Skip to content

[3.7] bpo-35746: Credit Colin Read and Nicolas Edet #11864

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vstinner merged 1 commit into from
Feb 15, 2019
Merged

[3.7] bpo-35746: Credit Colin Read and Nicolas Edet #11864

vstinner merged 1 commit into from
Feb 15, 2019

Conversation

@vstinner
Copy link
Member

@vstinner vstinner commented Feb 15, 2019
edited by bedevere-bot
Loading

Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.

https://bugs.python.org/issue35746

@vstinner
bpo-35746: Credit Colin Read and Nicolas Edet
26ce82c 
Add credit for the cert parser vulnerability. Mention also Cisco
TALOS-2018-0758 identifier.

diff --git a/Misc/NEWS.d/3.8.0a1.rst b/Misc/NEWS.d/3.8.0a1.rst
index d8c8f9f..b838965 100644
--- a/Misc/NEWS.d/3.8.0a1.rst
+++ b/Misc/NEWS.d/3.8.0a1.rst
@@ -6,7 +6,8 @@

 [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did
 not handle CRL distribution points with empty DP or URI correctly. A
-malicious or buggy certificate can result into segfault.
+malicious or buggy certificate can result into segfault. Vulnerability
+(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.

 ..
@vstinner vstinner merged commit fe42122 into python:3.7 Feb 15, 2019
@vstinner vstinner deleted the ssl_crl_bug_credit37 branch February 15, 2019 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vstinner @the-knights-who-say-ni @bedevere-bot