834746e841b5927154be041fb7afbb
commit: fe42122d41834746e841b5927154be041fb7afbb
branch: 3.7
author: Victor Stinner <vstinner at redhat.com>
committer: GitHub <noreply at github.com>
date: 2019-02-15T13:19:30+01:00
summary:
bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864)
Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.
files:
M Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
index dffe347eec84..fc703b9c2469 100644
--- a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
+++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
@@ -1,3 +1,4 @@
[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault.
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.
More information about the Python-checkins
mailing list