Home Original page

bpo-35746: Credit Colin Read and Nicolas Edet (GH-11864) · python/cpython@fe42122

File tree

1 file changed

lines changed

  • Misc/NEWS.d/next/Security

1 file changed

lines changed

Original file line numberDiff line numberDiff line change

@@ -1,3 +1,4 @@

11

[CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did

22

not handle CRL distribution points with empty DP or URI correctly. A

3-

malicious or buggy certificate can result into segfault.

3+

malicious or buggy certificate can result into segfault. Vulnerability

4+

(TALOS-2018-0758) reported by Colin Read and Nicolas Edet of Cisco.