- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes

inside subjectAltName correctly. Formerly the module has used OpenSSL's GENERAL_NAME_print() function to get the string represention of ASN.1 strings for `rfc822Name` (email), `dNSName` (DNS) and `uniformResourceIdentifier` (URI).
author: Barry Warsaw <barry@python.org> 2013-08-23 17:26:49 (GMT)
committer: Barry Warsaw <barry@python.org> 2013-08-23 17:26:49 (GMT)
commit: 82f88283171933127f20f866a7f98694b29cca56 (patch)
tree: 85f872fa42b336a9f739035e25007978d777f9ba /Misc
parent: f880e5d5eaef3233fb1cd2f747c8f0ba59c7f086 (diff)
download: cpython-82f88283171933127f20f866a7f98694b29cca56.zip
cpython-82f88283171933127f20f866a7f98694b29cca56.tar.gz
cpython-82f88283171933127f20f866a7f98694b29cca56.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 2a865df..790dc58 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -16,6 +16,15 @@ Library
 - Issue #16248: Disable code execution from the user's home directory by
   tkinter when the -E flag is passed to Python.  Patch by Zachary Ware.
 
+Extension Modules
+-----------------
+
+- Issue #18709: Fix CVE-2013-4238. The SSL module now handles NULL bytes
+  inside subjectAltName correctly. Formerly the module has used OpenSSL's
+  GENERAL_NAME_print() function to get the string represention of ASN.1
+  strings for `rfc822Name` (email), `dNSName` (DNS) and 
+  `uniformResourceIdentifier` (URI).
+
 
 What's New in Python 2.6.8?
 ===========================
author	Barry Warsaw <barry@python.org>	2013-08-23 17:26:49 (GMT)
committer	Barry Warsaw <barry@python.org>	2013-08-23 17:26:49 (GMT)
commit	82f88283171933127f20f866a7f98694b29cca56 (patch)
tree	85f872fa42b336a9f739035e25007978d777f9ba /Misc
parent	f880e5d5eaef3233fb1cd2f747c8f0ba59c7f086 (diff)
download	cpython-82f88283171933127f20f866a7f98694b29cca56.zip cpython-82f88283171933127f20f866a7f98694b29cca56.tar.gz cpython-82f88283171933127f20f866a7f98694b29cca56.tar.bz2