traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864) 

Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.
This commit is contained in:
Victor Stinner 2019-02-15 13:19:30 +01:00 committed by GitHub
parent 04a39399ef
commit fe42122d41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst
View File

@ -1,3 +1,4 @@
[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
not handle CRL distribution points with empty DP or URI correctly. A
malicious or buggy certificate can result into segfault.
malicious or buggy certificate can result into segfault. Vulnerability
(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.