diff options
| author | Christian Heimes <christian@python.org> | 2019-01-15 22:47:42 (GMT) |
|---|---|---|
| committer | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-01-15 22:47:42 (GMT) |
| commit | a37f52436f9aa4b9292878b72f3ff1480e2606c3 (patch) | |
| tree | 241263055db201418a7288a883eefd783ff59364 /Misc/NEWS.d/next/Security | |
| parent | c9f872b0bdce5888f1879fa74e098bf4a05430c5 (diff) | |
| download | cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.zip cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.gz cpython-a37f52436f9aa4b9292878b72f3ff1480e2606c3.tar.bz2 | |
bpo-35746: Fix segfault in ssl's cert parser (GH-11569)
Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL
distribution points with empty DP or URI correctly. A malicious or buggy
certificate can result into segfault.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue35746
Diffstat (limited to 'Misc/NEWS.d/next/Security')
| -rw-r--r-- | Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst new file mode 100644 index 0000000..dffe347 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2019-01-15-18-16-05.bpo-35746.nMSd0j.rst @@ -0,0 +1,3 @@ +[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did +not handle CRL distribution points with empty DP or URI correctly. A +malicious or buggy certificate can result into segfault. |